Re: [SOLVED] Re: My post mail server is used for spam
On 11/15/2011 10:07 AM, Olivier BATARD wrote:
>> mynetworks = !192.168.150.254 192.168.150.0/24
>>
>> The "!" excludes the address.
>
> Thanks that solve my problem
You're welcome. Due to the NAT source address rewrite problem, the
previous mynetworks configuration made Postfix a wide open relay. I'm
curious, how long was this machine in production before the spammers
found the relay hole and started abusing it? Days? Months?
>> If you do not actually have a working IPv6 network, remove the IPv6 junk
>> from mynetworks. If you don't have webmail running on the Postfix box,
>> nor programs that need to inject mail into Postfix, remove the loopback
>> address from mynetworks as well.
>
> Thanks for the advice.
Sure thing. With Postfix it's always best to configure *only* what you
need. Having unnecessary stuff in main.cf can cause problems and/or
make troubleshooting more difficult.
>> P.S. I'm shocked you still have a NAT/PAT router in 2011 that rewrites
>> source addresses. Treat that thing like hot plutonium--replace it ASAP.
>>
> Yeah I was quite shocked too, so we'll replace soon as soon as the
> client sign the bill :)
Heheh. Unfortunately I know that type of client. ;) However, even this
$20 USD router does source addressing correctly, as do just about all
cheap consumer routers do:
http://www.newegg.com/Product/Product.aspx?Item=N82E16833704016
> Anyway thanks a lot.
Glad I could help. Postfix and spam fighting are two of my specialties.
--
Stan
Reply to: