[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SOLVED] Re: My post mail server is used for spam

Stan, just out of curiosity, in such a case as this would it be worth
trying to log in to the admin port on the router and muck with the
settings? Or is there a subtext of owned router in the conversation
here?

Joel

On Wed, Nov 16, 2011 at 7:30 PM, Olivier BATARD <obatard@gmail.com> wrote:
> 2011/11/15 Stan Hoeppner <stan@hardwarefreak.com>:
>> On 11/15/2011 10:07 AM, Olivier BATARD wrote:
>>
>>>> mynetworks = !192.168.150.254 192.168.150.0/24
>>>>
>>>> The "!" excludes the address.
>>>
>>> Thanks that solve my problem
>>
>> You're welcome.  Due to the NAT source address rewrite problem, the
>> previous mynetworks configuration made Postfix a wide open relay.  I'm
>> curious, how long was this machine in production before the spammers
>> found the relay hole and started abusing it?  Days?  Months?
>
> The server was fine for 5 days, after was spam festival :)
>
>>
>>>> If you do not actually have a working IPv6 network, remove the IPv6 junk
>>>> from mynetworks.  If you don't have webmail running on the Postfix box,
>>>> nor programs that need to inject mail into Postfix, remove the loopback
>>>> address from mynetworks as well.
>>>
>>> Thanks for the advice.
>>
>> Sure thing.  With Postfix it's always best to configure *only* what you
>> need.  Having unnecessary stuff in main.cf can cause problems and/or
>> make troubleshooting more difficult.
>
> I'll be more careful next time :)
>
>>
>>>> P.S. I'm shocked you still have a NAT/PAT router in 2011 that rewrites
>>>> source addresses.  Treat that thing like hot plutonium--replace it ASAP.
>>>>
>>> Yeah I was quite shocked too, so we'll replace soon as soon as the
>>> client sign the bill :)
>>
>> Heheh.  Unfortunately I know that type of client. ;)  However, even this
>> $20 USD router does source addressing correctly, as do just about all
>> cheap consumer routers do:
>>
>> http://www.newegg.com/Product/Product.aspx?Item=N82E16833704016
>
> Thanks for the link, I'll try to negotiate $20 with that client (not
> the easiest part ;) )
>
>>
>>> Anyway thanks a lot.
>>
>> Glad I could help.  Postfix and spam fighting are two of my specialties.
>
> I see that, dealing with expert is always useful and a pleasure :)
>
> Olivier
>
>>
>> --
>> Stan
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>> Archive: [🔎] 4EC2B48A.5060103@hardwarefreak.com">http://lists.debian.org/[🔎] 4EC2B48A.5060103@hardwarefreak.com
>>
>>
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/CALvLTM7bD+n0eCpL6k4VuV7H9JUyS4QP1n5KVrLdM6NYWk1Q@mail.gmail.com
>
>
Reply to: