Re: [gentoo-user] Is my postfix being used as a relay?
If you want to see what each of the emails in your queue is take a look in /var/spool/postifx. In that dir there are a number of subdirectories, including one called defer and one called deferred. As I don't have anything stuck in there I can't recall exactly which of those subdors houses the deferred messages. They are indexed in a further level of subdirs numbered 0,1,2,3,4,5,6,7,8,9,A,B,C,D.E,F depending on the first character of the email's ID number (which you can see in the output of mailq). It is a hex number. Does that make sense? On Fri, 17 Mar 2006 09:41:06 -0800 Kevin O'Gorman wrote: On 3/17/06, John Jolet [EMAIL PROTECTED] wrote: Yes, I expose this machine's port 25 on purpose. So I would like to make it a good netizen. I had done this with sendmail in previous distros, but am a neophyte with Postfix. Right now I want to verify if I have (or am) a problem. with postfix, it will, by default ONLY accept mail for which it considers itself the final destination for, or destinations that are in relay_domains. typically, out of the box, it will not relay mail for anyone, though it will accept mail for it, as resolved from the box's fqdn, or mydestination. I have mine set up to also allow you to relay if you authenticate (using sasl, via pam...or pam via sasl, if you want to look at it that way). basically that means I can send mail using this server from any network, as long as I set my client up to authenticate on send. but you can't randomly use it as a relay. -- gentoo-user@gentoo.org mailing list Although it seems this host is not a relay, that does not explain the score or so of things languishing in my mail queue attempting to contact sites I have no knowledge of, and which do not accept the connection. Any hints how to explore this? ++ kevin -- Kevin O'Gorman, PhD -- Nick Rout [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Is my postfix being used as a relay?
On 3/16/06, Iain Buchanan [EMAIL PROTECTED] wrote: On Thu, 2006-03-16 at 14:52 -0500, JimD wrote: On Thu, 16 Mar 2006 11:12:28 -0800 Kevin O'Gorman [EMAIL PROTECTED] wrote: I get a lot of bounce messages from Postfix relating to emails that are not actually from me, and the mail q shows lots of stuff I don't recognize. I'd like to know how to interpret this, and if it is called-for, to secure this daemon a bit more. Try this link: http://www.spamhelp.org/shopenrelay/ Just put in the IP and port and click the button.which automatically notifies a list of spammers that they can use your mail server... no not really ;)Do you have a firewall?Should your box be accessible from outside?You could lock it down so _no_one_ outside can access it, or you couldrestrict it to certain ip's... But I also get a few bounce messages from me about emails I neverwrote - once your email address is out there, spammers use it as theirfrom address, even if they're not using your mail server for a relay. sucks. Yes, I expose this machine's port 25 on purpose. So I would like to make it a good netizen. I had done this with sendmail in previous distros, but am a neophyte with Postfix. Right now I want to verify if I have (or am) a problem. ++ kevin -- Kevin O'Gorman, PhD
Re: [gentoo-user] Is my postfix being used as a relay?
Yes, I expose this machine's port 25 on purpose. So I would like to make it a good netizen. I had done this with sendmail in previous distros, but am a neophyte with Postfix. Right now I want to verify if I have (or am) a problem. with postfix, it will, by default ONLY accept mail for which it considers itself the final destination for, or destinations that are in relay_domains. typically, out of the box, it will not relay mail for anyone, though it will accept mail for it, as resolved from the box's fqdn, or mydestination. I have mine set up to also allow you to relay if you authenticate (using sasl, via pam...or pam via sasl, if you want to look at it that way). basically that means I can send mail using this server from any network, as long as I set my client up to authenticate on send. but you can't randomly use it as a relay. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Is my postfix being used as a relay?
On 3/16/06, Gerhard Hoogterp [EMAIL PROTECTED] wrote: On Thursday 16 March 2006 20:12, Kevin O'Gorman wrote: I get a lot of bounce messages from Postfix relating to emails that are not actually from me, and the mail q shows lots of stuff I don't recognize. I'd like to know how to interpret this, and if it is called-for, to secure this daemon a bit more. Can somebody point me in the right direction?I'll RTFM if it's not *too* big, if I know the appropriate FM to R. You can check if your machine is an open relay by using telnet torelay-test.mail-abuse.org from the machine which runs the mail.An other alternative is to use their webinterface (http://www.abuse.net/relay.html) but I have no experience with that one. Thanks for the links. To my relief, they both reported all relay attempts were blocked. So the bounces were spammers spoofing my address as a return, I suppose. And there's nothing I can do to stop that. Sigh. ++ kevin -- Kevin O'Gorman, PhD
Re: [gentoo-user] Is my postfix being used as a relay?
On 3/17/06, John Jolet [EMAIL PROTECTED] wrote: Yes, I expose this machine's port 25 on purpose.So I would like to make it a good netizen. I had done this with sendmail in previous distros, but am a neophyte with Postfix.Right now I want to verify if I have (or am) a problem.with postfix, it will, by default ONLY accept mail for which itconsiders itself the final destination for, or destinations that arein relay_domains.typically, out of the box, it will not relay mail for anyone, though it will accept mail for it, as resolved from thebox's fqdn, or mydestination.I have mine set up to also allow you to relay if you authenticate(using sasl, via pam...or pam via sasl, if you want to look at it that way).basically that means I can send mail using this serverfrom any network, as long as I set my client up to authenticate onsend.but you can't randomly use it as a relay.-- gentoo-user@gentoo.org mailing listAlthough it seems this host is not a relay, that does not explain the score or so of things languishing in my mail queue attempting to contact sites I have no knowledge of, and which do not accept the connection. Any hints how to explore this? ++ kevin-- Kevin O'Gorman, PhD
Re: [gentoo-user] Is my postfix being used as a relay?
Kevin O'Gorman wrote: Although it seems this host is not a relay, that does not explain the score or so of things languishing in my mail queue attempting to contact sites I have no knowledge of, and which do not accept the connection. Any hints how to explore this? Look through your maillogs to determine where these messages originated. If they originated on your network, then it is probably a virus or a worm. Tom Veldhouse
Re: [gentoo-user] Is my postfix being used as a relay?
On Thursday 16 March 2006 20:12, Kevin O'Gorman wrote: I get a lot of bounce messages from Postfix relating to emails that are not actually from me, and the mail q shows lots of stuff I don't recognize. I'd like to know how to interpret this, and if it is called-for, to secure this daemon a bit more. Can somebody point me in the right direction? I'll RTFM if it's not *too* big, if I know the appropriate FM to R. You can check if your machine is an open relay by using telnet to relay-test.mail-abuse.org from the machine which runs the mail. An other alternative is to use their webinterface (http://www.abuse.net/relay.html) but I have no experience with that one. Gerhard -- Ithaka photography, http://ithaka.mine.nu/ -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Is my postfix being used as a relay?
On Thu, 16 Mar 2006 11:12:28 -0800 Kevin O'Gorman [EMAIL PROTECTED] wrote: I get a lot of bounce messages from Postfix relating to emails that are not actually from me, and the mail q shows lots of stuff I don't recognize. I'd like to know how to interpret this, and if it is called-for, to secure this daemon a bit more. Can somebody point me in the right direction? I'll RTFM if it's not *too* big, if I know the appropriate FM to R. ++ kevin -- Kevin O'Gorman, PhD Try this link: http://www.spamhelp.org/shopenrelay/ Just put in the IP and port and click the button. Jim -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Is my postfix being used as a relay?
On Thu, 2006-03-16 at 14:52 -0500, JimD wrote: On Thu, 16 Mar 2006 11:12:28 -0800 Kevin O'Gorman [EMAIL PROTECTED] wrote: I get a lot of bounce messages from Postfix relating to emails that are not actually from me, and the mail q shows lots of stuff I don't recognize. I'd like to know how to interpret this, and if it is called-for, to secure this daemon a bit more. Try this link: http://www.spamhelp.org/shopenrelay/ Just put in the IP and port and click the button. which automatically notifies a list of spammers that they can use your mail server... no not really ;) Do you have a firewall? Should your box be accessible from outside? You could lock it down so _no_one_ outside can access it, or you could restrict it to certain ip's... But I also get a few bounce messages from me about emails I never wrote - once your email address is out there, spammers use it as their from address, even if they're not using your mail server for a relay. sucks. -- Iain Buchanan iain at netspace dot net dot au A pipe gives a wise man time to think and a fool something to stick in his mouth. -- gentoo-user@gentoo.org mailing list