On 11/9/2016 6:27 AM, Sam Clippinger via spamdyke-users wrote:
I don't understand how you have your jails configured -- is qmail in
a different jail from spamdyke? I'm just wondering, if the message
is originating locally, why does spamdyke see the origin IP as
10.0.1.15 instead of 127.0.0.1? And where is the message really
coming from -- maybe a rogue process or a compromised PHP script is
generating them?
Do you have 10.0.1.15 whitelisted because it's the local IP? Or is
it configured in your /etc/tcp.smtp as a relay client? Either
setting would cause spamdyke to allow these messages.
-- Sam Clippinger
Ahhhhh, you may have hit on something.
The qmaild jail contains everything that is mail related (qmail and
spamdyke) and necessary to run both. My firewall / router is pf and I
use redirection to point incoming port 25 to the jail IP. Jails are a
little weird if you don't know about them, in that inside the jail,
any references to 127.0.0.1 are morphed into the jail IP address. Not
running any PHP scripts.
But I do have the entire 10. network whitelisted as well as 127. and
10. allowing relay in the tcp.smtp file. So I'll need to twiddle with
those and see if I can get this to stop (another 100+ came in last
night and one just a few moments ago as well.)
Thank you, Sam!
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
