> I had a dictionary attack this morning and had to remove about 150k
> emails with "hi how are you" in the header coming from a swbell dsl
> client in St.Louis I think. They were all from a random hotmail.com
> account.
>
> Jan 28 07:14:39 scooter postfix/smtpd[21983]: 7B9517BCA5:
> client=adsl-65-71-214-5.dsl.stlsmo.swbell.net[65.71.214.5]
>
> Now I'm trying to "close the barn door". I have a file:
> account_control.map that has my valid clients in it like this:
>
> grep internetworks.net account_control.map
>
> [EMAIL PROTECTED] OK
> [EMAIL PROTECTED] OK
> [EMAIL PROTECTED] OK
> [EMAIL PROTECTED] OK
> [EMAIL PROTECTED] OK
I am not a big fan of OK maps. You need to be careful with them, and there
are synchronization issues in situations where domains add users on their
own.
> in main.cf I have:
>
> smtpd_recipient_restrictions =
> reject_unauth_pipelining,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_recipient_domain,
> hash:/etc/postfix/account_control.map, <<<<<<<<<<<<
You realize this OK map causes it to skip all other checks if it has a
positive?
> reject_unknown_sender_domain,
> permit_mynetworks,
> reject_unauth_destination,
> check_client_access hash:/etc/postfix/mta_clients_bw.map,
> check_sender_access regexp:/etc/postfix/from_senders.regexp,
> check_sender_access hash:/etc/postfix/from_senders_bw.map,
> check_helo_access hash:/etc/postfix/helo_hostnames.map,
> check_sender_access hash:/etc/postfix/from_senders_slet.map,
> check_sender_access hash:/etc/postfix/from_senders_clueless.map,
> check_sender_access hash:/etc/postfix/from_senders_bogus.map,
> check_sender_access hash:/etc/postfix/from_senders_mybogus.map,
> check_sender_access hash:/etc/postfix/from_senders.map,
> check_sender_access hash:/etc/postfix/spamlist-extended.map,
> reject_rbl_client,
> reject
>
> And it happily accepts mail to any of my domains regardless of existing
> addresses.
>
> Jan 28 14:18:23 scooter postfix/smtpd[28478]: connect from
> f46.pav2.hotmail.com[64.4.37.46]
> Jan 28 14:18:24 scooter postfix/smtpd[28478]: 21E057BC48:
> client=f46.pav2.hotmail.com[64.4.37.46]
> Jan 28 14:18:24 scooter postfix/cleanup[28479]: 21E057BC48:
> message-id=<[EMAIL PROTECTED]>
> Jan 28 14:18:24 scooter postfix/qmgr[28476]: 21E057BC48:
> from=<[EMAIL PROTECTED]>, size=1388, nrcpt=1 (queue active)
> Jan 28 14:18:24 scooter postfix/smtp[28484]: 21E057BC48:
> to=<[EMAIL PROTECTED]>, relay=primary.spammiser.com[65.167.19.45],
> delay=0, status=sent (250 Ok: queued as 8B068BC5FA)
> Jan 28 14:18:24 scooter postfix/smtpd[28478]: disconnect from
> f46.pav2.hotmail.com[64.4.37.46]
>
> grep [EMAIL PROTECTED] account_control.map
> yields nothing...
What about
grep -i [EMAIL PROTECTED] account_control.map
or
postmap account_control.map -q [EMAIL PROTECTED]
??
Ignore the case, Postfix does.
And don't forget these:
grep -i Reyne@ account_control.map
grep -i internetworks.net account_control.map
or
postmap account_control.map -q Reyne@
postmap account_control.map -q internetworks.net
Those are also valid ways to OK something in a smtpd_recipient_restrictions
hash map.
> What am I doing wrong? ( besides haveing shut off SAV last night)
> SAV would have stopped this in it's tracks.
The principal of using an OK map to flag good recipients requires the use of
two smtpd_*_restrictions lists, OR that it be the last check in the list.
That way the OK does not bypass all your other checks.
Try moving hash:/etc/postfix/account_control.map to right before reject and
see what happens.
--Eric
