On Sun, Oct 13, 2002 at 07:16:19PM +0800, william villanueva wrote:
>
> Oct 12 15:50:01 servername postfix/qmgr[29727]: AA83C3D97: from=<>, size=3343 (queue
>active)
>
> My guess is that the msg does not have a From in its header or
> something.
Not an entirely pointless guess, but a wrong one. Note this session:
jijo@lawin:~$ telnet localhost smtp
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 lawin.leathercollection.ph ESMTP Postfix (Debian/GNU)
HELO lawin
250 lawin.leathercollection.ph
MAIL FROM: <>
250 Ok
RCPT TO: <[EMAIL PROTECTED]>
250 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
From: Federico Sevilla III <[EMAIL PROTECTED]>
To: Federico Sevilla III <[EMAIL PROTECTED]>
Subject: This is an "anonymous sender" test
Okay, obviously not entirely anonymous.
.
250 Ok: queued as DFA921A4086
QUIT
221 Bye
Connection closed by foreign host.
And then from the logs:
Oct 14 10:40:24 lawin postfix/smtpd[30866]: connect from localhost[127.0.0.1]
Oct 14 10:40:28 lawin postfix/smtpd[30866]: DFA921A4086:
client=localhost[127.0.0.1]
Oct 14 10:41:04 lawin postfix/cleanup[30869]: DFA921A4086:
message-id=<[EMAIL PROTECTED]>
Oct 14 10:41:04 lawin postfix/nqmgr[32652]: DFA921A4086: from=<>, size=470,
nrcpt=1 (queue active)
Oct 14 10:41:04 lawin postfix/smtp[30871]: DFA921A4086: to=<[EMAIL PROTECTED]>,
relay=192.168.0.1[192.168.0.1], delay=36, status=sent (250 Ok: queued as A53B91F4D8)
Oct 14 10:41:05 lawin postfix/smtpd[30866]: disconnect from localhost[127.0.0.1]
> Should I be concerned?
I do not know for sure, but don't think so. In particular I've noticed
that all messages that my AMaViS installation sends back to postfix have
these "from-less" connections.
> And / or is there a way to reject mail which have these kind of
> deformed headers?
Although my illustration above had "incomplete" headers, I think you
will see that you can send a valid email message even with the
"from-less" logs. I would expect that
MAIL FROM: <>
is valid as per the relevant RFC, but cannot be sure as I haven't had
the need to actually read it.
> Also, i noticed that one of our users is getting a lot of bounced back
> mail and it kept filling up his mailbox whenever we delete the
> contents.. I'm not sure if he is sending out spam or could have been
> infected by a virus. Is there a way to a way to fix this problem maybe
> like to limit the number of msgs that one can send?
If your user is sending out spam and someone else reports this spam, the
postmaster should receive a report about this. Then you can block access
to the user entirely. To deal with virus-infected email, both inbound
and outbound, I've found that having a virus-scanner set up to work with
the MTA is the most holistic approach. I wouldn't want to set resource
limits for number of messages sent per user, but must admit that is an
interesting problem (and one that I have no solution to).
--> Jijo
--
Federico Sevilla III : http://jijo.free.net.ph : When we speak of free
Network Administrator : The Leather Collection, Inc. : software we refer to
GnuPG Key ID : 0x93B746BE : freedom, not price.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
