Hi guys, I've got some mail in the queue that's clearly spam. The from address is [EMAIL PROTECTED] and the source server is "7c.91.5746.static.theplanet.com [70.87.145.124]" The recipient addresses are random domains that do not belong to me. The server is supposed to be a gateway and outgoing server for our users.
I've tried telnet to port 25 on the box and get relay access denied trying to send to a non local domain (gmail.com). So either my config is completely screwed (which is very possible) or I've got a compromised user. If it's a compromised user, is it possible for postfix to include the authenticated username in the message headers? Below is a postconf -n from the gateway/smtp server. Any advice on what I'm missing or bad settings would be great. Also, which of the standard config examples would cover what I'm trying to do with this server? Or should I just start reading through the base configuration? Or should I just hurry up and get the Book of Postfix? :P Thanks Guy [EMAIL PROTECTED]:/var/spool/postfix/hold# postconf -n 2bounce_notice_recipient = [EMAIL PROTECTED] anvil_rate_time_unit = 60s bounce_notice_recipient = [EMAIL PROTECTED] bounce_template_file = /etc/postfix/bounce.cf broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 cyrus_sasl_config_path = /etc/postfix/sasl/ daemon_directory = /usr/lib/postfix debug_peer_level = 2 default_destination_concurrency_limit = 30 delay_notice_recipient = [EMAIL PROTECTED] error_notice_recipient = [EMAIL PROTECTED] home_mailbox = .maildir/ html_directory = /usr/share/doc/postfix-2.2.10/html mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man maps_rbl_domains = sbl-xbl.spamhaus.org message_size_limit = 31240000 mynetworks = 127.0.0.0/8, 72.9.230.26 newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix rbl_reply_maps = hash:/etc/postfix/rbl_reply readme_directory = /usr/share/doc/postfix-2.2.10/readme sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_client_connection_count_limit = 30 smtpd_client_connection_rate_limit = 100 smtpd_client_message_rate_limit = 100 smtpd_client_recipient_rate_limit = 100 smtpd_error_sleep_time = 1s smtpd_hard_error_limit = 20 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_destination, check_recipient_access hash:/etc/postfix/spamlovers, check_client_access cidr:/etc/postfix/postfix-dnswl-permit, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client psbl.surriel.com, reject_rhsbl_client zen.spamhaus.org, reject_rhsbl_client bl.spamcop.net, check_policy_service inet:127.0.0.1:10031, permit smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous smtpd_soft_error_limit = 10 smtpd_tls_CAfile = /etc/ssl/certs/ca-bundle.crt smtpd_tls_cert_file = /etc/ssl/certs/imapd.pem smtpd_tls_key_file = /etc/ssl/private/imapd.pem smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf mysql:/etc/postfix/mysql_virtual_catchall_maps.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_transport = smtp:barracuda.aluminati.org -- Don't just do something...sit there!
