First and foremost, please read the fine Postfix Debugging HOWTO [1]. It will provide guidance in troubleshooting your problem.
On 2010-03-24 Josh Cason wrote: > First I hope I'm posting a reply back. I'll try to explain better. > Since I cannot find the log I need to post. What operating system are you using? In case of Linux it's probably /var/log/mail.log or something like that. You'll find the exact name and location in your syslog configuration. Once you have located the file: please do *not* post the entire log file, but extract the relevant entries (e.g. grep for the queue ID of a suspicious transaction). > The spam comes from any place. Mostly just foreign IP numbers. Yea we > could block the ip numbers but they change. We also use postini and to > my surprise it even show up through them. This problem does not last > more than 2 weeks if that. For instance on postini it came in for > about two weeks. Not every day. Then I assume postini or whoever fixes > or kicks the spammer off-line. I went with a month and a half one time > with no extra junk. Then it returned. All I see is a person connecting > up. Dropping a message via a ip number. With or without spoofed > address. Then it goes through the system and is sent back out to like > 30 recepients. If an arbitrary external host can submit a message that is relayed to external recipients, then you do have an open relay. Which would be a Bad Thing(tm). However, given your vague description and non-existent evidence, it could be anything else just as well. Please do post the output of "postconf -n" and relevant log excerpts. > On the other problem. We still get email that is to/from the same > person and it is not from our system. I found a page that said that > said if you added something it will check to see the to/from is not > from your ip number and kills the message. But I cannot find that > info. Even though the ip number can be spoofed. Most of what I see is > not. When you look at the message. Just the to/from address matches > up. The ip does not. I think what you want can be done with a policy daemon or a proxy filter. I seem to recall a discussion about this very topic not too long ago, but was unable to find it when sifting through the list archive. [1] http://www.postfix.org/DEBUG_README.html Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
