Sure... the log entries are not altered in any way.
*** /etc/hostname ***
serve.stimulussoft.com
*** /etc/hosts ***
127.0.0.1 localhost.localdomain localhost
71.6.200.51 serve.stimulussoft.com serve.mailarchiva.com
*** postfix configuration ***
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
header_checks = pcre:/etc/postfix/header_checks
home_mailbox = Maildir/
inet_interfaces = all
mailbox_command =
mailbox_size_limit = 0
mydestination = $mydomain, $myhostname, serve.mailarchiva.com,
serve.stimulussoft.com, localhost.stimulussoft.com, localhost,
mailarchiva.com
myhostname = serve.stimulussoft.com
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_host_lookup = dns, native
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks
permit_sasl_authenticated reject_invalid_hostname
reject_non_fqdn_hostname
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /root/certs/rootcerts.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /root/certs/archiva.pem
smtpd_tls_key_file = /root/certs/mailarchiva.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = medium, high
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_received_header = yes
smtpd_tls_req_ccert = no
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = no
tls_random_source = dev:/dev/urandom
virtual_alias_domains = hash:/etc/postfix/mydomains
virtual_alias_maps = hash:/etc/postfix/virtual
On 2013/02/26 3:32 PM, Deeztek.com Support wrote:
On 2/26/2013 7:52 AM, Eero Volotinen wrote:
Like I said, as soon as I blocked the troublesome IP's the problem went
away. Thus, it cannot be a local script. Furthermore,
we are not even running Apache. We are running Tomcat with custom
developed
Java apps.
I also ran tcpdump on localhost to see if there was traffic being
received
on localhost. Guess what? While the spamming was taking place
there was no smtp traffic passing through on localhost port 25.
You should still recheck your mail server configuration, looks like
your server is open relay?
--
Eero
