On Thu, Sep 26, 2013 at 08:17:51PM +0300, Papadopoulos Nikolaos wrote:
> We have Postfix ver2.3.3 on RHEL5, which was working fine for several years.
> Please find below the output of postconf -n
>
> smtpd_recipient_restrictions =
> permit_sasl_authenticated,
> permit_mynetworks,
> check_relay_domains
The "check_relay_domains" restriction is long deprecated, and no
longer supported by current versions of Postfix. Strongly consider
using "reject_unauth_destination" instead. The "check_relay_domains"
legacy feature cannot be made reliable.
You have no anti-spam controls beyond blocking unauthorized relaying,
consider adding a suitable RBL (zen.spamhaus.org is a good start,
possibly via a paid feed if your traffic volume is high enough).
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_security_options = noanonymous
One or more of your SASL accounts may be compromised.
> During the last days we face huge problem by spam emails, as if
> our server is open relay.
Incoming spam or outgoing spam? Your configuration is not an open
relay per-se, but it is possible that you relay mail from trusted
sources (other machines in your domain, authenticated users, ...)
or locally submitted via compromised web applications.
> For example, the majority of spam emails in the mail queue show as sender:
>
> meng.e...@gmail.com
Sender addresses of spam are often forged, do not generally indicate
where the spam is really from and filtering them is not by itself
an effective defense against spam.
> 1) how can I find out from which IP address do these emails come from?
1. YOUR MAIL LOGS!
2. If a spam message is still in the queue, use "postcat -q <queueid>"
to see the message envelope records, headers and body. The envelope
and topmost Received header will show the origin of the message.
--
Viktor.
