On Thu, Sep 26, 2013 at 08:17:51PM +0300, Papadopoulos Nikolaos wrote: > We have Postfix ver2.3.3 on RHEL5, which was working fine for > several years. Please find below the output of postconf -n
Logs are necessary. This is not enough to be able to help. > smtpd_recipient_restrictions = permit_sasl_authenticated, > permit_mynetworks, check_relay_domains check_relay_domains was deprecated years before your very old Postfix was released. Not the cause of the problem, but worthy of note. > smtpd_sasl_auth_enable = yes > smtpd_sasl_local_domain = $myhostname > smtpd_sasl_security_options = noanonymous > smtpd_sender_restrictions = check_sender_access > hash:/etc/postfix/sender_access, reject_unknown_sender_domain > During the last days we face huge problem by spam emails, as if our > server is open relay. For example, the majority of spam emails in > the mail queue show as sender: > meng.e...@gmail.com<mailto:meng.e...@gmail.com> With a "<mailto:..."; like that, or are you using a broken MUA? If the spams continue to come in, "service postfix stop" right now. There is no point in letting the problem get worse. > 1) how can I find out from which IP address do these emails come > from? Read your logs. Find the FIRST appearance of one of the queue IDs of the spams. Share those few lines if you need help. (No, not your entire log file.) > 2) I tried to reject mail from and to > meng.e...@gmail.com<mailto:meng.e...@gmail.com> without sucess. > More specifically, I created sender_access and recipient_access > with meng.e...@gmail.com<mailto:meng.e...@gmail.com> REJECT > Could you please inform me what is wrong and there are still > emails by mend.e...@gmail.com<mailto:mend.e...@gmail.com> ? Not really. Logs are necessary. Anyway, on that last line you had "mend." while all the others are "meng." Typo? Check (and show) your /etc/postfix/sender_access file. Are you using submission with settings which override the global smtpd_sender_restrictions? Finally: you have some sort of compromise. Blocking a sender address might solve the immediate problem, but it will not repair the compromise. We'll have to see more before we can advise further. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
