o/
I was doing some log processing today for a supposedly sent mail I didn't
recieve. It turns out that while I was playing with the log file I suddenly
realized that every connection is made from localhost...
root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL # zgrep client= /var/log/mail.* |
grep -v localhost
root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL #
that command was supposed to spit all the client connections that weren't made
by localhost, and it had 0 results...
On another machine (with an old setup) this is definitely not the case (had
923 unique clients/IPs) :
root@messagerie-secours[10.10.10.20] /var/log # zgrep -o 'client=.*]'
/var/log/mail.* | grep -v localhost | cut -f 2 -d : | sort | uniq -c | sort -n
1 client=118-163-37-8.HINET-IP.hinet.net[118.163.37.8]
1 client=131.red-80-35-249.staticip.rima-tde.net[80.35.249.131]
1 client=179-191-149-46.dynamic.starweb.net.br[179.191.149.46]
1 client=a95-93-181-252.cpe.netcabo.pt[95.93.181.252]
[...snip...]
1713 client=mta-gw11.infomaniak.ch[84.16.68.70]
1715 client=mta-gw16.infomaniak.ch[84.16.68.77]
1943 client=messagerie.algerian-radio.dz[10.10.10.19]
4499 client=wsus.eprs.dz[10.10.10.1]
root@messagerie-secours[10.10.10.20] /var/log #
This is a little embarassing since I can not know if any other server has
attempted to connect to my posftix or not. Any idea on what could be wrong ?
Config follows :
postfinger - postfix configuration on Thu Mar 2 14:16:09 CET 2017
version: 1.30 Warning: postfinger output may show private configuration
information,
such as ip addresses and/or domain names which you do not want to show
to the public. If this is the case it is your responsibility to modify
the output to hide this private information. [Remove this warning with
the --nowarn option.] --System Parameters--
mail_version = 2.11.3
hostname = messagerie
uname = Linux messagerie 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u2
(2016-01-02) x86_64 GNU/Linux --Packaging information--
looks like this postfix comes from deb package: postfix-2.11.3-1 --main.cf
non-default parameters--
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
content_filter = amavis:[127.0.0.1]:10024
enable_original_recipient = no
inet_protocols = ipv4
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
maildrop_destination_recipient_limit = 1
message_size_limit = 20971520
mydestination = messagerie.domain.tld, messagerie, localhost.localdomain,
localhost
myhostname = messagerie.domain.tld
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_message_rate_limit = 100
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/maps/reject_senders
smtpd_tls_cert_file = /etc/ssl/private/LETSENCRYPT/nouveau_complet.cert
smtpd_tls_key_file = /etc/ssl/private/LETSENCRYPT/server.private_key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
virtual_alias_maps = hash:/etc/postfix/maps/alias
virtual_gid_maps = static:1002
virtual_mailbox_base = /var/vmail/
virtual_mailbox_domains = backup.domain.tld, domain.tld
virtual_mailbox_maps = mysql:/etc/postfix/maps/mailboxes.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:113 --master.cf--
smtp inet n - n - - smtpd -o content_filter=spamassassin
pickup unix n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache # flags=DRhu user=vmail
argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop}
${sender}
maildrop unix - n n - - pipe # flags=DRhu user=vmail
argv=/usr/bin/maildrop -V9 -d ${recipient} -w 80 flags=DRhu user=vmail
argv=/var/vmail/maildropwrapper -V9 -d ${recipient} # flags=DRhu user=vmail
argv=/var/vmail/maildropwrapper -V9 -d vmail ${extension} ${recipient} ${user}
${nexthop} ${sender}
uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux
-r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe flags=F user=ftn
argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe flags=Fq. user=bsmtp
argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe flags=R user=scalemail
argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe flags=FR user=list
argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o
smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o
local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o
smtpd_client_restrictions= -o smtpd_helo_restrictions= #-o
smtpd_sender_restrictions= -o
smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes -o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks #
yassine 27/03/2016 # me donne un warning au démarrage # /usr/sbin/postconf:
warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
#-o smtpd_bind_address=127.0.0.1
spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f
-e /usr/sbin/sendmail -oi -f ${sender} ${recipient} -- end of postfinger
output --
-- Yassine
