On 9/24/2017 1:50 PM, Wietse Venema wrote:
Kirk Bocek:
I inadvertently set open relay on my server sometime ago. I've fixed it
but I am now bombarded with spam messages. I'm seeing messages like:
6C5C41FCB3 5940 Sun Sep 24 11:10:12 bdnqkqhakis...@sfilc.com
(delivery temporarily suspended: lost connection with
mx-tw.mail.gm0.yahoodns.net[27.123.206.55] while sending RCPT TO)
Why did your server ACCEPT this email? Seach the logs for 6C5C41FCB3,
then find out why it was accepted.
Wierse
That's a good question.
Sep 24 11:10:12 amber postfix/pickup[12058]: 6C5C41FCB3: uid=497
from=<bdnqkqhakis...@sfilc.com>
Sep 24 11:10:12 amber postfix/cleanup[10504]: 6C5C41FCB3:
message-id=<yqizmhwzzttgyqxqg...@ethome.com.tw>
Sep 24 11:10:12 amber postfix/qmgr[10597]: 6C5C41FCB3:
from=<bdnqkqhakis...@sfilc.com>, size=5940, nrcpt=16 (queue active)
Blocking receipt from sfilc.com would help. I have it in my
sender_access file but it's still coming through. I also have com.tw
entered. Should I add that hash to smtpd_helo_restrictions? Would that help?