are you sure that they really relayed from your server? I thought I had the same problem a little while ago but it turned out not to be the case. This was my scenario:
* Woody/postfix with nearly default settings and getting "bounce" return emails from unknown accounts on foreign mail servers * It turned out that someone was forging one of my domains as a "from" address, so the receiving mta simply bounced it back to me as "unknown account". * At first look, it seemed that I was acting as a relay and that I had been cracked. Scary stuff. * I used one of the anti-spam services to check if I was open relay and it turns out that I'm not. * Problem has now gone away, presumably because the evil people are now using someone elses domain in their fake headers. On 17 Aug 2003, Kevin Saenz wrote: > Ok I looked a little further in my logs and found that I wasn't > compromised. Basically there were just too many connections from > the following IP addresses > 220.117.21.254 > 220.117.17.14 > 81.218.55.61 > 81.199.83.10 > 220.117.18.116 > 64.94.60.130 > for my logs to keep up. > By the time my logs caught up it appeared that the emails were > internally driven from first glance. > Now I just have to find out how the hell they relayed from my server > > Kevin > > Over the past 24 hours it seems that someone has been using my > > mail server as a relay server. I don't know how this is possible > > given I am using postfix, and most of my settings are left at > > default. The other thing the mail jobs seem to be coming internally. > > I can't really see any external connections coming. > > > > all the mails seem to be from [EMAIL PROTECTED] and to @hanmail.net > > and looks like either they have a grudge or they are spammers. > > > > I have been looking for the source of the email, and have been checking > > my config several times to see if I have left something open. > > Can anyone help? > > > > TIA > > -- > SLUG - Sydney Linux User's Group - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug > -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
