On 08/27/03 05:52 PM, David sat at the `puter and typed: > Hi gurus, > > Sorry if this is a little bit off topic but I´m in deep trouble. I´m > running a Postfix server for a couple of domains with just a few > users. > > The setup is pretty secure (I think) and and don't find any evidence > in my logs that I have an open relay. The problem is that I got a > LOT of connections from someone that tries to send e-mail to fake > users at my domain. The logfile grows at rapid speed and I got 180 > MB log just for the last 12 hours. > > The connections are from random IP-addresses. It's different > addresses and domains each time, but the pattern is the same. > > Example 1: > > Aug 27 17:54:44 www postfix/smtpd[10056]: 73D9110F26: reject: RCPT > from smtp.terra.es[213.4.129.129]: 550 <[EMAIL PROTECTED]>: User > unknown in virtual alias table; from=<> proto=ESMTP > helo=<tsmtp8.mail.isp> > > Example 2: > > Aug 27 17:54:42 www postfix/smtpd[10069]: E2D9910F2E: reject: RCPT > from host048021.arnet.net.ar[200.45.48.21]: 550 > <[EMAIL PROTECTED]>: User unknown in virtual alias table; > from=<> proto=ESMTP helo=<smtp-mx-02.ti.local> > > Any idea how to stop this. The server is behind a firewall, so I > guess it´s possible to block this bastard, but I don't know how to > nail him. > > TIA, /David
Ok, I know you have directed this query to gurus, but I'm gonna present a suggestion anyway. I'm not familiar with postfix - I run Sendmail myself and I'm hardly a guru there either - but can't you require validation to connect to the server? All users on my system have to validate before being allowed to send mail. Unless I'm mistaken, that prevents outside spammers from connecting like that and sending mail anywhere, inside or out. HTH Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org Ô¿Ô¬ Too much is just enough. -- Mark Twain, on whiskey ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
