[wplug] help! I am relaying mail! (postfix)

Brandon Kuczenski brandon at 301south.net
Sun Dec 11 04:09:44 EST 2005


I recently sent a letter and it came back with the following:

Diagnostic-Code: X-Postfix; host relayl.tsr.ru[213.135.64.194] said: 553 
5.0.0
     Spam is blocked by spam1map?209.195.172.207 (in reply to MAIL FROM 
command)


I was going to send an indignant letter, but I decided to check my logs. 
(I am running Postfix 2.1.5).  I got a whole bunch of these:

Dec 10 00:13:49 ocean postfix/qmgr[295]: 87710FF35: from=<>, size=28208, 
nrcpt=1 (queue active)
....
Dec 10 00:14:19 ocean postfix/smtp[30067]: 87710FF35: 
to=<fenelia.Carmichael at free4life.usarabia.com>, relay=none, delay=97794, 
status=deferred (connect to free4life.usarabia.com[195.47.247.68]: 
Operation timed out)

Notice the null 'from=<>'

I can guarantee that there's no reason my server should be sending mail to 
free4life.usarabia.com.  There are thousands of these such entries.  I'm 
scared my computer may be doing bad things.

I stripped down my postfix config file and attached it.  It LOOKS RIGHT. 
I thought it was properly configured.  Here is an excerpt:

# Global Postfix configuration file. This file lists only a subset

myhostname = 301south.net

mydomain = 301south.net

myorigin = ocean.$myhostname

inet_interfaces = all

mydestination = kuczenski.net, $myhostname, localhost.$mydomain, $myorigin

# TRUST AND RELAY CONTROL

mynetworks = 192.168.0.0/24, 127.0.0.0/8, 301south.net

# these domains are backup-mxed for a buddy
relay_domains = $mydestination
 	        alethe.net
 		nfg.ca
 		poemranker.com
 		riddlery.org




A more-or-less complete file (some nonrelevant stuff stripped out) is 
attached.  But why would it be accepting mail From <> ????

Please help -- I depend on this mail server.  For the time, I changed the 
inet_interfaces to 'localhost' and will require my users to login 
directly.

What gives?  I thought that on postfix, the 'mynetworks' and the 
'relay_domains' were all there was...

-Brandon
-------------- next part --------------
# Global Postfix configuration file. This file lists only a subset

myhostname = 301south.net

mydomain = 301south.net

myorigin = ocean.$myhostname

inet_interfaces = all

mydestination = kuczenski.net, $myhostname, localhost.$mydomain, $myorigin

# TRUST AND RELAY CONTROL

mynetworks = 192.168.0.0/24, 127.0.0.0/8, 301south.net

# these domains are backup-mxed for a buddy
relay_domains = $mydestination 
	        alethe.net 
		nfg.ca 
		poemranker.com 
		riddlery.org

smtpd_recipient_restrictions = 
		permit_sasl_authenticated
		permit_mynetworks
		check_recipient_access hash:/usr/local/etc/postfix/access
		permit_mx_backup
		reject_unauth_destination
		reject_unknown_sender_domain

disable_vrfy_command = yes

smtpd_reject_unlisted_sender = yes

# smtpd_sender_restrictions

smtpd_sender_restrictions = permit_sasl_authenticated
			    permit_mynetworks

smtpd_sasl_local_domain = ocean.301south.net

broken_sasl_auth_clients = yes

smtpd_sasl_auth_enable = yes

smtpd_tls_auth_only = yes

smtpd_sasl_security_options = noplaintext
			      noanonymous

smtpd_sasl_tls_security_options = noanonymous

smtpd_use_tls = yes 
smtp_tls_note_starttls_offer = yes 

smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s

masquerade_domains = $mydomain


More information about the wplug mailing list