[wplug] figuring out where mail sent from your box came from
Russ Schneider
russ at sugapablo.com
Fri Nov 18 10:33:11 EST 2005
On Fri, 18 Nov 2005 smk at fyi.net wrote:
> Do you have a web server running? It sounds like it could be a formmail or
> like script that somebody is using as an open relay. In that case, I
> would check with your web servers access logs. The postfix logs should
> help you pin down a time.
I thought about this, and this is what I'm trying to figure out.
I do have this as a webserver (apache) and have postfix running on it.
Mainly so web applications can send mail (so I do need to be able to send
mail from the box to the outside world.
I had port 25 open incoming, but just blocked that until I can clamp this
down more.
As for an open relay, I thought I had prevented this with the following
line in the main.cf file:
relay_domains = sugapablo.net, www.sugapablo.net, sony.sugapablo.net
and out of these three, I didn't have any uncommented, so I'm not sure
what it was defaulting to:
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host
I just uncommented host.
Is there any other settings I should be concerned with?
Also, there's a lot of the spam still queued and ready to go that is on
delay because AOL is blocking my IP. How do I clear them out?
--
[=============================================================================]
Russ Schneider (a.k.a. Sugapablo) -> http://www.sugapablo.net
[=============================================================================]
More information about the wplug
mailing list