| View previous topic :: View next topic |
| Author |
Message |
abz
n00b
Joined: 18 Nov 2004
Posts: 64
Location: Melbourne
|
 Posted: Sun Mar 27, 2005 7:41 am Post subject: I'm being used to send spam (postfix) |
 |
|
Hi.
I setup postfix the other day and this morning I noticed strange external traffic. tcpdump showed a lot of traffic to different mail servers. mailq showed that I had 6535 undelivered emails. Have I setup postfix incorrectly, if so, whats wrong with my configuration?
grep -v \# main.cf | Code: | queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
myhostname = horse.rsd.net.au
mydomain = horse
mydomain = localhost
mydomain = rsd.net.au
mydomain = horse.rsd.net.au
myorigin = rsd.net.au
inet_interfaces = all
mydestination = horse.rsd.net.au, horse, rsd.net.au, localhost
unknown_local_recipient_reject_code = 550
mynetworks = 0.0.0.0/0
relay_domains = $mydestination
home_mailbox = .maildir/
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 10
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = /usr/share/doc/postfix-2.1.5-r2/readme
default_destination_concurrency_limit = 2
alias_database = hash:/etc/mail/aliases
local_destination_concurrency_limit = 2
alias_maps = hash:/etc/mail/aliases
home_mailbox = .maildir/
|
Thank you, I really appreciate it. Abz. |
|
| Back to top |
|
 |
moocha
Watchman
Joined: 21 Oct 2003
Posts: 5722
|
| Posted: Sun Mar 27, 2005 8:01 am Post subject: |
|
|
| Code: | | mynetworks = 0.0.0.0/0 |
Oh my.
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin |
|
| Back to top |
|
|
abz
n00b
Joined: 18 Nov 2004
Posts: 64
Location: Melbourne
|
| Posted: Sun Mar 27, 2005 8:21 am Post subject: |
|
|
Thanks for that. I just commented out the line and it's now working correctly.
Abz. |
|
| Back to top |
|
|
moocha
Watchman
Joined: 21 Oct 2003
Posts: 5722
|
| Posted: Sun Mar 27, 2005 8:24 am Post subject: |
|
|
No problem, anytime.
Also - I want to tell you that I really, really, really appreciate it when people take action against being used to relay spam. There's too much of that already.
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin |
|
| Back to top |
|
|
59729
Apprentice
Joined: 21 Jun 2004
Posts: 279
|
| Posted: Sun Mar 27, 2005 5:39 pm Post subject: |
|
|
Do I have to comment that line to be safe? I have
| Code: |
mynetworks = 192.168.1.1/24, 127.0.0.0/8
|
|
|
| Back to top |
|
|
moocha
Watchman
Joined: 21 Oct 2003
Posts: 5722
|
| Posted: Sun Mar 27, 2005 5:58 pm Post subject: |
|
|
| lappen wrote: | Do I have to comment that line to be safe? I have
| Code: |
mynetworks = 192.168.1.1/24, 127.0.0.0/8
|
|
No, yours is OK (only your local private network and the loopback network are there). The 0.0.0.0/0 (which means "anyone anywhere") was the culprit, not the mynetworks directive as such.
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin |
|
| Back to top |
|
|
59729
Apprentice
Joined: 21 Jun 2004
Posts: 279
|
| Posted: Sun Mar 27, 2005 6:08 pm Post subject: |
|
|
| moocha wrote: | | lappen wrote: | Do I have to comment that line to be safe? I have
| Code: |
mynetworks = 192.168.1.1/24, 127.0.0.0/8
|
|
No, yours is OK (only your local private network and the loopback network are there). The 0.0.0.0/0 (which means "anyone anywhere") was the culprit, not the mynetworks directive as such. |
Hmmm got me thinking can they spoof lo/private network and get access that way?, perhaps arule something like iptables -A INPUT -p tcp -i $EXTERNAL_INTERFACE --source $PRIVATE_NETWORK -j DROP/REJECT would solve that if its possible to do something like this |
|
| Back to top |
|
|
moocha
Watchman
Joined: 21 Oct 2003
Posts: 5722
|
| Posted: Mon Mar 28, 2005 6:49 am Post subject: |
|
|
If your firewall allows spoofed traffic through, you're in bigger trouble than just being used as a spam relay. Try out net-firewall/shorewall, for example (you can use app-admin/webmin to create rules for it). From what I've seen it's got a pretty strong and well thought out setup.
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin |
|
| Back to top |
|
|
59729
Apprentice
Joined: 21 Jun 2004
Posts: 279
|
| Posted: Mon Mar 28, 2005 12:29 pm Post subject: |
|
|
Oh so it's possible to spoof :/, I rather write my own rules though I have a bit of reading to do on how to prevent such a thing..
thanks
edit: but my default policieas are DROP so perhaps it's allready preventing such a thing |
|
| Back to top |
|
|
|
Networking & Security
