Gentoo Forums :: View topic - our postfix is a open relay

our postfix is a open relay

View unanswered posts
View posts from last 24 hours

Gentoo Forums Forum Index

Networking & Security

View previous topic :: View next topic

Author

Message

Del Pede
Tux's lil' helper

Joined: 18 Aug 2005
Posts: 99

Posted: Wed Apr 05, 2006 7:42 am Post subject: our postfix is a open relay

Having taken over, an all ready configured and installed server, yesterday I discovered a hign load of trafic. Everytime i shutdown postfix, the trafic went straight back to normal. After consulting som other people, it seemed someone was relaying mail through us.

I've looked through the config, and can't find any errors, but there are bound to be some. So I figured i'd post them here, and hope you guys, can find them, since I'm still kinda green to postfix. I've changed the names of the real domain

main.cf

Code:

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mail_owner = postfix

myhostname = beaver.volunteer.dk

mydomain = volunteer.dk

inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain $mydomain

local_recipient_maps = unix:passwd.byname $alias_maps

unknown_local_recipient_reject_code = 450

mynetworks_style = subnet

mynetworks = 192.168.0.0/24, 127.0.0.0/8

relay_domains = $mydestination

alias_maps = hash:/etc/mail/aliases

alias_database = hash:/etc/mail/aliases

home_mailbox = .maildir/

body_checks_size_limit = 175000
body_checks = regexp:/etc/postfix/body_checks_map

smtpd_client_restrictions = hash:/etc/postfix/access, reject_rbl_client relays.o
rdb.org
smtpd_delay_reject = no
smtpd_sender_restrictions = hash:/etc/postfix/access, reject_rhsbl_sender dsn.rf
c-ignorant.org

local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 10

debug_peer_level = 2

debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

manpage_directory = /usr/share/man

sample_directory = /etc/postfix/sample

readme_directory = /usr/share/doc/postfix-2.0.9
hash_queue_names = deferred, defer active bounce flush incoming

and
master.cf

Code:

smtp inet n - n - - smtpd -v
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

Thanks in advance for any help
Sincerly
Del Pede

Last edited by Del Pede on Wed Apr 05, 2006 3:40 pm; edited 1 time in total

lesourbe
l33t
l33t

Joined: 24 Nov 2005
Posts: 710
Location: Champagne !

Posted: Wed Apr 05, 2006 8:01 am Post subject:

please use

Code:

cat your_file | grep -v ^#

when posting conf files.

Code:

mynetworks = 192.168.0.0/55, 127.0.0.0/8

/55 is wrong here.
I don't know if it's the source of your problem though.
It should be more likely /24

If you don't knwo how to figure what /xx you should put, take a look at this :
http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
_________________
Is that a banhammer ?
LeSourbe, Member of EPowerforce.

Del Pede
Tux's lil' helper

Joined: 18 Aug 2005
Posts: 99

Posted: Wed Apr 05, 2006 8:35 am Post subject:

lesourbe wrote:

I thought, that it was the range op IP's allowed. Our DHCP gives IP from a wider range, than 0/24. Thought it was a problem before.

The cat trick is duly noted, thanks

lesourbe
l33t
l33t

Joined: 24 Nov 2005
Posts: 710
Location: Champagne !

Posted: Wed Apr 05, 2006 9:14 am Post subject:

Del Pede wrote:

lesourbe wrote:

I thought, that it was the range op IP's allowed. Our DHCP gives IP from a wider range, than 0/24. Thought it was a problem before.

The cat trick is duly noted, thanks

/24 = 255.255.255.0
on a 192.168.0.0 network that mean than all 192.168.0.X are part of that network.
255.255.255.0 in binary is 24 1 and 8 0 (111111111...(24 times) 00000000 )
/xx cannot be > 32 (255.255.255.255)

If /24 is not tight enough for you, I recommend you go through some binary calculation and adjust the mask accordingly.
_________________
Is that a banhammer ?
LeSourbe, Member of EPowerforce.

Del Pede
Tux's lil' helper

Joined: 18 Aug 2005
Posts: 99

Posted: Wed Apr 05, 2006 9:16 am Post subject:

lesourbe wrote:

Del Pede wrote:

lesourbe wrote:

I thought, that it was the range op IP's allowed. Our DHCP gives IP from a wider range, than 0/24. Thought it was a problem before.

The cat trick is duly noted, thanks

Yes i read upon it, and it seems i where wrong about that. 0/24 DOESN'T match our host mask. our's are 255.0.0.0, but the WAN is 255.255.255.0 - could that be our problem?

lesourbe
l33t
l33t

Joined: 24 Nov 2005
Posts: 710
Location: Champagne !

Posted: Wed Apr 05, 2006 9:33 am Post subject:

Del Pede wrote:

lesourbe wrote:

Del Pede wrote:

lesourbe wrote:

I thought, that it was the range op IP's allowed. Our DHCP gives IP from a wider range, than 0/24. Thought it was a problem before.

The cat trick is duly noted, thanks

Yes i read upon it, and it seems i where wrong about that. 0/24 DOESN'T match our host mask. our's are 255.0.0.0, but the WAN is 255.255.255.0 - could that be our problem?

if your mask is truly 255.0.0.0 (it means that you have in your LAN IPs like 192.X.X.X) you got a problem.
LAN reserved IP are 192.168.X.X
every single adress in 192.Y with that Y different from 168 is a WAN adress.

look at that : http://www.jpsdomain.org/networking/nat.html for private IP range.
_________________
Is that a banhammer ?
LeSourbe, Member of EPowerforce.

ASID
Apprentice

Joined: 22 Mar 2006
Posts: 195

Posted: Wed Apr 05, 2006 9:36 am Post subject:

Maybe you'll find these links usefull: http://www.ordb.org/faq/#usage_postfix http://www.postfix.org/uce.html

Del Pede
Tux's lil' helper

Joined: 18 Aug 2005
Posts: 99

Posted: Wed Apr 05, 2006 9:37 am Post subject:

lesourbe wrote:

Okay, i'm a bit unsure now.

The server also functions as a gateway, with to nic's - eht0 and eth1
eth0 point to wan, and eth1 to lan

eth0 inet addr:10.0.0.2 Bcast:10.0.0.255 Mask:255.0.0.0

eth1 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0

So it might be configured properly then after all

lesourbe
l33t
l33t

Joined: 24 Nov 2005
Posts: 710
Location: Champagne !

Posted: Wed Apr 05, 2006 9:56 am Post subject:

Del Pede wrote:

so your LAN is 192.168.0.0/24
you must have a modem behind your server (as 10.0.0.2 is a LAN adress) but the mask is wide ...
You should not bother though (if you really only have a modem behind your server box)
_________________
Is that a banhammer ?
LeSourbe, Member of EPowerforce.

Del Pede
Tux's lil' helper

Joined: 18 Aug 2005
Posts: 99

Posted: Wed Apr 05, 2006 9:58 am Post subject:

lesourbe wrote:

Del Pede wrote:

eth0 connection to WAN goes through a router, but all trafic, is routed to eth0. The router is 10.0.0.1

Yes - the LAn would be 192.168.0.0/24

Del Pede
Tux's lil' helper

Joined: 18 Aug 2005
Posts: 99

Posted: Wed Apr 05, 2006 10:40 am Post subject:

ASID wrote:

Maybe you'll find these links usefull:
http://www.ordb.org/faq/#usage_postfix
http://www.postfix.org/uce.html

Thanks. I read the documents, and i added the following to my main.cf
smtpd_client_restrictions = hash:/etc/postfix/access, reject_rbl_client relays.ordb.org
smtpd_sender_restrictions = hash:/etc/postfix/access, reject_rhsbl_sender dsn.rfc-ignorant.org

But still it seems i'm open.

lesourbe
l33t
l33t

Joined: 24 Nov 2005
Posts: 710
Location: Champagne !

Posted: Wed Apr 05, 2006 10:42 am Post subject:

Del Pede wrote:

ASID wrote:

Maybe you'll find these links usefull:
http://www.ordb.org/faq/#usage_postfix
http://www.postfix.org/uce.html

can you post a part of the log showing the evidence you're open ?
_________________
Is that a banhammer ?
LeSourbe, Member of EPowerforce.

Del Pede
Tux's lil' helper

Joined: 18 Aug 2005
Posts: 99

Posted: Wed Apr 05, 2006 11:26 am Post subject:

lesourbe wrote:

Del Pede wrote:

ASID wrote:

Maybe you'll find these links usefull:
http://www.ordb.org/faq/#usage_postfix
http://www.postfix.org/uce.html

can you post a part of the log showing the evidence you're open ?

Actually I'm basing it on what trafshow tells me, when postfix is running. Here is a piece of that
http://users.cybercity.dk/~dsl62117/trafshow.txt

Alot of smtp trafic, which slows down our entire net. Also i tested to see if one could use the smtp service from outside the house, and I could. I was able to send mail through our server from home, from an adresse that is not affiliated with our domain, to another adress which also is not affiliated with our domain.

I've been looking through the logs, I don't really know what too look for

ASID
Apprentice

Joined: 22 Mar 2006
Posts: 195

Posted: Wed Apr 05, 2006 12:06 pm Post subject:

I would suggest that you test here http://www.ordb.org/submit/ if it's an open relay. You might have a high smtp traffic because of a bad configuration.

lesourbe
l33t
l33t

Joined: 24 Nov 2005
Posts: 710
Location: Champagne !

Posted: Wed Apr 05, 2006 12:20 pm Post subject:

did you reload or restart postfix after every change to main.cf / master.cf ? _________________ Is that a banhammer ? LeSourbe, Member of EPowerforce.

Del Pede
Tux's lil' helper

Joined: 18 Aug 2005
Posts: 99

Posted: Wed Apr 05, 2006 12:30 pm Post subject:

lesourbe wrote:

did you reload or restart postfix after every change to main.cf / master.cf ?

yes. I have to stop postfix too work at all, since it kills the connection. At the moment I'm ssh'ing from outside of the house

DaveArb
Guru
Guru

Joined: 29 Apr 2004
Posts: 510
Location: Texas, USA

Posted: Wed Apr 05, 2006 1:52 pm Post subject:

ASID wrote:

I would suggest that you test here http://www.ordb.org/submit/ if it's an open relay. You might have a high smtp traffic because of a bad configuration.

I agree. Note that if you are an open relay, this WILL GET YOU added to the ORDB list. That's not so bad though, because when you've fixed it, the list is easy to get back off of.

It also would be helpful if you edited the original post to show the configs filtered through `grep -v` as mentioned by lesourbe. It's near impossible to find the actual configuration through the Postfix usage manual you've posted.

Last, some actual mail log entries would be better than the trafshow listing. I (hopefully) can't be the only one who is familiar with mailservers but not with trafshow, and it's missing timestamps anyway. I couldn't tell if you're relaying or not from it, but could from the logs.

Dave

Del Pede
Tux's lil' helper

Joined: 18 Aug 2005
Posts: 99

Posted: Wed Apr 05, 2006 3:48 pm Post subject:

DaveArb wrote:

It also would be helpful if you edited the original post to show the configs filtered through `grep -v` as mentioned by lesourbe. It's near impossible to find the actual configuration through the Postfix usage manual you've posted.

Done, and i got some of the mail logs. It's quit large, and bit of hard for me to find it's way around, but here goes. I've edited the log a bit, so that a lot of mail adresses won't be floating around more than they are

Code:

Apr 5 13:01:06 localhost postfix/smtp[3059]: connect to drc****.com[130.227.13.2]: Connection timed out (port 25)
Apr 5 13:01:09 localhost postfix/smtp[3111]: D276ABC69B: lost connection with mx2.mail.yahoo.com[4.79.181.135] while sending MAIL FROM
Apr 5 13:01:20 localhost postfix/smtp[3083]: D276ABC69B: to=<psykinfo[at]nethotel****.com>, relay=antispam.nethotel****.com[194.239.202.50], delay=91001, status=deferred (lost connection with antispam.nethotel****.com[194.239.202.50] while sending message body)
Apr 5 13:01:48 localhost postfix/postfix-script: stopping the Postfix mail system
Apr 5 13:01:48 localhost postfix/master[3035]: terminating on signal 15
Apr 5 13:25:19 localhost imapd: DISCONNECTED, user=katja, ip=[::ffff:192.168.0.16], headers=0, body=680, time=11306
Apr 5 14:16:44 localhost imapd: Connection, ip=[::ffff:192.168.0.13]
Apr 5 14:16:45 localhost imapd: LOGIN, user=morten, ip=[::ffff:192.168.0.13], protocol=IMAP
Apr 5 14:16:49 localhost imapd: DISCONNECTED, user=morten, ip=[::ffff:192.168.0.13], headers=0, body=0, time=4
Apr 5 14:18:22 localhost imapd: DISCONNECTED, user=winnie, ip=[::ffff:192.168.0.23], headers=2336, body=1229874, time=22031
Apr 5 14:32:53 localhost postfix/postfix-script: starting the Postfix mail system
Apr 5 14:32:53 localhost postfix/master[3553]: daemon started -- version 2.2.5, configuration /etc/postfix
Apr 5 14:32:53 localhost postfix/qmgr[3555]: C5E532D2416: from=<morten[at]volunteer****.com>, size=1201004, nrcpt=1 (queue active)
Apr 5 14:32:53 localhost postfix/qmgr[3555]: 8B51E2F8542: from=<knud[at]beaver.volunteer****.com>, size=1744, nrcpt=1 (queue active)
Apr 5 14:32:53 localhost postfix/qmgr[3555]: D276ABC69B: from=<morten[at]volunteer****.com>, size=1200857, nrcpt=194 (queue active)
Apr 5 14:32:53 localhost postfix/smtp[3558]: connect to bounce.dtf.se[80.166.99.254]: Connection refused (port 25)
Apr 5 14:32:53 localhost postfix/smtp[3558]: 8B51E2F8542: to=<mailrobot[at]bounce.dtf.se>, relay=none, delay=87270, status=deferred (connect to bounce.dtf.se[80.166.99.254]: Connection refused)
Apr 5 14:32:56 localhost postfix/smtp[3585]: connect to mail.mbrevision****.com[129.142.226.88]: Connection refused (port 25)
Apr 5 14:33:03 localhost postfix/smtp[3623]: D276ABC69B: host mx03.stofanet****.com[212.10.10.13] said: 452 Try this address in the next batch, please (in reply to RCPT TO command)
Apr 5 14:33:03 localhost last message repeated 6 times
Apr 5 14:33:03 localhost postfix/smtp[3584]: D276ABC69B: to=<kontakt[at]hiv-nettet****.com>, relay=none, delay=96504, status=deferred (Host or domain name not found. Name service error for name=hiv-nettet****.com type=MX: Host not found, try again)
Apr 5 14:33:23 localhost postfix/smtp[3565]: connect to mail.akbu****.com[80.196.101.131]: Connection timed out (port 25)
Apr 5 14:33:24 localhost postfix/smtp[3578]: connect to drc****.com[130.227.13.2]: Connection timed out (port 25)
Apr 5 14:33:27 localhost postfix/smtp[3616]: connect to fpo.mail****.com[80.160.76.237]: server refused to talk to me: 421 Service not available (port 25)
Apr 5 14:33:27 localhost postfix/smtp[3616]: D276ABC69B: to=<renita[at]post10.tele****.com>, relay=none, delay=96528, status=deferred (connect to fpo.mail****.com[80.160.76.237]: server refused to talk to me: 421 Service not available )
Apr 5 14:33:36 localhost postfix/smtp[3557]: C5E532D2416: lost connection with mx2.mail.yahoo.com[4.79.181.134] while sending message body
Apr 5 14:33:41 localhost postfix/smtp[3588]: D276ABC69B: lost connection with mx3.****.com[65.54.245.72] while sending message body
Apr 5 14:33:47 localhost postfix/smtp[3618]: connect to mail.pullich****.com[80.196.101.132]: Connection timed out (port 25)
Apr 5 14:33:48 localhost postfix/smtp[3601]: D276ABC69B: lost connection with mx4.****.com[65.54.244.104] while sending message body
Apr 5 14:33:36 localhost postfix/smtp[3557]: C5E532D2416: lost connection with mx2.mail.yahoo.com[4.79.181.134] while sending message body
Apr 5 14:33:41 localhost postfix/smtp[3588]: D276ABC69B: lost connection with mx3.****.com[65.54.245.72] while sending message body
Apr 5 14:33:47 localhost postfix/smtp[3618]: connect to mail.pullich****.com[80.196.101.132]: Connection timed out (port 25)
Apr 5 14:33:48 localhost postfix/smtp[3601]: D276ABC69B: lost connection with mx4.****.com[65.54.244.104] while sending message body
Apr 5 14:34:06 localhost postfix/smtp[3557]: connect to mx3.mail.yahoo.com[4.79.181.12]: Connection timed out (port 25)
Apr 5 14:34:16 localhost postfix/smtp[3558]: D276ABC69B: to=<fr[at]aub.aau****.com>, relay=barracuda.aub.aau****.com[130.225.53.23], delay=96577, status=deferred (lost connection with barracuda.aub.aau****.com[130.225.53.23] while sending message body)
Apr 5 14:34:18 localhost postfix/smtp[3601]: connect to mx3.****.com[64.4.50.179]: Connection timed out (port 25)
Apr 5 14:34:37 localhost postfix/smtp[3602]: D276ABC69B: to=<psykinfo[at]nethotel****.com>, relay=antispam.nethotel****.com[194.239.202.50], delay=96598, status=deferred (lost connection with antispam.nethotel****.com[194.239.202.50] while sending message body)
Apr 5 14:34:48 localhost postfix/smtp[3601]: connect to mx2.****.com[65.54.245.40]: server dropped connection without sending the initial SMTP greeting (port 25)
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const mail
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const ipv4
Apr 5 14:34:56 localhost postfix/smtpd[3633]: name_mask: ipv4
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const beaver.volunteer****.com
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const volunteer****.com
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const Postfix
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const postfix
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const postfix
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const postdrop
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $myhostname, localhost.$mydomain $mydomain -> beaver.volunteer****.com, localhost.volunteer****.com volunteer****.com
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $myhostname -> beaver.volunteer****.com
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const /usr/lib/postfix
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const /usr/sbin
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const /var/spool/postfix
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const pid
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const all
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const double-bounce
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const nobody
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const hash:/etc/mail/aliases
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 20050719
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 2.2.5
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const hash
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const deferred, defer active bounce flush incoming
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $mydestination -> beaver.volunteer****.com, localhost.volunteer****.com volunteer****.com
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $relay_domains -> beaver.volunteer****.com, localhost.volunteer****.com volunteer****.com
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const TZ MAIL_CONFIG
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const subnet
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const +=
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const -=+
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const bounce
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const cleanup
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const defer
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const pickup
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const qmgr
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const rewrite
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const showq
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const error
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const flush
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const verify
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const trace
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand ${config_directory}/prng_exch -> /etc/postfix/prng_exch
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $smtpd_tls_cert_file ->
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $smtpd_tls_dcert_file ->
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost last message repeated 6 times
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $smtp_tls_cert_file ->
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $smtp_tls_dcert_file ->
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost last message repeated 3 times
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 2
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 100s
Apr 5 14:34:56 localhost last message repeated 3 times
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 3600s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 3600s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 100s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 100s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 1000s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 1000s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 10s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 10s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 1s
Apr 5 14:34:56 localhost last message repeated 3 times
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 500s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 500s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 3600s
Apr 5 14:34:56 localhost last message repeated 3 times
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 18000s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 18000s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 1s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 1s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 192.168.0.0/24, 127.0.0.0/8
Apr 5 14:34:56 localhost postfix/smtpd[3633]: inet_addr_local: configured 3 IPv4 addresses
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 450
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $myhostname ESMTP $mail_name -> beaver.volunteer****.com ESMTP Postfix
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const resource, software
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const hash:/etc/postfix/access, reject_rbl_client relays.ordb.org
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const hash:/etc/postfix/acces, reject_rhsbl_sender dsn.rfc-ignorant.org
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const permit_mynetworks, reject_unauth_destination
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost last message repeated 4 times
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const postmaster
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost last message repeated 2 times
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $virtual_maps ->
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const hash:/etc/mail/aliases
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand unix:passwd.byname $alias_maps -> unix:passwd.byname hash:/etc/mail/aliases
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const noanonymous
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const smtpd
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost last message repeated 5 times
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const CONNECT GET POST
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const <>
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const postmaster
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $authorized_verp_clients ->
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $myhostname -> beaver.volunteer****.com
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost last message repeated 2 times
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand ${smtpd_client_connection_limit_exceptions:$mynetworks} -> 192.168.0.0/24, 127.0.0.0/8
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const permit_inet_interfaces
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const
Apr 5 14:34:56 localhost last message repeated 2 times
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $smtpd_sasl_security_options -> noanonymous
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const no
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 300s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 300s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 1s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 1s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 100s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 100s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 3s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 3s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 100s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 100s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 300s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 300s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 1000s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 1000s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 300s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const 300s
Apr 5 14:34:56 localhost postfix/smtpd[3633]: process generation: 116 (116)
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: mynetworks ~? debug_peer_list
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: mynetworks ~? fast_flush_domains
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: mynetworks ~? mynetworks
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: relay_domains ~? debug_peer_list
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: relay_domains ~? fast_flush_domains
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: relay_domains ~? mynetworks
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: relay_domains ~? permit_mx_backup_networks
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: relay_domains ~? qmqpd_authorized_clients
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: relay_domains ~? relay_domains
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: permit_mx_backup_networks ~? debug_peer_list
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: permit_mx_backup_networks ~? fast_flush_domains
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: permit_mx_backup_networks ~? mynetworks
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: permit_mx_backup_networks ~? permit_mx_backup_networks
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_open: unix:passwd.byname
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_open: hash:/etc/mail/aliases
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: smtpd_access_maps ~? debug_peer_list
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: smtpd_access_maps ~? fast_flush_domains
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: smtpd_access_maps ~? mynetworks
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: smtpd_access_maps ~? permit_mx_backup_networks
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: smtpd_access_maps ~? qmqpd_authorized_clients
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: smtpd_access_maps ~? relay_domains
Apr 5 14:34:56 localhost postfix/smtpd[3633]: match_string: smtpd_access_maps ~? smtpd_access_maps
Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_open: hash:/etc/postfix/access
Apr 5 14:34:56 localhost postfix/smtpd[3633]: fatal: open database /etc/postfix/acces.db: No such file or directory
Apr 5 14:34:57 localhost postfix/master[3553]: warning: process /usr/lib/postfix/smtpd pid 3633 exit status 1
Apr 5 14:34:57 localhost postfix/master[3553]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_open: hash:/etc/postfix/access
Apr 5 14:34:56 localhost postfix/smtpd[3633]: fatal: open database /etc/postfix/acces.db: No such file or directory
Apr 5 14:34:57 localhost postfix/master[3553]: warning: process /usr/lib/postfix/smtpd pid 3633 exit status 1
Apr 5 14:34:57 localhost postfix/master[3553]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Apr 5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<carolknudsen[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)
Apr 5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<cindydanieles[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)
Apr 5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<evanielsen40[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)
Apr 5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<funnysandrak[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)
Apr 5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<habibi112[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)
Apr 5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<henrikfibigerjensen[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)
Apr 5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<ingepehmoller[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)
Apr 5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<jarne42[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)
Apr 5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<karenwesth[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)
Apr 5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<keyniel[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)
Apr 5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<line_stryhn[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)
Apr 5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<liveline2[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)
Apr 5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<lolasigvert[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)
Apr 5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<lsallow[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)
Apr 5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<me_foldager[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)
Apr 5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<mettejonas[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)
Apr 5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<mhesselholt[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)
Apr 5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<oernemo

DaveArb
Guru
Guru

Joined: 29 Apr 2004
Posts: 510
Location: Texas, USA

Posted: Wed Apr 05, 2006 5:10 pm Post subject:

That's some ugly loggage, huh?

a) This isn't your problem, but it is a problem:

Code:

Apr 5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const hash:/etc/postfix/acces, reject_rhsbl_sender dsn.rfc-ignorant.org
...
Apr 5 14:34:56 localhost postfix/smtpd[3633]: fatal: open database /etc/postfix/acces.db: No such file or directory

You have misspelled "access."

b) You can tell, and I can't: Are these hosts belonging to domains you would expect your mailserver to talk to? What I see is evidence of a mailserver that's very unhappy, but it could be that your internet connection itself is messed up. There are a ton of timeouts and lost connections. I see a very few affirmative indications that your system has had a message rejected, like:

Code:

Apr 5 14:33:27 localhost postfix/smtp[3616]: connect to fpo.mail****.com[80.160.76.237]: server refused to talk to me: 421 Service not available (port 25)

c) What I don't see (and may just be because I'm not familiar with Postfix logs, I'm a sendmail admin), is where your system receives the supposed relayed message. I think your system has a problem, and it may be a serious spam-related problem, but I don't see the indication of it actually being an open relay. Being an open relay is only one way a mailserver can be compromised, and it's a pretty unlikely one with modern software.

Do you run any formmails, or other web-accessible or similar, software on this box? My concern having seen these logs runs more to this type of bad scripting vulnerability.

Dave

Del Pede
Tux's lil' helper

Joined: 18 Aug 2005
Posts: 99

Posted: Wed Apr 05, 2006 5:38 pm Post subject:

DaveArb wrote:

That's some ugly loggage, huh?

a) This isn't your problem, but it is a problem:

Code:

Apr 5 14:33:27 localhost postfix/smtp[3616]: connect to fpo.mail****.com[80.160.76.237]: server refused to talk to me: 421 Service not available (port 25)

Indeed it is ugly.

Alot of these host i don't expect my mailserver to talk with, but my users do mail all over, and some are more privat than others. But alot of them are mindpuzzling though.
I do have ONE mailform, but it's supposed to mail to one of my users, but I'llt try and take the script down. I'll alto try and make a relay check with ordb.

I'm prettu much stranded, as far as what this problem is about right now.

The "access" misspelling I have fixed, and yes - it is not the problem ;-)

DaveArb
Guru
Guru

Joined: 29 Apr 2004
Posts: 510
Location: Texas, USA

Posted: Wed Apr 05, 2006 6:42 pm Post subject:

Del Pede wrote:

I'll alto try and make a relay check with ordb.

Good. All they do is send a series of test messages that attempt to relay through your server, using various methods. I think their results are pretty reliable, so if they say you aren't an open relay you can concentrate on other possible causes of these symptoms.

Dave

lesourbe
l33t
l33t

Joined: 24 Nov 2005
Posts: 710
Location: Champagne !

Posted: Wed Apr 05, 2006 6:59 pm Post subject:

Del Pede wrote:

The "access" misspelling I have fixed, and yes - it is not the problem ;-)

don't forget to postmap it .

_________________
Is that a banhammer ?
LeSourbe, Member of EPowerforce.

Del Pede
Tux's lil' helper

Joined: 18 Aug 2005
Posts: 99

Posted: Thu Apr 06, 2006 12:41 pm Post subject:

It seens i've solved it now

I added the following to my main.cf

Code:

smtpd_recipient_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unauth_destination, reject_unlisted_recipient, reject_rbl_client relays.ordb.org, permit

And then deleted my mail queue. Trafic is back to normal, and the logs look prettier.

Del Pede
Tux's lil' helper

Joined: 18 Aug 2005
Posts: 99

Posted: Thu Jun 01, 2006 10:40 am Post subject:

Del Pede wrote:

It seens i've solved it now

I added the following to my main.cf

Code:

And then deleted my mail queue. Trafic is back to normal, and the logs look prettier.

Everything was golden, untill i realised, i suddenly couldn't send mail over squirrelmail anymore. Whenever someone tries so send mail, this happend

Quote:

Transaction failed
Server replied: 554 Service unavailable; Sender address [peter@example.com] blocked using dsn.rfc-ignorant.org; Not supporting null originator (DSN)

magic919
Advocate

Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK

Posted: Thu Jun 01, 2006 3:14 pm Post subject:

You have a problem with one of your smtpd_x_restrictions. These generally start with permit_mynetworks. I'd say some of yours don't. So it then tries to apply your access restriction to your 'local' traffic.

Display posts from previous:

	Gentoo Forums Forum Index Networking & Security	All times are GMT
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy