[gentoo-user] Is my postfix being used as a relay?

[gentoo-user] Is my postfix being used as a relay?

[Kevin O'Gorman]

[-- Attachment #1: Type: text/plain, Size: 410 bytes --]

I get a lot of bounce messages from Postfix relating to emails
that are not actually from me, and the mail q shows lots of
stuff I don't recognize.

I'd like to know how to interpret this, and if it is called-for,
to secure this daemon a bit more. Can somebody point
me in the right direction?  I'll RTFM if it's not *too* big,
if I know the appropriate FM to R.

++ kevin

--
Kevin O'Gorman, PhD

[-- Attachment #2: Type: text/html, Size: 474 bytes --]

Re: [gentoo-user] Is my postfix being used as a relay?

[Gerhard Hoogterp]

On Thursday 16 March 2006 20:12, Kevin O'Gorman wrote:
> I get a lot of bounce messages from Postfix relating to emails
> that are not actually from me, and the mail q shows lots of
> stuff I don't recognize.
>
> I'd like to know how to interpret this, and if it is called-for,
> to secure this daemon a bit more. Can somebody point
> me in the right direction?  I'll RTFM if it's not *too* big,
> if I know the appropriate FM to R.
>

You can check if your machine is an open relay by using telnet to 
relay-test.mail-abuse.org from the machine which runs the mail. 

An other alternative is to use their webinterface 
(http://www.abuse.net/relay.html) but I have no experience with that one.

Gerhard


-- 
Ithaka photography, http://ithaka.mine.nu/
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Is my postfix being used as a relay?

[JimD]

On Thu, 16 Mar 2006 11:12:28 -0800
"Kevin O'Gorman" <kogorman@gmail.com> wrote:

> I get a lot of bounce messages from Postfix relating to emails
> that are not actually from me, and the mail q shows lots of
> stuff I don't recognize.
> 
> I'd like to know how to interpret this, and if it is called-for,
> to secure this daemon a bit more. Can somebody point
> me in the right direction?  I'll RTFM if it's not *too* big,
> if I know the appropriate FM to R.
> 
> ++ kevin
> 
> --
> Kevin O'Gorman, PhD

Try this link:
http://www.spamhelp.org/shopenrelay/

Just put in the IP and port and click the button.

Jim
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Is my postfix being used as a relay?

[Iain Buchanan]

On Thu, 2006-03-16 at 14:52 -0500, JimD wrote:
> On Thu, 16 Mar 2006 11:12:28 -0800
> "Kevin O'Gorman" <kogorman@gmail.com> wrote:
> 
> > I get a lot of bounce messages from Postfix relating to emails
> > that are not actually from me, and the mail q shows lots of
> > stuff I don't recognize.
> > 
> > I'd like to know how to interpret this, and if it is called-for,
> > to secure this daemon a bit more.
> 
> Try this link:
> http://www.spamhelp.org/shopenrelay/
> 
> Just put in the IP and port and click the button.

which automatically notifies a list of spammers that they can use your
mail server... no not really ;)

Do you have a firewall?  Should your box be accessible from outside?
You could lock it down so _no_one_ outside can access it, or you could
restrict it to certain ip's...

But I also get a few bounce messages "from me" about emails I never
wrote - once your email address is out there, spammers use it as their
from address, even if they're not using your mail server for a relay.

sucks.
-- 
Iain Buchanan <iain at netspace dot net dot au>

A pipe gives a wise man time to think and a fool something to stick in his
mouth.

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Is my postfix being used as a relay?

[Kevin O'Gorman]

[-- Attachment #1: Type: text/plain, Size: 1436 bytes --]

On 3/16/06, Iain Buchanan <iaindb@netspace.net.au> wrote:
>
> On Thu, 2006-03-16 at 14:52 -0500, JimD wrote:
> > On Thu, 16 Mar 2006 11:12:28 -0800
> > "Kevin O'Gorman" <kogorman@gmail.com> wrote:
> >
> > > I get a lot of bounce messages from Postfix relating to emails
> > > that are not actually from me, and the mail q shows lots of
> > > stuff I don't recognize.
> > >
> > > I'd like to know how to interpret this, and if it is called-for,
> > > to secure this daemon a bit more.
> >
> > Try this link:
> > http://www.spamhelp.org/shopenrelay/
> >
> > Just put in the IP and port and click the button.
>
> which automatically notifies a list of spammers that they can use your
> mail server... no not really ;)
>
> Do you have a firewall?  Should your box be accessible from outside?
> You could lock it down so _no_one_ outside can access it, or you could
> restrict it to certain ip's...
>
> But I also get a few bounce messages "from me" about emails I never
> wrote - once your email address is out there, spammers use it as their
> from address, even if they're not using your mail server for a relay.
>
> sucks.


Yes, I expose this machine's port 25 on purpose.  So I would like to make
it a good netizen.

I had done this with sendmail in previous distros, but am a neophyte with
Postfix.  Right now I want to verify if I have (or am) a problem.

++ kevin


--
Kevin O'Gorman, PhD

[-- Attachment #2: Type: text/html, Size: 1968 bytes --]

Re: [gentoo-user] Is my postfix being used as a relay?

[John Jolet]

>
> Yes, I expose this machine's port 25 on purpose.  So I would like  
> to make
> it a good netizen.
>
> I had done this with sendmail in previous distros, but am a  
> neophyte with
> Postfix.  Right now I want to verify if I have (or am) a problem.
with postfix, it will, by default ONLY accept mail for which it  
considers itself the final destination for, or destinations that are  
in relay_domains.  typically, out of the box, it will not relay mail  
for anyone, though it will accept mail for it, as resolved from the  
box's fqdn, or mydestination.

I have mine set up to also allow you to relay if you authenticate  
(using sasl, via pam...or pam via sasl, if you want to look at it  
that way).  basically that means I can send mail using this server  
from any network, as long as I set my client up to authenticate on  
send.  but you can't randomly use it as a relay.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Is my postfix being used as a relay?

[Kevin O'Gorman]

[-- Attachment #1: Type: text/plain, Size: 1070 bytes --]

On 3/16/06, Gerhard Hoogterp <gerhard@frappe.xs4all.nl> wrote:
>
> On Thursday 16 March 2006 20:12, Kevin O'Gorman wrote:
> > I get a lot of bounce messages from Postfix relating to emails
> > that are not actually from me, and the mail q shows lots of
> > stuff I don't recognize.
> >
> > I'd like to know how to interpret this, and if it is called-for,
> > to secure this daemon a bit more. Can somebody point
> > me in the right direction?  I'll RTFM if it's not *too* big,
> > if I know the appropriate FM to R.
> >
>
> You can check if your machine is an open relay by using telnet to
> relay-test.mail-abuse.org from the machine which runs the mail.
>
> An other alternative is to use their webinterface
> (http://www.abuse.net/relay.html) but I have no experience with that one.


Thanks for the links.  To my relief, they both reported all relay attempts
were blocked.  So the bounces were spammers spoofing my address
as a return, I suppose.  And there's nothing I can do to stop that.

Sigh.

++ kevin



--
Kevin O'Gorman, PhD

[-- Attachment #2: Type: text/html, Size: 1553 bytes --]

Re: [gentoo-user] Is my postfix being used as a relay?

[Kevin O'Gorman]

[-- Attachment #1: Type: text/plain, Size: 1312 bytes --]

On 3/17/06, John Jolet <john@jolet.net> wrote:
>
> >
> > Yes, I expose this machine's port 25 on purpose.  So I would like
> > to make
> > it a good netizen.
> >
> > I had done this with sendmail in previous distros, but am a
> > neophyte with
> > Postfix.  Right now I want to verify if I have (or am) a problem.
> with postfix, it will, by default ONLY accept mail for which it
> considers itself the final destination for, or destinations that are
> in relay_domains.  typically, out of the box, it will not relay mail
> for anyone, though it will accept mail for it, as resolved from the
> box's fqdn, or mydestination.
>
> I have mine set up to also allow you to relay if you authenticate
> (using sasl, via pam...or pam via sasl, if you want to look at it
> that way).  basically that means I can send mail using this server
> from any network, as long as I set my client up to authenticate on
> send.  but you can't randomly use it as a relay.
> --
> gentoo-user@gentoo.org mailing list
>
> Although it seems this host is not a relay, that does not explain the
score or so of things languishing in my mail queue attempting to
contact sites I have no knowledge of, and which do not accept
the connection.  Any hints how to explore this?

++ kevin


--
Kevin O'Gorman, PhD

[-- Attachment #2: Type: text/html, Size: 1745 bytes --]

Re: [gentoo-user] Is my postfix being used as a relay?

[Thomas T. Veldhouse]

[-- Attachment #1: Type: text/plain, Size: 448 bytes --]

Kevin O'Gorman wrote:
>
>
> Although it seems this host is not a relay, that does not explain the
> score or so of things languishing in my mail queue attempting to
> contact sites I have no knowledge of, and which do not accept
> the connection.  Any hints how to explore this?

Look through your maillogs to determine where these messages 
originated.  If they originated on your network, then it is probably a 
virus or a worm.

Tom Veldhouse



[-- Attachment #2: Type: text/html, Size: 999 bytes --]

Re: [gentoo-user] Is my postfix being used as a relay?

[Nick Rout]

If you want to see what each of the emails in your queue is take a look
in /var/spool/postifx. In that dir there are a number of subdirectories,
including one called defer and one called deferred. As I don't have
anything stuck in there I can't recall exactly which of those subdors
houses the deferred messages.

They are indexed in a further level of subdirs numbered
0,1,2,3,4,5,6,7,8,9,A,B,C,D.E,F depending on the first character of the
email's ID number (which you can see in the output of mailq). It is a
hex number. 

Does that make sense?


On Fri, 17 Mar 2006 09:41:06 -0800
Kevin O'Gorman wrote:

> On 3/17/06, John Jolet <john@jolet.net> wrote:
> >
> > >
> > > Yes, I expose this machine's port 25 on purpose.  So I would like
> > > to make
> > > it a good netizen.
> > >
> > > I had done this with sendmail in previous distros, but am a
> > > neophyte with
> > > Postfix.  Right now I want to verify if I have (or am) a problem.
> > with postfix, it will, by default ONLY accept mail for which it
> > considers itself the final destination for, or destinations that are
> > in relay_domains.  typically, out of the box, it will not relay mail
> > for anyone, though it will accept mail for it, as resolved from the
> > box's fqdn, or mydestination.
> >
> > I have mine set up to also allow you to relay if you authenticate
> > (using sasl, via pam...or pam via sasl, if you want to look at it
> > that way).  basically that means I can send mail using this server
> > from any network, as long as I set my client up to authenticate on
> > send.  but you can't randomly use it as a relay.
> > --
> > gentoo-user@gentoo.org mailing list
> >
> > Although it seems this host is not a relay, that does not explain the
> score or so of things languishing in my mail queue attempting to
> contact sites I have no knowledge of, and which do not accept
> the connection.  Any hints how to explore this?
> 
> ++ kevin
> 
> 
> --
> Kevin O'Gorman, PhD

-- 
Nick Rout <nick@rout.co.nz>

-- 
gentoo-user@gentoo.org mailing list