[TriLUG] Why the big boys block mail from dynamic IPs

Ken Mink kmtrilug at nc.rr.com
Fri Sep 19 12:30:37 EDT 2003


On Thu, 2003-09-18 at 13:14, Christopher L Merrill wrote:
> Ken Mink wrote:
> > Well, it turns out I had made a small config mistake and I
> > was open to relaying from .nc.rr.com. Some spam bot inside nc.rr.com had
> > found me and was pumping mail through.
> 
> Would you mind sharing the mistake?  I'd like to make sure I
> haven't done the same :)
> 
> 
Fair enough question. Here's the relevant config options from main.cf
and how they related.

1) This is the first mistake. I listed all the domains that I would be
receiving mail for in the mydestination option. Most were coming from
fetchmail, but I included them anyway. This wasn't strictly a mistake,
but it wasn't necessary either.

mydestination = nc.rr.com, $myhostname, localhost.$mydomain $mydomain

2) I relay my mail through the server via authenticated smtp. So the
following line as added. The 'check_relay_domains' was the problem part.
Again, not a mistake in itself, but contributed to the problem.

smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,check_relay_domains

3) Here's where I really screwed up. Yes, I left relay_domains as the
default, which is mydestination. Since I had nc.rr.com in mydestination,
I was allowing postfix to relay for nc.rr.com; oops.

#relay_domains = $mydestination

If have changed relay_domains to be explicitly the bogus domain I set up
for my home network.

I think that the problem is solved, but I haven't been willing to open
iptables to find out.

I have not been contacted by RR to chew me out yet. The bot had been
using my machine for less than 24 hours. Plus the machine is kind of
wimpy and the bot was pouring the message through faster than the server
could process them.

This was a good lesson learned. Too bad I had to become a spammer to
learn it.

Ken

> 
> -- 
> -------------------------------------------------------------------------
> Chris Merrill                      |  http://webperformanceinc.com
> Web Performance Inc.               |  http://webperformancemonitoring.net
> 
> Website Load Testing, Stress Testing, and Performance Monitoring Software
> -------------------------------------------------------------------------
-- 
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."--Benjamin Franklin
" 'Necessity' is the plea for every infringement of human liberty; it
is the argument of tyrants; it is the creed of slaves."--William Pitt 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030919/4aa2006a/attachment.pgp>


More information about the TriLUG mailing list