[TriLUG] Help chasing a Postfix rabbit
Brian Henning via TriLUG
trilug at trilug.org
Thu May 14 11:24:32 EDT 2015
Hi Y'all,
I've customized my logwatch scripts to include a count of relayed messages in the hopes of being able to notice if my mail server gets compromised in that way.
Lately I've been seeing a handful of unexpected relays, and when I go to check maillog, I see entries like this:
May 13 01:26:04 cheetah postfix/smtp[10112]: 8A3EDE0C77: to=<utcitq at pey.cheetah.dynip.com>,
relay=pilot.trilug.org[69.166.135.66]:587, delay=0.83, delays=0.19/0.02/0.42/0.21, dsn=2.0.0,
status=sent (250 2.0.0 Ok: queued as 3A29614A00D)
The domain on "to=" is a nonexistent subdomain of my actual domain, cheetah.dynip.com. Dynip automatically provides wildcarding, so *.cheetah.dynip.com does resolve to me (which is super handy when spinning up apache named virtual hosts). Clearly postfix does not think it is local, and tries to relay it via pilot.
Instead of attempting to relay these out through pilot, I'd prefer that postfix simply drop them in the bit bucket or, better, respond with 550 5.1.1 User Unknown in the hopes of causing the sender to give up.
In other words, postfix should treat *.cheetah.dynip.com as a local domain. Can I just put *.$mydomain into my postfix $mydestination configuration? Will it understand the wildcard?
Or is there a better way to handle this?
Thanks!
-Brian
More information about the TriLUG
mailing list