[TriLUG] Help chasing a Postfix rabbit
Matt Flyer via TriLUG
trilug at trilug.org
Thu May 14 11:48:28 EDT 2015
What SMTP restrictions are you using?
Are you rejecting on an unknown domain, e.g. reject_unknown_recipient_domain?
If you haven't yet, check out the Postfix address verification readme for some suggestions.
Sent from my iPad
> On May 14, 2015, at 11:24 AM, Brian Henning via TriLUG <trilug at trilug.org> wrote:
>
> Hi Y'all,
>
>
>
> I've customized my logwatch scripts to include a count of relayed messages in the hopes of being able to notice if my mail server gets compromised in that way.
>
>
>
> Lately I've been seeing a handful of unexpected relays, and when I go to check maillog, I see entries like this:
>
>
>
> May 13 01:26:04 cheetah postfix/smtp[10112]: 8A3EDE0C77: to=<utcitq at pey.cheetah.dynip.com>,
>
> relay=pilot.trilug.org[69.166.135.66]:587, delay=0.83, delays=0.19/0.02/0.42/0.21, dsn=2.0.0,
>
> status=sent (250 2.0.0 Ok: queued as 3A29614A00D)
>
>
>
> The domain on "to=" is a nonexistent subdomain of my actual domain, cheetah.dynip.com. Dynip automatically provides wildcarding, so *.cheetah.dynip.com does resolve to me (which is super handy when spinning up apache named virtual hosts). Clearly postfix does not think it is local, and tries to relay it via pilot.
>
>
>
> Instead of attempting to relay these out through pilot, I'd prefer that postfix simply drop them in the bit bucket or, better, respond with 550 5.1.1 User Unknown in the hopes of causing the sender to give up.
>
>
>
> In other words, postfix should treat *.cheetah.dynip.com as a local domain. Can I just put *.$mydomain into my postfix $mydestination configuration? Will it understand the wildcard?
>
>
>
> Or is there a better way to handle this?
>
>
>
> Thanks!
>
> -Brian
> --
> This message was sent to: Matt Flyer <matt at noway2.thruhere.net>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web : http://www.trilug.org/mailman/options/trilug/matt%40noway2.thruhere.net
> Welcome to TriLUG: http://trilug.org/welcome
More information about the TriLUG
mailing list