On 11/15/2011 01:20 AM, Kevin Ross wrote:
On 11/15/2011 12:41 AM, Olivier BATARD wrote:
HI,
I'm a little in double because my postfix server is used to send an
huge amount of spam, generating huge logs like that :
postfix/error[2120]: 993AE145D: to=<xbee...@yahoo.com.tw>, relay=none,
delay=101, delays=100/0.07/0/0.31, dsn=4.7.0, status=deferred
(delivery temporarily suspended: host
mx1.mail.tw.yahoo.com[203.188.197.119] refused to talk to me: 421
4.7.0 [TS01] Messages from 62.161.100.158 temporarily deferred due to
user complaints - 4.16.55.1; see
http://postmaster.yahoo.com/421-ts01.html)
I'm running squeeze, my account are secured with strong password, town
can I stop that ?
thanks,
Some log entries from when the message was submitted from the spammer
into your mail system would be more useful, instead of the log entries
from when your mail server then tried to deliver it.
Is it possible you have an account on your system with an easy to
guess (or empty) password? Look in your system log for when the
connection came in from the spammer, and see if it shows they actually
authenticated with your server. It will look something like this:
Nov 15 00:50:09 xxx postfix/smtpd[9910]: connect from xx.xx.xx.xx
Nov 15 00:50:10 xxx postfix/smtpd[9910]: 8513115A13:
client=xx.xx.xx.xx, sasl_method=PLAIN, sasl_username=kevin
Followed by some lines detailing the specifics of the message that was
submitted to your mail server for delivery. If they authenticated,
then you need to change the password for that user (or disable the
user). If they didn't authenticate, then you're an open relay
(doesn't seem likely, looking at your main.cf).
Hope this helps!
-- Kevin
Actually, looking more closely at your main.cf, it looks like you have
authentication disabled for incoming connections, meaning it will only
forward email for clients connected from the local network (*any* mail
submitted from the local network). So is it possible there is some
proxy service running on your network where the spam could be coming
from? An unsecured wi-fi router on your network? A webmail server,
with an easy to guess password on a user account?
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ec23128.4060...@familyross.net
