Stan, just out of curiosity, in such a case as this would it be worth trying to log in to the admin port on the router and muck with the settings? Or is there a subtext of owned router in the conversation here?
Joel On Wed, Nov 16, 2011 at 7:30 PM, Olivier BATARD <obat...@gmail.com> wrote: > 2011/11/15 Stan Hoeppner <s...@hardwarefreak.com>: >> On 11/15/2011 10:07 AM, Olivier BATARD wrote: >> >>>> mynetworks = !192.168.150.254 192.168.150.0/24 >>>> >>>> The "!" excludes the address. >>> >>> Thanks that solve my problem >> >> You're welcome. Due to the NAT source address rewrite problem, the >> previous mynetworks configuration made Postfix a wide open relay. I'm >> curious, how long was this machine in production before the spammers >> found the relay hole and started abusing it? Days? Months? > > The server was fine for 5 days, after was spam festival :) > >> >>>> If you do not actually have a working IPv6 network, remove the IPv6 junk >>>> from mynetworks. If you don't have webmail running on the Postfix box, >>>> nor programs that need to inject mail into Postfix, remove the loopback >>>> address from mynetworks as well. >>> >>> Thanks for the advice. >> >> Sure thing. With Postfix it's always best to configure *only* what you >> need. Having unnecessary stuff in main.cf can cause problems and/or >> make troubleshooting more difficult. > > I'll be more careful next time :) > >> >>>> P.S. I'm shocked you still have a NAT/PAT router in 2011 that rewrites >>>> source addresses. Treat that thing like hot plutonium--replace it ASAP. >>>> >>> Yeah I was quite shocked too, so we'll replace soon as soon as the >>> client sign the bill :) >> >> Heheh. Unfortunately I know that type of client. ;) However, even this >> $20 USD router does source addressing correctly, as do just about all >> cheap consumer routers do: >> >> http://www.newegg.com/Product/Product.aspx?Item=N82E16833704016 > > Thanks for the link, I'll try to negotiate $20 with that client (not > the easiest part ;) ) > >> >>> Anyway thanks a lot. >> >> Glad I could help. Postfix and spam fighting are two of my specialties. > > I see that, dealing with expert is always useful and a pleasure :) > > Olivier > >> >> -- >> Stan >> >> >> -- >> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org >> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org >> Archive: http://lists.debian.org/4ec2b48a.5060...@hardwarefreak.com >> >> > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: > http://lists.debian.org/calvltm7bd+n0ecpl6k4vuv7h9juys4qp1n5kvrldm6nyw...@mail.gmail.com > > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAAr43iPxizT3QwQj4vahPvmU2nfy5M8O1g8f=2pgqx9v5qp...@mail.gmail.com
