View Single Post
  #6  
Old 29th May 2013, 21:57
cbj4074 cbj4074 is offline
Senior Member
 
Join Date: Nov 2010
Posts: 388
Thanks: 28
Thanked 58 Times in 50 Posts
Default

I reached-out to the Postfix mailing list and one of the list's more accomplished contributors recommended strongly that I swap the order of two configuration directives, which are set "incorrectly" by default (I don't know whether by Ubuntu or by ISPConfig):

http://archives.neohapsis.com/archiv...3-05/0520.html

Quote:
I strongly suggest that you swap the order of the following
two rules in main.cf:

check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
reject_unauth_destination,

This should be:

reject_unauth_destination,
check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,

Many open relay problems are caused by having an access table
before reject_unauth_destination.
If this Postfix misconfiguration issue is, in fact, at the root of this problem, I'm surprised that others have not had similar experiences with flooded Postfix queues. I'm still not convinced that these two configuration values are the problem. Only time will tell.

I also modified my fail2ban configuration so that "relay access denied" offenders are banned (the appropriate regular expression already exists in filter.d/postfix.conf).

In jail.local, the Postfix section now reads:

Code:
[postfix]

enabled = true
ignoreip = 127.0.0.1/8
port     = smtp,ssmtp
filter   = postfix
logpath  = /var/log/mail.log
bantime  = 3600
Code:
# service fail2ban reload
I'll see how these changes affect the observed behavior and update this thread when I know more.
Reply With Quote