#1  
Old 18th March 2008, 23:27
macka601 macka601 is offline
Junior Member
 
Join Date: Nov 2007
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
Default Mailserver relay

Hi,

Trying to work out if my email server is being used in a relay style setup, as i'm getting a lot of spam that seems to have our domain name attached to the end.
or is it just that someone is spamming via another server with our domain name attached?

I telnet to our server's port 25 from outside the network and it won't let me do a mail from:crapName@ourdomain.com to a rcpt toutside@address.com (says relaying is denied which it should be). So i don't understand what is happening?

here's a snippit of what i think is the relay text in the log..

Mar 19 11:27:59 reddwarf postfix/smtpd[32255]: connect from localhost[127.0.0.1]
Mar 19 11:27:59 reddwarf postfix/smtpd[32255]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <ichtheit_1970@ourdomainname.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<temp.sot@imperial.ac.uk> to=<ichtheit_1970@ourdomainname.com> proto=ESMTP helo=<server.ourdomainname.com>
Mar 19 11:27:59 reddwarf postfix/smtpd[32258]: initializing the server-side TLS engine
Mar 19 11:27:59 reddwarf postfix/smtpd[32258]: connect from localhost[127.0.0.1]
Mar 19 11:27:59 reddwarf postfix/smtpd[32258]: 884E3168088: client=localhost[127.0.0.1]
Mar 19 11:27:59 reddwarf postfix/cleanup[32260]: 884E3168088: message-id=<20080318222759.884E3168088@server.ourdomainnam e.com>
Mar 19 11:27:59 reddwarf postfix/qmgr[29865]: 884E3168088: from=<>, size=3720, nrcpt=1 (queue active)
Mar 19 11:27:59 reddwarf postfix/smtpd[32258]: disconnect from localhost[127.0.0.1]
Mar 19 11:27:59 reddwarf postfix/smtpd[32255]: 9C325168089: client=localhost[127.0.0.1]
Mar 19 11:27:59 reddwarf postfix/cleanup[32260]: 9C325168089: message-id=<EFCF60A4595E9148A108047D78D8D664038C8E65@icex1 .ic.ac.uk>
Mar 19 11:27:59 reddwarf postfix/qmgr[29865]: 9C325168089: from=<temp.sot@imperial.ac.uk>, size=3848, nrcpt=1 (queue active)
Mar 19 11:27:59 reddwarf postfix/virtual[32265]: 9C325168089: to=<admin@ourdomainname.com>, orig_to=<user1@ourdomainname.com>, relay=virtual, delay=0.36, delays=0.31/0.02/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
Mar 19 11:27:59 reddwarf postfix/qmgr[29865]: 9C325168089: removed
Mar 19 11:27:59 reddwarf postfix/smtpd[32255]: disconnect from localhost[127.0.0.1]
Mar 19 11:27:59 reddwarf postfix/smtpd[32258]: 884E3168088: client=localhost[127.0.0.1]
Mar 19 11:27:59 reddwarf postfix/cleanup[32260]: 884E3168088: message-id=<20080318222759.884E3168088@server.ourdomainnam e.com>
Mar 19 11:27:59 reddwarf postfix/qmgr[29865]: 884E3168088: from=<>, size=3720, nrcpt=1 (queue active)
Mar 19 11:27:59 reddwarf postfix/smtpd[32258]: disconnect from localhost[127.0.0.1]
Mar 19 11:27:59 reddwarf postfix/smtpd[32255]: 9C325168089: client=localhost[127.0.0.1]
Mar 19 11:27:59 reddwarf postfix/cleanup[32260]: 9C325168089: message-id=<EFCF60A4595E9148A108047D78D8D664038C8E65@icex1 .ic.ac.uk>
Mar 19 11:27:59 reddwarf postfix/qmgr[29865]: 9C325168089: from=<temp.sot@imperial.ac.uk>, size=3848, nrcpt=1 (queue active)
Mar 19 11:27:59 reddwarf postfix/virtual[32265]: 9C325168089: to=<admin@ourdomainname.com>, orig_to=<user1@ourdomainname.com>, relay=virtual, delay=0.36, delays=0.31/0.02/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
Mar 19 11:27:59 reddwarf postfix/qmgr[29865]: 9C325168089: removed
Mar 19 11:27:59 reddwarf postfix/smtpd[32255]: disconnect from localhost[127.0.0.1]
Mar 19 11:28:05 reddwarf postfix/smtp[32264]: 884E3168088: to=<temp.sot@imperial.ac.uk>, relay=mx.cc.imperial.ac.uk[155.198.5.151]:25, delay=6.4, delays=0.11/0.02/2/4.3, dsn=2.0.0, status=sent (250 OK id=1JbkHp-0007Wl-R9)
Mar 19 11:28:05 reddwarf postfix/qmgr[29865]: 884E3168088: removed
rt if necessary)
Mar 19 11:30:02 reddwarf postfix/smtpd[32462]: initializing the server-side TLS engine
Mar 19 11:30:02 reddwarf postfix/smtpd[32462]: connect from localhost[127.0.0.1]
Mar 19 11:30:02 reddwarf postfix/smtpd[32462]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <beriesel_1963@ourdomainname.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<tobin.james@tempur.co.uk> to=<beriesel_1963@ourdomainname.com> proto=ESMTP helo=<server.ourdomainname.com>
Mar 19 11:30:02 reddwarf postfix/smtpd[32467]: initializing the server-side TLS engine
Mar 19 11:30:02 reddwarf postfix/smtpd[32467]: connect from localhost[127.0.0.1]
Mar 19 11:30:02 reddwarf postfix/smtpd[32467]: 8D51C168088: client=localhost[127.0.0.1]
Mar 19 11:30:02 reddwarf postfix/cleanup[32469]: 8D51C168088: message-id=<20080318223002.8D51C168088@server.ourdomainnam e.com>
Mar 19 11:30:02 reddwarf postfix/smtpd[32467]: disconnect from localhost[127.0.0.1]
Mar 19 11:30:02 reddwarf postfix/qmgr[29865]: 8D51C168088: from=<>, size=3272, nrcpt=1 (queue active)
Mar 19 11:30:02 reddwarf postfix/smtpd[32462]: A5057168089: client=localhost[127.0.0.1]
Mar 19 11:30:02 reddwarf postfix/cleanup[32469]: A5057168089: message-id=<9EB8E3E483867F489550CCA76FEA23BE014F30AB@tpuk-dc3.tpuk.twi.dom>
Mar 19 11:30:02 reddwarf postfix/qmgr[29865]: A5057168089: from=<tobin.james@tempur.co.uk>, size=3249, nrcpt=1 (queue active)
Mar 19 11:30:02 reddwarf postfix/virtual[32474]: A5057168089: to=<admin@ourdomainname.com>, orig_to=<user1@ourdomainname.com>, relay=virtual, delay=0.35, delays=0.31/0.02/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
Mar 19 11:30:02 reddwarf postfix/qmgr[29865]: A5057168089: removed
Mar 19 11:30:02 reddwarf postfix/smtpd[32462]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <beriesel_1963@ourdomainname.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<jacqui.stefanov@tempur.co.uk> to=<beriesel_1963@ourdomainname.com> proto=ESMTP helo=<server.ourdomainname.com>
Mar 19 11:30:02 reddwarf postfix/smtpd[32467]: connect from localhost[127.0.0.1]
Mar 19 11:30:02 reddwarf postfix/smtpd[32467]: D3B21168089: client=localhost[127.0.0.1]
Mar 19 11:30:02 reddwarf postfix/cleanup[32469]: D3B21168089: message-id=<20080318223002.D3B21168089@server.ourdomainnam e.com>
Mar 19 11:30:02 reddwarf postfix/qmgr[29865]: D3B21168089: from=<>, size=3286, nrcpt=1 (queue active)
Mar 19 11:30:02 reddwarf postfix/smtpd[32467]: disconnect from localhost[127.0.0.1]
Mar 19 11:30:02 reddwarf postfix/smtpd[32462]: EA16C16808A: client=localhost[127.0.0.1]
Mar 19 11:30:03 reddwarf postfix/cleanup[32469]: EA16C16808A: message-id=<9EB8E3E483867F489550CCA76FEA23BE011E606D@tpuk-dc3.tpuk.twi.dom>
Mar 19 11:30:03 reddwarf postfix/qmgr[29865]: EA16C16808A: from=<jacqui.stefanov@tempur.co.uk>, size=3321, nrcpt=1 (queue active)
Mar 19 11:30:03 reddwarf postfix/virtual[32474]: EA16C16808A: to=<admin@ourdomainname.com>, orig_to=<user1@ourdomainname.com>, relay=virtual, delay=0.2, delays=0.19/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Mar 19 11:30:03 reddwarf postfix/qmgr[29865]: EA16C16808A: removed
Mar 19 11:30:03 reddwarf postfix/smtpd[32462]: disconnect from localhost[127.0.0.1]
Mar 19 11:30:16 reddwarf postfix/smtp[32476]: D3B21168089: to=<jacqui.stefanov@tempur.co.uk>, relay=mail0.tempur.co.uk[83.244.135.147]:25, delay=14, delays=0.08/0.02/12/1.6, dsn=2.6.0, status=sent (250 2.6.0 <20080318223002.D3B21168089@server.ourdomainname.c om> Queued mail for delivery)
Mar 19 11:30:16 reddwarf postfix/qmgr[29865]: D3B21168089: removed
Mar 19 11:30:20 reddwarf postfix/smtp[32473]: 8D51C168088: to=<tobin.james@tempur.co.uk>, relay=mail0.tempur.co.uk[83.244.135.147]:25, delay=18, delays=0.13/0.03/17/1.3, dsn=2.6.0, status=sent (250 2.6.0 <20080318223002.8D51C168088@server.ourdomainname.c om> Queued mail for delivery)
Mar 19 11:30:20 reddwarf postfix/qmgr[29865]: 8D51C168088: removed



Grant

Last edited by macka601; 18th March 2008 at 23:38.
Reply With Quote
Sponsored Links
  #2  
Old 19th March 2008, 15:30
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,721 Times in 2,562 Posts
Default

Quote:
Originally Posted by macka601
or is it just that someone is spamming via another server with our domain name attached?
That's possible. It's a weakness of the SMTP protocol - it allows you to set whatever sender address you'd like to use, even if you don't own it.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 19th March 2008, 21:17
macka601 macka601 is offline
Junior Member
 
Join Date: Nov 2007
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Thanks Falko,
Mostly i was worried that we were being used as some sort of relay host. but i have since been able to get postfix to deny that

Will keep an eye out i guess.

Grant
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to use an external mailserver within ISPConfig? Hans General 8 3rd September 2009 19:37
Mailserver 554 Permanent Problems Message asyadiqin Server Operation 7 15th November 2007 15:09
Set Up Postfix For Relaying Emails Through Another Mailserver pcotter Installation/Configuration 1 17th July 2007 17:24
open relay check failed cruz Server Operation 1 13th May 2007 18:56
Cannot receive emails : DSN: User Unknown shiidii Installation/Configuration 24 22nd September 2006 18:05


All times are GMT +2. The time now is 17:47.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.