# our postfix is a open relay

## Del Pede

Having taken over, an all ready configured and installed server, yesterday I discovered a hign load of trafic. Everytime i shutdown postfix, the trafic went straight back to normal. After consulting som other people, it seemed someone was relaying mail through us.

I've looked through the config, and can't find any errors, but there are bound to be some. So I figured i'd post them here, and hope you guys, can find them, since I'm still kinda green to postfix. I've changed the names of the real domain

main.cf

```

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mail_owner = postfix

myhostname = beaver.volunteer.dk

mydomain = volunteer.dk

inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain $mydomain

local_recipient_maps = unix:passwd.byname $alias_maps

unknown_local_recipient_reject_code = 450

mynetworks_style = subnet

mynetworks = 192.168.0.0/24, 127.0.0.0/8

relay_domains = $mydestination

alias_maps = hash:/etc/mail/aliases

alias_database = hash:/etc/mail/aliases

home_mailbox = .maildir/

body_checks_size_limit = 175000

body_checks = regexp:/etc/postfix/body_checks_map

smtpd_client_restrictions = hash:/etc/postfix/access, reject_rbl_client relays.o

rdb.org

smtpd_delay_reject = no

smtpd_sender_restrictions = hash:/etc/postfix/access, reject_rhsbl_sender dsn.rf

c-ignorant.org

local_destination_concurrency_limit = 2

default_destination_concurrency_limit = 10

debug_peer_level = 2

debugger_command =

         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

         xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

manpage_directory = /usr/share/man

sample_directory = /etc/postfix/sample

readme_directory = /usr/share/doc/postfix-2.0.9

hash_queue_names = deferred, defer active bounce flush incoming

```

and

master.cf

```

smtp      inet  n       -       n       -       -       smtpd -v

pickup    fifo  n       -       n       60      1       pickup

cleanup   unix  n       -       n       -       0       cleanup

qmgr      fifo  n       -       n       300     1       qmgr

rewrite   unix  -       -       n       -       -       trivial-rewrite

bounce    unix  -       -       n       -       0       bounce

defer     unix  -       -       n       -       0       bounce

flush     unix  n       -       n       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

smtp      unix  -       -       n       -       -       smtp

relay     unix  -       -       n       -       -       smtp

showq     unix  n       -       n       -       -       showq

error     unix  -       -       n       -       -       error

local     unix  -       n       n       -       -       local

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       n       -       -       lmtp

maildrop  unix  -       n       n       -       -       pipe

  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

old-cyrus unix  -       n       n       -       -       pipe

  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}

cyrus     unix  -       n       n       -       -       pipe

  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}

uucp      unix  -       n       n       -       -       pipe

  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

ifmail    unix  -       n       n       -       -       pipe

  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

bsmtp     unix  -       n       n       -       -       pipe

  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

```

Thanks in advance for any help

Sincerly

Del PedeLast edited by Del Pede on Wed Apr 05, 2006 3:40 pm; edited 1 time in total

----------

## lesourbe

please use 

```
cat your_file | grep -v ^#
```

when posting conf files.

```
mynetworks = 192.168.0.0/55, 127.0.0.0/8
```

/55 is wrong here.

I don't know if it's the source of your problem though.

It should be more likely /24

If you don't knwo how to figure what /xx you should put, take a look at this :

http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing

----------

## Del Pede

 *lesourbe wrote:*   

> 
> 
> /55 is wrong here.
> 
> I don't know if it's the source of your problem though.
> ...

 

I thought, that it was the range op  IP's allowed. Our DHCP gives IP from a wider range, than 0/24. Thought it was a problem before. 

The cat trick is duly noted, thanks

----------

## lesourbe

 *Del Pede wrote:*   

>  *lesourbe wrote:*   
> 
> /55 is wrong here.
> 
> I don't know if it's the source of your problem though.
> ...

 

/24 = 255.255.255.0

on a 192.168.0.0 network that mean than all 192.168.0.X are part of that network.

255.255.255.0 in binary is 24 1 and 8 0 (111111111...(24 times) 00000000 )

/xx cannot be > 32  (255.255.255.255)

If /24 is not tight enough for you, I recommend you go through some binary calculation and adjust the mask accordingly.

----------

## Del Pede

 *lesourbe wrote:*   

>  *Del Pede wrote:*    *lesourbe wrote:*   
> 
> /55 is wrong here.
> 
> I don't know if it's the source of your problem though.
> ...

 

Yes i read upon it, and it seems i where wrong about that. 0/24 DOESN'T match our host mask. our's are 255.0.0.0, but the WAN is 255.255.255.0 - could that be our problem?

----------

## lesourbe

 *Del Pede wrote:*   

>  *lesourbe wrote:*    *Del Pede wrote:*    *lesourbe wrote:*   
> 
> /55 is wrong here.
> 
> I don't know if it's the source of your problem though.
> ...

 

if your mask is truly 255.0.0.0 (it means that you have in your LAN IPs like 192.X.X.X) you got a problem.

LAN reserved IP are 192.168.X.X

every single adress in 192.Y with that Y different from 168 is a WAN adress.

look at that : http://www.jpsdomain.org/networking/nat.html for private IP range.

----------

## ASID

Maybe you'll find these links usefull:

http://www.ordb.org/faq/#usage_postfix

http://www.postfix.org/uce.html

----------

## Del Pede

 *lesourbe wrote:*   

> 
> 
> if your mask is truly 255.0.0.0 (it means that you have in your LAN IPs like 192.X.X.X) you got a problem.
> 
> LAN reserved IP are 192.168.X.X
> ...

 

Okay, i'm a bit unsure now.

The server also functions as a gateway, with to nic's - eht0 and eth1

eth0 point to wan, and eth1 to lan

eth0 inet addr:10.0.0.2  Bcast:10.0.0.255  Mask:255.0.0.0

eth1 inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0

So it might be configured properly then after all

----------

## lesourbe

 *Del Pede wrote:*   

> 
> 
> Okay, i'm a bit unsure now.
> 
> The server also functions as a gateway, with to nic's - eht0 and eth1
> ...

 

so your LAN is 192.168.0.0/24

you must have a modem behind your server (as 10.0.0.2 is a LAN adress) but the mask is wide ...

You should not bother though (if you really only have a modem behind your server box)

----------

## Del Pede

 *lesourbe wrote:*   

>  *Del Pede wrote:*   
> 
> Okay, i'm a bit unsure now.
> 
> The server also functions as a gateway, with to nic's - eht0 and eth1
> ...

 

eth0 connection to WAN goes through a router, but all trafic, is routed to eth0. The router is 10.0.0.1

Yes - the LAn would be 192.168.0.0/24

----------

## Del Pede

 *ASID wrote:*   

> Maybe you'll find these links usefull:
> 
> http://www.ordb.org/faq/#usage_postfix
> 
> http://www.postfix.org/uce.html

 

Thanks. I read the documents, and i added the following to my main.cf

smtpd_client_restrictions = hash:/etc/postfix/access, reject_rbl_client relays.ordb.org 

smtpd_sender_restrictions = hash:/etc/postfix/access, reject_rhsbl_sender dsn.rfc-ignorant.org

But still it seems i'm open.

----------

## lesourbe

 *Del Pede wrote:*   

>  *ASID wrote:*   Maybe you'll find these links usefull:
> 
> http://www.ordb.org/faq/#usage_postfix
> 
> http://www.postfix.org/uce.html 
> ...

 

can you post a part of the log showing the evidence you're open ?

----------

## Del Pede

 *lesourbe wrote:*   

>  *Del Pede wrote:*    *ASID wrote:*   Maybe you'll find these links usefull:
> 
> http://www.ordb.org/faq/#usage_postfix
> 
> http://www.postfix.org/uce.html 
> ...

 

Actually I'm basing it on what trafshow tells me, when postfix is running. Here is a piece of that

http://users.cybercity.dk/~dsl62117/trafshow.txt

Alot of smtp trafic, which slows down our entire net. Also i tested to see if one could use the smtp service from outside the house, and I could. I was able to send mail through our server from home, from an adresse that is not affiliated with our domain, to another adress which also is not affiliated with our domain. 

I've been looking through the logs, I don't really know what too look for

----------

## ASID

I would suggest that you test here http://www.ordb.org/submit/ if it's an open relay. You might have a high smtp traffic because of a bad configuration.

----------

## lesourbe

did you reload or restart postfix after every change to main.cf / master.cf ?

----------

## Del Pede

 *lesourbe wrote:*   

> did you reload or restart postfix after every change to main.cf / master.cf ?

 

yes. I have to stop postfix too work at all, since it kills the connection. At the moment I'm ssh'ing from outside of the house

----------

## DaveArb

 *ASID wrote:*   

> I would suggest that you test here http://www.ordb.org/submit/ if it's an open relay. You might have a high smtp traffic because of a bad configuration.

 

I agree. Note that if you are an open relay, this WILL GET YOU added to the ORDB list. That's not so bad though, because when you've fixed it, the list is easy to get back off of.

It also would be helpful if you edited the original post to show the configs filtered through `grep -v` as mentioned by lesourbe. It's near impossible to find the actual configuration through the Postfix usage manual you've posted.  :Wink: 

Last, some actual mail log entries would be better than the trafshow listing. I (hopefully) can't be the only one who is familiar with mailservers but not with trafshow, and it's missing timestamps anyway. I couldn't tell if you're relaying or not from it, but could from the logs.

Dave

----------

## Del Pede

 *DaveArb wrote:*   

> 
> 
> It also would be helpful if you edited the original post to show the configs filtered through `grep -v` as mentioned by lesourbe. It's near impossible to find the actual configuration through the Postfix usage manual you've posted. 
> 
> Last, some actual mail log entries would be better than the trafshow listing. I (hopefully) can't be the only one who is familiar with mailservers but not with trafshow, and it's missing timestamps anyway. I couldn't tell if you're relaying or not from it, but could from the logs.
> ...

 

Done, and i got some of the mail logs. It's quit large, and bit of hard for me to find it's way around, but here goes. I've edited the log a bit, so that a lot of mail adresses won't be floating around more than they are

```
Apr  5 13:01:06 localhost postfix/smtp[3059]: connect to drc****.com[130.227.13.2]: Connection timed out (port 25)

Apr  5 13:01:09 localhost postfix/smtp[3111]: D276ABC69B: lost connection with mx2.mail.yahoo.com[4.79.181.135] while sending MAIL FROM

Apr  5 13:01:20 localhost postfix/smtp[3083]: D276ABC69B: to=<psykinfo[at]nethotel****.com>, relay=antispam.nethotel****.com[194.239.202.50], delay=91001, status=deferred (lost connection with antispam.nethotel****.com[194.239.202.50] while sending message body)

Apr  5 13:01:48 localhost postfix/postfix-script: stopping the Postfix mail system

Apr  5 13:01:48 localhost postfix/master[3035]: terminating on signal 15

Apr  5 13:25:19 localhost imapd: DISCONNECTED, user=katja, ip=[::ffff:192.168.0.16], headers=0, body=680, time=11306

Apr  5 14:16:44 localhost imapd: Connection, ip=[::ffff:192.168.0.13]

Apr  5 14:16:45 localhost imapd: LOGIN, user=morten, ip=[::ffff:192.168.0.13], protocol=IMAP

Apr  5 14:16:49 localhost imapd: DISCONNECTED, user=morten, ip=[::ffff:192.168.0.13], headers=0, body=0, time=4

Apr  5 14:18:22 localhost imapd: DISCONNECTED, user=winnie, ip=[::ffff:192.168.0.23], headers=2336, body=1229874, time=22031

Apr  5 14:32:53 localhost postfix/postfix-script: starting the Postfix mail system

Apr  5 14:32:53 localhost postfix/master[3553]: daemon started -- version 2.2.5, configuration /etc/postfix

Apr  5 14:32:53 localhost postfix/qmgr[3555]: C5E532D2416: from=<morten[at]volunteer****.com>, size=1201004, nrcpt=1 (queue active)

Apr  5 14:32:53 localhost postfix/qmgr[3555]: 8B51E2F8542: from=<knud[at]beaver.volunteer****.com>, size=1744, nrcpt=1 (queue active)

Apr  5 14:32:53 localhost postfix/qmgr[3555]: D276ABC69B: from=<morten[at]volunteer****.com>, size=1200857, nrcpt=194 (queue active)

Apr  5 14:32:53 localhost postfix/smtp[3558]: connect to bounce.dtf.se[80.166.99.254]: Connection refused (port 25)

Apr  5 14:32:53 localhost postfix/smtp[3558]: 8B51E2F8542: to=<mailrobot[at]bounce.dtf.se>, relay=none, delay=87270, status=deferred (connect to bounce.dtf.se[80.166.99.254]: Connection refused)

Apr  5 14:32:56 localhost postfix/smtp[3585]: connect to mail.mbrevision****.com[129.142.226.88]: Connection refused (port 25)

Apr  5 14:33:03 localhost postfix/smtp[3623]: D276ABC69B: host mx03.stofanet****.com[212.10.10.13] said: 452 Try this address in the next batch, please (in reply to RCPT TO command)

Apr  5 14:33:03 localhost last message repeated 6 times

Apr  5 14:33:03 localhost postfix/smtp[3584]: D276ABC69B: to=<kontakt[at]hiv-nettet****.com>, relay=none, delay=96504, status=deferred (Host or domain name not found. Name service error for name=hiv-nettet****.com type=MX: Host not found, try again)

Apr  5 14:33:23 localhost postfix/smtp[3565]: connect to mail.akbu****.com[80.196.101.131]: Connection timed out (port 25)

Apr  5 14:33:24 localhost postfix/smtp[3578]: connect to drc****.com[130.227.13.2]: Connection timed out (port 25)

Apr  5 14:33:27 localhost postfix/smtp[3616]: connect to fpo.mail****.com[80.160.76.237]: server refused to talk to me: 421 Service not available   (port 25)

Apr  5 14:33:27 localhost postfix/smtp[3616]: D276ABC69B: to=<renita[at]post10.tele****.com>, relay=none, delay=96528, status=deferred (connect to fpo.mail****.com[80.160.76.237]: server refused to talk to me: 421 Service not available  )

Apr  5 14:33:36 localhost postfix/smtp[3557]: C5E532D2416: lost connection with mx2.mail.yahoo.com[4.79.181.134] while sending message body

Apr  5 14:33:41 localhost postfix/smtp[3588]: D276ABC69B: lost connection with mx3.****.com[65.54.245.72] while sending message body

Apr  5 14:33:47 localhost postfix/smtp[3618]: connect to mail.pullich****.com[80.196.101.132]: Connection timed out (port 25)

Apr  5 14:33:48 localhost postfix/smtp[3601]: D276ABC69B: lost connection with mx4.****.com[65.54.244.104] while sending message body

Apr  5 14:33:36 localhost postfix/smtp[3557]: C5E532D2416: lost connection with mx2.mail.yahoo.com[4.79.181.134] while sending message body

Apr  5 14:33:41 localhost postfix/smtp[3588]: D276ABC69B: lost connection with mx3.****.com[65.54.245.72] while sending message body

Apr  5 14:33:47 localhost postfix/smtp[3618]: connect to mail.pullich****.com[80.196.101.132]: Connection timed out (port 25)

Apr  5 14:33:48 localhost postfix/smtp[3601]: D276ABC69B: lost connection with mx4.****.com[65.54.244.104] while sending message body

Apr  5 14:34:06 localhost postfix/smtp[3557]: connect to mx3.mail.yahoo.com[4.79.181.12]: Connection timed out (port 25)

Apr  5 14:34:16 localhost postfix/smtp[3558]: D276ABC69B: to=<fr[at]aub.aau****.com>, relay=barracuda.aub.aau****.com[130.225.53.23], delay=96577, status=deferred (lost connection with barracuda.aub.aau****.com[130.225.53.23] while sending message body)

Apr  5 14:34:18 localhost postfix/smtp[3601]: connect to mx3.****.com[64.4.50.179]: Connection timed out (port 25)

Apr  5 14:34:37 localhost postfix/smtp[3602]: D276ABC69B: to=<psykinfo[at]nethotel****.com>, relay=antispam.nethotel****.com[194.239.202.50], delay=96598, status=deferred (lost connection with antispam.nethotel****.com[194.239.202.50] while sending message body)

Apr  5 14:34:48 localhost postfix/smtp[3601]: connect to mx2.****.com[65.54.245.40]: server dropped connection without sending the initial SMTP greeting (port 25)

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  mail

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  ipv4

Apr  5 14:34:56 localhost postfix/smtpd[3633]: name_mask: ipv4

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  beaver.volunteer****.com

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  volunteer****.com

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  Postfix

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  postfix

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  postfix

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  postdrop

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $myhostname, localhost.$mydomain $mydomain -> beaver.volunteer****.com, localhost.volunteer****.com volunteer****.com

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $myhostname -> beaver.volunteer****.com

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  /usr/lib/postfix

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  /usr/sbin

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  /var/spool/postfix

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  pid

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  all

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  double-bounce

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  nobody

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  hash:/etc/mail/aliases

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  20050719

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  2.2.5

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  hash

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  deferred, defer active bounce flush incoming

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $mydestination -> beaver.volunteer****.com, localhost.volunteer****.com volunteer****.com

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $relay_domains -> beaver.volunteer****.com, localhost.volunteer****.com volunteer****.com

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  TZ MAIL_CONFIG

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  subnet

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  +=

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  -=+

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  bounce

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  cleanup

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  defer

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  pickup

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  qmgr

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  rewrite

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  showq

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  error

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  flush

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  verify

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  trace

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand ${config_directory}/prng_exch -> /etc/postfix/prng_exch

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $smtpd_tls_cert_file ->

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $smtpd_tls_dcert_file ->

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost last message repeated 6 times

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $smtp_tls_cert_file ->

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $smtp_tls_dcert_file ->

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost last message repeated 3 times

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  2

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  100s

Apr  5 14:34:56 localhost last message repeated 3 times

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  3600s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  3600s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  100s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  100s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  1000s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  1000s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  10s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  10s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  1s

Apr  5 14:34:56 localhost last message repeated 3 times

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  500s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  500s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  3600s

Apr  5 14:34:56 localhost last message repeated 3 times

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  18000s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  18000s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  1s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  1s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  192.168.0.0/24, 127.0.0.0/8

Apr  5 14:34:56 localhost postfix/smtpd[3633]: inet_addr_local: configured 3 IPv4 addresses

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  450

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $myhostname ESMTP $mail_name -> beaver.volunteer****.com ESMTP Postfix

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  resource, software

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  hash:/etc/postfix/access, reject_rbl_client relays.ordb.org

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  hash:/etc/postfix/acces, reject_rhsbl_sender dsn.rfc-ignorant.org

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  permit_mynetworks, reject_unauth_destination

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost last message repeated 4 times

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  postmaster

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost last message repeated 2 times

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $virtual_maps ->

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  hash:/etc/mail/aliases

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand unix:passwd.byname $alias_maps -> unix:passwd.byname hash:/etc/mail/aliases

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  noanonymous

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  smtpd

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost last message repeated 5 times

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  CONNECT GET POST

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  <>

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  postmaster

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $authorized_verp_clients ->

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $myhostname -> beaver.volunteer****.com

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost last message repeated 2 times

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand ${smtpd_client_connection_limit_exceptions:$mynetworks} -> 192.168.0.0/24, 127.0.0.0/8

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  permit_inet_interfaces

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const

Apr  5 14:34:56 localhost last message repeated 2 times

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: expand $smtpd_sasl_security_options -> noanonymous

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  no

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  300s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  300s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  1s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  1s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  100s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  100s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  3s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  3s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  100s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  100s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  300s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  300s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  1000s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  1000s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  300s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  300s

Apr  5 14:34:56 localhost postfix/smtpd[3633]: process generation: 116 (116)

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: mynetworks ~? debug_peer_list

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: mynetworks ~? fast_flush_domains

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: mynetworks ~? mynetworks

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: relay_domains ~? debug_peer_list

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: relay_domains ~? fast_flush_domains

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: relay_domains ~? mynetworks

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: relay_domains ~? permit_mx_backup_networks

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: relay_domains ~? qmqpd_authorized_clients

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: relay_domains ~? relay_domains

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: permit_mx_backup_networks ~? debug_peer_list

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: permit_mx_backup_networks ~? fast_flush_domains

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: permit_mx_backup_networks ~? mynetworks

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: permit_mx_backup_networks ~? permit_mx_backup_networks

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_open: unix:passwd.byname

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_open: hash:/etc/mail/aliases

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: smtpd_access_maps ~? debug_peer_list

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: smtpd_access_maps ~? fast_flush_domains

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: smtpd_access_maps ~? mynetworks

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: smtpd_access_maps ~? permit_mx_backup_networks

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: smtpd_access_maps ~? qmqpd_authorized_clients

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: smtpd_access_maps ~? relay_domains

Apr  5 14:34:56 localhost postfix/smtpd[3633]: match_string: smtpd_access_maps ~? smtpd_access_maps

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_open: hash:/etc/postfix/access

Apr  5 14:34:56 localhost postfix/smtpd[3633]: fatal: open database /etc/postfix/acces.db: No such file or directory

Apr  5 14:34:57 localhost postfix/master[3553]: warning: process /usr/lib/postfix/smtpd pid 3633 exit status 1

Apr  5 14:34:57 localhost postfix/master[3553]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_open: hash:/etc/postfix/access

Apr  5 14:34:56 localhost postfix/smtpd[3633]: fatal: open database /etc/postfix/acces.db: No such file or directory

Apr  5 14:34:57 localhost postfix/master[3553]: warning: process /usr/lib/postfix/smtpd pid 3633 exit status 1

Apr  5 14:34:57 localhost postfix/master[3553]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

Apr  5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<carolknudsen[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)

Apr  5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<cindydanieles[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)

Apr  5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<evanielsen40[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)

Apr  5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<funnysandrak[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)

Apr  5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<habibi112[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)

Apr  5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<henrikfibigerjensen[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)

Apr  5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<ingepehmoller[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)

Apr  5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<jarne42[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)

Apr  5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<karenwesth[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)

Apr  5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<keyniel[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)

Apr  5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<line_stryhn[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)

Apr  5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<liveline2[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)

Apr  5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<lolasigvert[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)

Apr  5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<lsallow[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)

Apr  5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<me_foldager[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)

Apr  5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<mettejonas[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)

Apr  5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<mhesselholt[at]****.com>, relay=mx4.****.com[65.54.244.104], delay=96653, status=deferred (lost connection with mx4.****.com[65.54.244.104] while sending message body)

Apr  5 14:35:32 localhost postfix/smtp[3588]: D276ABC69B: to=<oernemo

```

----------

## DaveArb

That's some ugly loggage, huh?

a) This isn't your problem, but it is a problem:

```
Apr  5 14:34:56 localhost postfix/smtpd[3633]: dict_eval: const  hash:/etc/postfix/acces, reject_rhsbl_sender dsn.rfc-ignorant.org

...

Apr  5 14:34:56 localhost postfix/smtpd[3633]: fatal: open database /etc/postfix/acces.db: No such file or directory 
```

You have misspelled "access."

b) You can tell, and I can't: Are these hosts belonging to domains you would expect your mailserver to talk to? What I see is evidence of a mailserver that's very unhappy, but it could be that your internet connection itself is messed up. There are a ton of timeouts and lost connections. I see a very few affirmative indications that your system has had a message rejected, like:

```
Apr  5 14:33:27 localhost postfix/smtp[3616]: connect to fpo.mail****.com[80.160.76.237]: server refused to talk to me: 421 Service not available   (port 25)
```

c) What I don't see (and may just be because I'm not familiar with Postfix logs, I'm a sendmail admin), is where your system receives the supposed relayed message. I think your system has a problem, and it may be a serious spam-related problem, but I don't see the indication of it actually being an open relay. Being an open relay is only one way a mailserver can be compromised, and it's a pretty unlikely one with modern software.

Do you run any formmails, or other web-accessible or similar, software on this box? My concern having seen these logs runs more to this type of bad scripting vulnerability.

Dave

----------

## Del Pede

 *DaveArb wrote:*   

> That's some ugly loggage, huh?
> 
> a) This isn't your problem, but it is a problem:
> 
> ```
> ...

 

Indeed it is ugly.

Alot of these host i don't expect my mailserver to talk with, but my users do mail all over, and some are more privat than others. But alot of them are mindpuzzling though.

I do have ONE mailform, but it's supposed to mail to one of my users, but I'llt try and take the script down. I'll alto try and make a relay check with ordb.

I'm prettu much stranded, as far as what this problem is about right now.

The "access" misspelling I have fixed, and yes - it is not the problem  :Wink: 

----------

## DaveArb

 *Del Pede wrote:*   

> I'll alto try and make a relay check with ordb.

 

Good. All they do is send a series of test messages that attempt to relay through your server, using various methods. I think their results are pretty reliable, so if they say you aren't an open relay you can concentrate on other possible causes of these symptoms.

Dave

----------

## lesourbe

 *Del Pede wrote:*   

> The "access" misspelling I have fixed, and yes - it is not the problem 

 

don't forget to postmap it .  :Smile: 

----------

## Del Pede

It seens i've solved it now

I added the following to my main.cf

```

smtpd_recipient_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, 

reject_unauth_destination, reject_unlisted_recipient, reject_rbl_client relays.ordb.org, permit

```

And then deleted my mail queue. Trafic is back to normal, and the logs look prettier.

----------

## Del Pede

 *Del Pede wrote:*   

> It seens i've solved it now
> 
> I added the following to my main.cf
> 
> ```
> ...

 

Everything was golden, untill i realised, i suddenly couldn't send mail over squirrelmail anymore. Whenever someone tries so send mail, this happend

 *Quote:*   

> 
> 
> Transaction failed
> 
> Server replied: 554 Service unavailable; Sender address [peter@example.com] blocked using dsn.rfc-ignorant.org; Not supporting null originator (DSN)
> ...

 

----------

## magic919

You have a problem with one of your smtpd_x_restrictions.  These generally start with permit_mynetworks.  I'd say some of yours don't.  So it then tries to apply your access restriction to your 'local' traffic.

----------

