Nekochan Net

Official Chat Channel: #nekochan // irc.nekochan.net
It is currently Wed Aug 20, 2014 10:32 am

All times are UTC - 8 hours


Forum rules


Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.



Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: postfix problem ?
Unread postPosted: Fri May 04, 2007 10:11 am 
Offline

Joined: Tue Feb 24, 2004 4:10 pm
Posts: 9545
So Postfix and Cyrus have been running a while and I'm watching the logs ... and I'm relaying some mail ! Rotten bastards. Not a lot but still, this is intolerable. I'm also getting mail to a local host that hasn't been turned on in months and never had a publically-visible host name. Originally I set Postfix up to allow relaying from addresses in the local network (had another machine that was doing its own smtp at one time) but this appears to maybe be a mistake ? From looking at the log it appears that there are some unexplained "max connection rate" hits and also some strange addresses (mailto:xy.com@ab.com , for example) trying to get through.

anyway, if you are running Postfix I would suggest not allowing relaying from your local network addresses. So far that seems to have stopped the problem. Any other suggestions willingly accepted. The logs from Postfix are not as good as Weasel logs. Sure is faster tho.

Bastard spammers :evil:


Top
 Profile  
 
 Post subject: Re: postfix problem ?
Unread postPosted: Sat May 05, 2007 9:45 am 
Offline
User avatar

Joined: Fri Jan 13, 2006 11:25 am
Posts: 304
Location: Uzes, France or Seattle, WA, USA
hamei wrote:
anyway, if you are running Postfix I would suggest not allowing relaying from your local network addresses.

You can control Postfix's idea of what your local network is, and, unless you specify addresses that aren't really on your network, it's bulletproof in my experience. Postfix (since pretty early versions) rejects relaying by default. It's posible to override this with configuration, of course.

If you continue to have trouble, join the Postfix mailing list at http://www.postfix.org. Read the membership welcome notice carefully before posting.

-Shel


Top
 Profile  
 
 Post subject: Re: postfix problem ?
Unread postPosted: Sat May 05, 2007 10:00 am 
Offline

Joined: Tue Feb 24, 2004 4:10 pm
Posts: 9545
shel wrote:
You can control Postfix's idea of what your local network is, and, unless you specify addresses that aren't really on your network, it's bulletproof in my experience. Postfix (since pretty early versions) rejects relaying by default. It's posible to override this with configuration, of course.

The problem was trying to accomodate users who are not on the local network and who do not have static IP's .... pop-before-smtp is really what I needed and now that I've kinda given up on the hokey workarounds I was using, it seems like that is actually an option via Perl. Why it isn't part of the Postfix base package is kind of a mystery to me, tho. Seems like almost everyone is travelling all over with a laptop these days. Postfix is definitely fast. Mikey likes that part !


Top
 Profile  
 
 Post subject:
Unread postPosted: Sun May 06, 2007 11:41 am 
Offline

Joined: Thu Sep 08, 2005 2:16 pm
Posts: 121
Why not simply smtp with authentication?


Top
 Profile  
 
 Post subject: Re: postfix problem ?
Unread postPosted: Mon May 07, 2007 7:48 am 
Offline
User avatar

Joined: Fri Jan 13, 2006 11:25 am
Posts: 304
Location: Uzes, France or Seattle, WA, USA
hamei wrote:
The problem was trying to accomodate users who are not on the local network and who do not have static IP's .... pop-before-smtp is really what I needed and now that I've kinda given up on the hokey workarounds I was using, it seems like that is actually an option via Perl. Why it isn't part of the Postfix base package is kind of a mystery to me, tho. Seems like almost everyone is travelling all over with a laptop these days. Postfix is definitely fast. Mikey likes that part !

Since Postfix doesn't do POP at all, Postfix's including a hack like pop-before-smtp would be pretty tough.

The real thing is to use a supported authentication method. However, they seem to be moderately difficult to implement, since they are a compile-time option with Postfix, etc. Once implemented, both on the client and the server, however, they are user-transparent.

Because I have a relatively small number of traveling users, and they are tech-savvy, I use a home-brew combination of split-horizon DNS and SSH tunnelling to provide remote access. The advantage to this method is that I can allow out-of-LAN access to a number of otherwise local services. The disadvantage is that the user has to affirmatively put his machine into "traveling" mode when he leaves the LAN, and put it back into "local" mode when he returns.

-Shel


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group