[Postfixbuch-users] My mailserver on a virtual machine/server used as spam-relay

Peer Heinlein p.heinlein at heinlein-support.de
Sa Feb 14 14:53:00 CET 2009


Am Samstag, 14. Februar 2009 schrieb reiner otto:


> Another vulnerability, which helped the spammers, was the fact, they
> used malformed destinations, having "0.0.0.0" in the MX-record. Excerpt
> from my actual logs:
> --------------------------------------
>
> Feb 14 06:28:22 h123456 postfix/smtpd[1463]: warning: numeric domain
> name in resource data of MX record for seed.net: 0.0.0.0 Feb 14
> 06:28:22 h123456 postfix/smtpd[1463]: NOQUEUE: reject: RCPT from
> h123456.stratoserver.net[127.0.0.1]: 554 5.7.1 <dpggy1 at seed.net>: Relay
> access denied; from=<jennifer_joan at msn.com> to=<dpggy1 at seed.net>
> proto=SMTP helo=<ppp-217-77-221-14.wildpark.net> Feb 14 06:28:23
> h123456 postfix/smtpd[1463]: warning: numeric domain name in resource
> data of MX record for seed.net: 0.0.0.0
>
> ----------------------------------
>
> In case, "permit_mynetworks" would still be allowed in
> smtpd_recipient_restrictions, now my server would have sent spam.

No, your server wouldn't. Why should he do this?

0.0.0.0 ist the destination (!), not the source. 0.0.0.0 as a 
MX--estiataion has nothing to do with mynetworks.

Please show us your lofile *relaying* an e-mail not rejecting it. There 
has to be another reason. And, anyway, how should your server deliver 
that spam if the destination-MX is 0.0.0.0?

> Or any other comments ?

As always: Show me your logfile & postconf -n.

Peer





-- 
Heinlein Professional Linux Support GmbH
Linux: Akademie - Support - Hosting

http://www.heinlein-support.de

Zwangsangaben lt. §35a GmbHG:
HRB 93818 B / Amtsgericht Berlin-Charlottenburg, 
Geschäftsführer: Peer Heinlein  -- Sitz: Berlin



Mehr Informationen über die Mailingliste Postfixbuch-users