Postfix is totally fsck'd...

Alexander Dalloz alexander.dalloz at uni-bielefeld.de
Sat Jan 31 16:26:41 UTC 2004 

Am Sa, den 31.01.2004 schrieb Lorenzo Prince um 17:16:
> I am guessing this has taken place over the last couple of days.  I first saw
> that I was getting fewer messages than usual.  This was not a problem, because I
> just thought that fewer people were sending messages.  Well, the problem got
> worse.  I now stopped receiving messages through fetchmail which I know should
> come every day without fail.  Then it started taking a long time to receive my
> cron messages.  I didn't receive a message yesterday that I should have gotten in
> the afternoon, and naturally, I thought it was the server that sent it, (maybe
> something to do with this latest virus slowing down the server.  So I started
> sending test messages through the local server.  I sent about 5 tests and lost
> all of them.  I then checked the maillog
> 
> grep postfix /var/log/maillog |less
> 
> and according to the log, someone has found my postfix and is trying to use it as
> a relay to try to send hundreds or possibly thousands of messages to what looks
> like an alphabetical list of AOL users.  The problem is that Postfix seems to
> actually be relaying these messages and then picking up the bounces from AOL and
> relaying them back to the sender who has an empty from address.  I don't
> understand, however, how or why this is happening, as I have postfix configured
> to only accept local relays, and the log is saying the messages are coming from a
> remote sender.  When I do the relay test at mail-abuse.org, it tells me that my
> system appears to reject relay attempts.  I ended up having to switch my MTA to
> Sendmail, because Postfix is so backed up to the point that my system takes
> almost 5 minutes to boot, and messages delivered from local users to local users
> aren't even getting through anymore.  What can I do to solve the Postfix problem?
> What can I do to stop this relaying even though Postfix is configured not to
> relay from remote connections at all?  I started using postfix when I heard that
> sendmail had a history of insecurity.  Is this better now?  Should I just start
> using sendmail instead of Postfix?
> 
> Thanks for any help
> PRINCE

In default configuration postfix like sendmail on Fedora will not relay.
Is it possible you run apache as an open proxy?

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2149.nptl
Sirendipity 17:25:43 up 16:26, 7 users, 0.48, 0.15, 0.07 
                   [ Γνωθι σ'αυτον - gnothi seauton ]

More information about the fedora-list mailing list