Postfix is totally fsck'd...

Lorenzo Prince lorenzo at prince.homelinux.org
Sat Jan 31 16:16:05 UTC 2004 

I am guessing this has taken place over the last couple of days.  I first saw
that I was getting fewer messages than usual.  This was not a problem, because I
just thought that fewer people were sending messages.  Well, the problem got
worse.  I now stopped receiving messages through fetchmail which I know should
come every day without fail.  Then it started taking a long time to receive my
cron messages.  I didn't receive a message yesterday that I should have gotten in
the afternoon, and naturally, I thought it was the server that sent it, (maybe
something to do with this latest virus slowing down the server.  So I started
sending test messages through the local server.  I sent about 5 tests and lost
all of them.  I then checked the maillog

grep postfix /var/log/maillog |less

and according to the log, someone has found my postfix and is trying to use it as
a relay to try to send hundreds or possibly thousands of messages to what looks
like an alphabetical list of AOL users.  The problem is that Postfix seems to
actually be relaying these messages and then picking up the bounces from AOL and
relaying them back to the sender who has an empty from address.  I don't
understand, however, how or why this is happening, as I have postfix configured
to only accept local relays, and the log is saying the messages are coming from a
remote sender.  When I do the relay test at mail-abuse.org, it tells me that my
system appears to reject relay attempts.  I ended up having to switch my MTA to
Sendmail, because Postfix is so backed up to the point that my system takes
almost 5 minutes to boot, and messages delivered from local users to local users
aren't even getting through anymore.  What can I do to solve the Postfix problem?
What can I do to stop this relaying even though Postfix is configured not to
relay from remote connections at all?  I started using postfix when I heard that
sendmail had a history of insecurity.  Is this better now?  Should I just start
using sendmail instead of Postfix?

Thanks for any help
PRINCE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040131/a9b4b895/attachment-0001.sig>

More information about the fedora-list mailing list