scottmusician |
10-28-2011 03:46 AM |
understanding /var/log/maillog
Hi everyone,
After developing my mail server for weeks, I finally redirected the DNS Servers to take it 'live' for a few hours of last week. The box runs dovecot/MailScanner/SpamAssassin/SASL/SSL/PostGrey and SquirrelMail , and is based on CentOS 5.6.
After a couple of hours online, I noticed some strange things happening in my MailLog, so I pulled the system offline to take a look. That said, in spite of reverting my DNS changes, I did leave my server 'online' (ie. not firewalled, publically viewable IP address) unwittingly for a few more days - reapplying the firewall just didn't cross my mind!)
Anyway, here are some examples of the /var/log/maillog entries. To me, it looks like I've been inadvertedly running as a realy for a short while - is this correct? If so, how can I improve my /etc/postfix/main.cf to cut this out? (the important bits of this file are posted below too).
example maillog output:
Code:
Oct 26 16:05:35 mail update.virus.scanners: Running autoupdate for generic
Oct 26 16:58:42 mail postfix/smtpd[29761]: warning: 91.99.119.156: hostname 91.99.119.156.parsonline.net verification failed: Name or service not known
Oct 26 16:58:42 mail postfix/smtpd[29761]: connect from unknown[91.99.119.156]
Oct 26 16:58:44 mail postgrey[3934]: action=pass, reason=recipient whitelist, client_name=unknown, client_address=91.99.119.156, sender=patxi.ryrie@nrcan.gc.ca, recipient=info@mydomain.com
Oct 26 16:58:44 mail postgrey[3934]: cleaning up old logs...
Oct 26 16:58:44 mail postfix/smtpd[29761]: C9F05E26AF: client=unknown[91.99.119.156]
Oct 26 16:58:46 mail postfix/cleanup[29784]: C9F05E26AF: hold: header Received: from sjctef.com (unknown [91.99.119.156])??by mailserver.mydomain.com (Postfix) with ESMTP id C9F05E26AF??for <info@mydomain.com>; Wed, 26 Oct 2011 16:58:44 +1100 (EST) from unknown[91.99.119.156]; from=<patxi.ryrie@nrcan.gc.ca> to=<info@mydomain.com> proto=ESMTP helo=<sjctef.com>
Oct 26 16:58:46 mail postfix/cleanup[29784]: C9F05E26AF: message-id=<000e01cc51a2$8ed86580$9c77635b@nrcan.gc.ca>
Oct 26 16:58:47 mail postfix/smtpd[29761]: disconnect from unknown[91.99.119.156]
Oct 26 16:58:48 mail MailScanner[9105]: New Batch: Scanning 1 messages, 1767 bytes
and then:
Code:
Oct 26 17:02:07 mail postfix/anvil[29764]: statistics: max connection rate 1/60s for (smtp:91.99.119.156) at Oct 26 16:58:42
Oct 26 17:02:07 mail postfix/anvil[29764]: statistics: max connection count 1 for (smtp:91.99.119.156) at Oct 26 16:58:42
Oct 26 17:02:07 mail postfix/anvil[29764]: statistics: max cache size 1 at Oct 26 16:58:42
bottom part of /etc/postfix/main.cf:
Code:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
#smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_recipient
#check_policy_service unix:postgrey/socket
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
check_policy_service unix:postgrey/socket
broken_sasl_auth_clients = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_cert_file = /path/to/mydomain.crt
smtpd_tls_key_file = /path/to/mydomain.key
smptd_tls_chain_file = /path/to/gd_bundle.crt
tls_random_source = dev:/dev/urandom
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
|