[TriLUG] Why the big boys block mail from dynamic IPs

Ken Mink kmtrilug at nc.rr.com
Fri Sep 19 12:33:21 EDT 2003 

Oh yeah. Before anyone can chime in about the insecurity of sending my
login and password for smtp authentication, I'm using smtps, ssl'd smtp,
not clear text.

Ken

On Fri, 2003-09-19 at 12:30, Ken Mink wrote:
> On Thu, 2003-09-18 at 13:14, Christopher L Merrill wrote:
> > Ken Mink wrote:
> > > Well, it turns out I had made a small config mistake and I
> > > was open to relaying from .nc.rr.com. Some spam bot inside nc.rr.com had
> > > found me and was pumping mail through.
> > 
> > Would you mind sharing the mistake?  I'd like to make sure I
> > haven't done the same :)
> > 
> > 
> Fair enough question. Here's the relevant config options from main.cf
> and how they related.
> 
> 1) This is the first mistake. I listed all the domains that I would be
> receiving mail for in the mydestination option. Most were coming from
> fetchmail, but I included them anyway. This wasn't strictly a mistake,
> but it wasn't necessary either.
> 
> mydestination = nc.rr.com, $myhostname, localhost.$mydomain $mydomain
> 
> 2) I relay my mail through the server via authenticated smtp. So the
> following line as added. The 'check_relay_domains' was the problem part.
> Again, not a mistake in itself, but contributed to the problem.
> 
> smtpd_recipient_restrictions =
> permit_mynetworks,permit_sasl_authenticated,check_relay_domains
> 
> 3) Here's where I really screwed up. Yes, I left relay_domains as the
> default, which is mydestination. Since I had nc.rr.com in mydestination,
> I was allowing postfix to relay for nc.rr.com; oops.
> 
> #relay_domains = $mydestination
> 
> If have changed relay_domains to be explicitly the bogus domain I set up
> for my home network.
> 
> I think that the problem is solved, but I haven't been willing to open
> iptables to find out.
> 
> I have not been contacted by RR to chew me out yet. The bot had been
> using my machine for less than 24 hours. Plus the machine is kind of
> wimpy and the bot was pouring the message through faster than the server
> could process them.
> 
> This was a good lesson learned. Too bad I had to become a spammer to
> learn it.
> 
> Ken
> 
> > 
> > -- 
> > -------------------------------------------------------------------------
> > Chris Merrill                      |  http://webperformanceinc.com
> > Web Performance Inc.               |  http://webperformancemonitoring.net
> > 
> > Website Load Testing, Stress Testing, and Performance Monitoring Software
> > -------------------------------------------------------------------------
-- 
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."--Benjamin Franklin
" 'Necessity' is the plea for every infringement of human liberty; it
is the argument of tyrants; it is the creed of slaves."--William Pitt 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030919/50b3f4e7/attachment.pgp>

More information about the TriLUG mailing list