From: Ansgar Wiechers on
On 2010-03-24 Josh Cason wrote:
> I have two problems. I built a new postfix e-mail system that worked
> great for about 1 year. Then I started getting spam that comes into
> our system as one msg and is then routed out to mutiple e-mail
> addresses like aol.com.

Check your logs to find out how those e-mails enter your system. Then
close that entry point. Postfix doesn't relay arbitrary mail by default.

> The next problem is I'm getting the to/from same users on our system.
> I found a page on how to deal with this. Real world example. But I'm
> unable to find the page to put the rules back in.

Put what rules back where?

> (below is my postfix config file)(kinda messed up abit because of what I
> used to copy it)

Please post the output of "postconf -n" instead of the contents of
main.cf, so we can see the actual configuration your Postfix is using.

Regards
Ansgar Wiechers
--
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky

From: Josh Cason on
It isn't just aol. It is any isp system that they seem to be spamming.
As I said a person connnects up. (not one of the email users). Just a
random ip number. Sometimes it is postini (we use postini), aol, etc,
etc. That sends one message in with mutiple reciepients. Then it sends
out like say 20 or 30 or 100 messages to yahoo or aol or what not.
I'll try to get a log of it. But I have to put postini in -v to get
more information and wait for it to happen again. I just don't
understand why my postfix system would allow anybody that is not in my
mysql database to route a messages. It is not suspose to. I assume I
have a configuration issue. If you look at my first post. You will see
my config file. I have concluded that this might be a known issue and
thus not talked about. But if that is the case. It is annoying that
every once in a while I have to go and unblack list myself from some
isp. Like the other day I had to request removal from verizion. They
check into my system and said everything looks great. Black list
removal approved.

Thanks,

Josh


--
This message has been scanned for viruses and
dangerous content by Mychoice, and is
believed to be clean.

From: Charles Marcus on
On 2010-03-24 7:24 PM, Josh Cason wrote:
> As I said a person connnects up. (not one of the email users). Just a
> random ip number. Sometimes it is postini (we use postini), aol, etc,
> etc. That sends one message in with mutiple reciepients. Then it sends
> out like say 20 or 30 or 100 messages to yahoo or aol or what not.

Why are you allowing $random_ip to relay mail through your server?

Or am I misunderstanding what you said?

--

Best regards,

Charles