Open relay?

Andrew J. Kopciuch akopciuch at bddf.ca
Mon Mar 6 16:16:46 CET 2006


> I could find the records about this queue, but how can I find local user?
> For example the spam header is:
> Received: from localhost (localhost [127.0.0.1])
>         by mx.xxx.ru (Postfix) with ESMTP id 49C671BD951;
>         Mon,  6 Mar 2006 04:56:26 +0300 (MSK)
>
> And the record in the Postfix log:
> Mar 06 11:16:26 mx <info> postfix/qmgr[2177]: 49C671BD951: from
> <info at turtleback.net>, size=3834, nrcpt=37 (queue active)
>
> IP-????
>

That's the qmgr entry.  If you look a few lines above that in the logs, and 
find a postfix/smtpd entry with the same ID (49C671BD951), then that will 
tell you what you are looking for.

looks something like :

Mar 06 11:16:26 mx <info> postfix/smtpd[23016]: 49C671BD951: 
client=unknown[192.168.123.123], sasl_method=LOGIN, 
sasl_username=user at domain.com

that will tell you the IP connected from, and the credentials using to 
authenticate to the server.



Andy




More information about the users mailing list