Open relay?

Maxim Sorokin max at horosh.ru
Mon Mar 6 17:46:28 CET 2006


 
> > I could find the records about this queue, but how can I 
> find local user?
> > For example the spam header is:
> > Received: from localhost (localhost [127.0.0.1])
> >         by mx.xxx.ru (Postfix) with ESMTP id 49C671BD951;
> >         Mon,  6 Mar 2006 04:56:26 +0300 (MSK)
> >
> > And the record in the Postfix log:
> > Mar 06 11:16:26 mx <info> postfix/qmgr[2177]: 49C671BD951: from 
> > <info at turtleback.net>, size=3834, nrcpt=37 (queue active)
> >
> > IP-????
> >
> 
> That's the qmgr entry.  If you look a few lines above that in 
> the logs, and find a postfix/smtpd entry with the same ID 
> (49C671BD951), then that will tell you what you are looking for.
> 
> looks something like :
> 
> Mar 06 11:16:26 mx <info> postfix/smtpd[23016]: 49C671BD951: 
> client=unknown[192.168.123.123], sasl_method=LOGIN, 
> sasl_username=user at domain.com
> 
> that will tell you the IP connected from, and the credentials 
> using to authenticate to the server.

Unfortunately there is no such type of IP info (no records postfix/smtpd
with same ID ot same email<to/from>) - it looks like Postfix make log file
with special option (short logging), because all lines abow and below
contain the other ID messages but the same type, like:
....
Mar 06 11:16:26 mx <info> postfix/qmgr[2177]: 334181BDB99: from
<info at neopolitan.org, size=4211, nrcpt=46 (queue active)
Mar 06 11:16:26 mx <info> postfix/qmgr[2177]: 49C671BD951: from
<info at turtleback.net>, size=3834, nrcpt=37 (queue active)
Mar 06 11:16:26 mx <info> postfix/qmgr[2177]: 4CF671BB443: from
<ampersand at wappi.com>, size=2858, nrcpt=37 (queue active)
...etc

May be I have to change type of Postfix logging?
Max





More information about the users mailing list