Open relay?
Maxim Sorokin
max at horosh.ru
Mon Mar 6 17:46:28 CET 2006
> > I could find the records about this queue, but how can I
> find local user?
> > For example the spam header is:
> > Received: from localhost (localhost [127.0.0.1])
> > by mx.xxx.ru (Postfix) with ESMTP id 49C671BD951;
> > Mon, 6 Mar 2006 04:56:26 +0300 (MSK)
> >
> > And the record in the Postfix log:
> > Mar 06 11:16:26 mx <info> postfix/qmgr[2177]: 49C671BD951: from
> > <info at turtleback.net>, size=3834, nrcpt=37 (queue active)
> >
> > IP-????
> >
>
> That's the qmgr entry. If you look a few lines above that in
> the logs, and find a postfix/smtpd entry with the same ID
> (49C671BD951), then that will tell you what you are looking for.
>
> looks something like :
>
> Mar 06 11:16:26 mx <info> postfix/smtpd[23016]: 49C671BD951:
> client=unknown[192.168.123.123], sasl_method=LOGIN,
> sasl_username=user at domain.com
>
> that will tell you the IP connected from, and the credentials
> using to authenticate to the server.
Unfortunately there is no such type of IP info (no records postfix/smtpd
with same ID ot same email<to/from>) - it looks like Postfix make log file
with special option (short logging), because all lines abow and below
contain the other ID messages but the same type, like:
....
Mar 06 11:16:26 mx <info> postfix/qmgr[2177]: 334181BDB99: from
<info at neopolitan.org, size=4211, nrcpt=46 (queue active)
Mar 06 11:16:26 mx <info> postfix/qmgr[2177]: 49C671BD951: from
<info at turtleback.net>, size=3834, nrcpt=37 (queue active)
Mar 06 11:16:26 mx <info> postfix/qmgr[2177]: 4CF671BB443: from
<ampersand at wappi.com>, size=2858, nrcpt=37 (queue active)
...etc
May be I have to change type of Postfix logging?
Max
More information about the users
mailing list