Open Relay - What Happened?

So I'm running postfix on Gentoo, and have been doing so
happily since
about November.  Until today I got a rejection for relayed
mail notice
from Road Runner.  I read on their site that this happens
when your IP
address sends more than 1000 e-mails in 24 hours.  My first
thought was
my windows-using roommates, but then I checked my e-mail
server from the
outside and indeed it was open.  This is weird though,
because I believe
I have it configured for authenticated users only.  I even
tried setting
it to only allow connections from this host, and still it
happily
accepts connections from outside and tries to relay those
e-mails to
other domains (of course, I would expect it to accept mail
for
electronsweatshop.com.)  Here are some settings in
/etc/postfix/main.cf
that I think are relevant, anybody have any
comments/criticisms/suggestions?

myorigin = $myhostname
mydestination = $myhostname, localhost.$mydomain, $mydomain
mynetworks_style = subnet # I tried setting to host to see
if that would
                            # solve the problem (nope)
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
# I've tried the following also adding
reject_unauth_destination,reject_unknown_client, but that
didn't solve
the problem either
smtpd_client_restrictions = permit_sasl_authenticated
smtp_use_tls = yes
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
relayhost = smtp-server.carolina.rr.com
# I actually have several domains listed here.  Does anyone
know how to
get it to allow me to relay to all domains once I have
properly
authenticated?
relay_domains = bunchofdomains.com
smtpd_tls_security_level = may

I fully appreciate any help anyone can offer.  I made this
setup just by
following some guides I found here and there online, and
don't really
have a good grasp on the 6 volume manual that is postfix
docs  
-- 
Randy Barlow
http://electronsweatshop
.com

But you are a chosen race, a royal priesthood, a holy
nation, a people 
for his own possession, that you may proclaim the
excellencies of him 
who called you out of darkness into his marvelous light.
Once you were 
not a people, but now you are God's people; once you had not
received 
mercy, but now you have received mercy. ~1 Peter 2:9-10

-- 
gentoo-usergentoo.org mailing list

Vladimir Rusinov wrote:
> You have problems with client restrictions.
> It is very weird that spammer haven't attacked your
server since November.

Thanks for your help Vladimir, I believe my e-mail server is
secure now!

-- 
Randy Barlow
http://electronsweatshop
.com

But you are a chosen race, a royal priesthood, a holy
nation, a people 
for his own possession, that you may proclaim the
excellencies of him 
who called you out of darkness into his marvelous light.
Once you were 
not a people, but now you are God's people; once you had not
received 
mercy, but now you have received mercy. ~1 Peter 2:9-10

-- 
gentoo-usergentoo.org mailing list

On 6/29/07, Randy Barlow <randyelectronsweatshop.com>
wrote:
> Vladimir Rusinov wrote:
> > You have problems with client restrictions.
> > It is very weird that spammer haven't attacked
your server since November.
>
> Thanks for your help Vladimir, I believe my e-mail
server is secure now!
>
> --
> Randy Barlow
> http://electronsweatshop
.com
>
> But you are a chosen race, a royal priesthood, a holy
nation, a people
> for his own possession, that you may proclaim the
excellencies of him
> who called you out of darkness into his marvelous
light. Once you were
> not a people, but now you are God's people; once you
had not received
> mercy, but now you have received mercy. ~1 Peter
2:9-10
>
> --
> gentoo-usergentoo.org mailing list
>
>


Just be aware bounce-mails are not nessicarily an indication
of a
compromised box. Lately some spammers have learn't they can
double
their audience and halve their own send rate by putting
victim1 as the
"to" address, and victim2 as the "from"
field, so that way when
servers send a 'sorry, cant deliver this message'  it
bascially acts
as a open-relay-on-bounce ( if theres any doubt, check the
headers of
the bounced message, sometimes you'll find your server never
touched
it )
-- 
Kent
ruby -e '[1, 2, 4, 7, 0, 9, 5, 8, 3, 10, 11, 6, 12,
13].each{|x|
print "enNOSPicAMreil kdrtfgma.com"[(2*x)..(2*x+1)]}'
-- 
gentoo-usergentoo.org mailing list

Kent Fredric wrote:
> Just be aware bounce-mails are not nessicarily an
indication of a
> compromised box. Lately some spammers have learn't they
can double
> their audience and halve their own send rate by putting
victim1 as the
> "to" address, and victim2 as the
"from" field, so that way when
> servers send a 'sorry, cant deliver this message'  it
bascially acts
> as a open-relay-on-bounce ( if theres any doubt, check
the headers of
> the bounced message, sometimes you'll find your server
never touched
> it )

Right, but the headers in my instance definitely confirmed
that I had 
been blocked by my ISP.  Also, e-mails that I had personally
sent to 
people I know were getting bounced.  But thanks for the
tip!

-- 
Randy Barlow
http://electronsweatshop
.com

But you are a chosen race, a royal priesthood, a holy
nation, a people 
for his own possession, that you may proclaim the
excellencies of him 
who called you out of darkness into his marvelous light.
Once you were 
not a people, but now you are God's people; once you had not
received 
mercy, but now you have received mercy. ~1 Peter 2:9-10

-- 
gentoo-usergentoo.org mailing list