here and there we get mails delivered with unknown local recipients, in general these mails been rejected. how can it be postfix delivers a mail with a unknow local recipient.
main.cf
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination defer_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
reject_rbl_client zen.spamhaus.org,
reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = sys.ublun.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
# myorigin = $mydomain
myorigin = /etc/mailname
mydestination = $myhostname, xxxxxxx.com, , localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
sender_dependent_default_transport_maps = hash:/etc/postfix/dependent
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
allow_percent_hack = no
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
compatibility_level = 2
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
message_size_limit = 52428800
Try to change
mydestination = $myhostname, localhost.$mydomain, localhost, server.hostname.tld, restart postfix and see if the problem is gone. Do not forget to make local copy of your postfix before any change.P.S. Instead of "server.hostname.tld" use the real hostname.
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.
thank you Diabolico, we adjusted accordingly
so far all fine with Postfix server but one thing remains:
connect from unknown
how is it that some IP adresses beign rejected, some not. Both are from a unknown source.
connect from unknown[177.54.144.232] NOQUEUE: reject: RCPT from unknown[177.54.144.232]: 450 4.7.1 Client host rejected: cannot find your reverse hostname,
connect from unknown[89.248.171.132] warning: unknown[89.248.171.132]: SASL LOGIN authentication failed: authentication failure
**postconf -n**
alias_maps = hash:/etc/aliases
allow_percent_hack = no
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
compatibility_level = 2
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
message_size_limit = 52428800
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname, xxxx.com, localhost.xxxx.com, localhost
myhostname = xxxx.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 144.76.73.84
myorigin = /etc/mailname
non_smtpd_milters = inet:localhost:8891
readme_directory = no
recipient_delimiter = +
sender_bcc_maps = hash:/etc/postfix/bcc
sender_dependent_default_transport_maps = hash:/etc/postfix/dependent
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces reject_unknown_reverse_client_hostname permit_tls_all_clientcerts reject_rbl_client zen.spamhaus.org reject_rhsbl_client zen.spamhaus.org
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = reject_unknown_reverse_client_hostname
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination defer_unauth_destination permit
smtpd_sasl_auth_enable = yes
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtual
Start with "mydestination = $myhostname, localhost.$mydomain, localhost, your.hostname.tld" where you need to change "your.hostname.tld" and put your real hostname. Remember hostname must be FQDN.
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.
we adjusted accordingly: "mydestination = $myhostname, localhost.$mydomain, localhost, sys.ublun.com" but they still roll in....
Feb 15 21:27:13 sys postfix/smtpd[14372]: connect from unknown[89.248.171.132]Feb 15 21:27:16 sys postfix/smtpd[14372]: warning: unknown[89.248.171.132]: SASL LOGIN authentication failed: authentication failure
Feb 15 21:27:16 sys postfix/smtpd[14372]: disconnect from unknown[89.248.171.132] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
This IP 89.248.171.132, is that from your server or personal connection?
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.
no no.... nothing to do with my IP's it comes from the Seychelles and their is one from the Ukraine, I can only stop them over iptables, Postfix does not act as it should.
actually the problem is based on: Reject clients with no reverse hostname
Most clienst with no reverse hostname get rejected but not all, that makes me wondering.
Yes, i suspected that IP isnt yours. I made a check after my last post and that IP belongs to Novogara.com, formerly known as Ecatel.net. This host have servers located in Netherlands, but the company is from England and owned by some shady offshore company. This host is also known as best heaven for spammers and hackers so its not a surprise to see their IP in server logs. Same as with IP's originated from Colocrossing a.k.a. HudsonValleyHost. Nothing unusual to see their multiple IP ranges on every major spam list.
How to stop? To begin you will need to install Fail2Ban and activate jails for all software that you can, like Apache, Postfix, Dovecot... and so on. Next, you will need to edit main.cf and add/modify lines "smtpd_helo_restrictions", "smtpd_relay_restrictions", "smtpd_sender_restrictions", "smtpd_recipient_restrictions". There is really huge amount of information and examples on google so just pick few and use them. It would help even more if you add few RBL in your main.cf:
reject_rbl_client zen.spamhaus.org,reject_rbl_client bl.spamcop.net,
reject_rbl_client b.barracudacentral.org,
# reject_rbl_client dnsbl.sorbs.net,
Sorbs is the most aggressive RBL and they are frequently blacklisting IP's even from Gmail, so do not use it if you dont know what are you doing or you have anyone important who is using Gmail, Hotmail, etc.
Just by installing Fail2Ban majority of this attacks will be stopped but i would suggest to play a little with main.cf. Remember to always have a local/offsite copy of any file you intend to modify.
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.