Fresh and latest install of Virtualmin.
! have one email inbox on the server, which is the default one of a virtual server.
When postfix starts, I see this:
Feb 21 18:16:45 srv2 postfix/smtpd[16061]: connect from unknown[192.168.1.6]
Feb 21 18:16:45 srv2 postfix/smtpd[16066]: connect from unknown[192.168.1.6]
Feb 21 18:16:45 srv2 postfix/smtpd[16067]: connect from unknown[192.168.1.6]
Feb 21 18:16:45 srv2 postfix/smtpd[16068]: connect from unknown[192.168.1.6]
Feb 21 18:16:45 srv2 postfix/smtpd[16061]: 529714B2: client=unknown[192.168.1.6]
Feb 21 18:16:45 srv2 postfix/smtpd[16066]: 54CB74C2: client=unknown[192.168.1.6]
Feb 21 18:16:45 srv2 postfix/smtpd[16067]: 56E37A2: client=unknown[192.168.1.6]
Feb 21 18:16:45 srv2 postfix/smtpd[16068]: 768F94D3: client=unknown[192.168.1.6]
That IP address is my load balancer.
- How does an unknown user login to postfix?
- How can I stop this!!!
As soon as I start postfix it gets these connections and the queue starts to fill with endless spam, this shouldn’t be possible at all!
Edit 1: output of postconf -n
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, srv2.scmscloud.nl
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sender_bcc_maps = hash:/etc/postfix/bcc
sender_dependent_default_transport_maps = hash:/etc/postfix/dependent
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_unknown_sender_domain
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
My guess, this is a problem:
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
What are those variables and isn’t it pretty bad that the restrictions parameter is not set?
Edit 2: Might the source IP 192.168.1.6 be the problem as it is accepted because my server IP is 192.168.1.3?