Re: possible localhost dns spoof attack
> Like I said, as soon as I blocked the troublesome IP's the problem wentYou should still recheck your mail server configuration, looks like
> away. Thus, it cannot be a local script. Furthermore,
> we are not even running Apache. We are running Tomcat with custom developed
> Java apps.
> I also ran tcpdump on localhost to see if there was traffic being received
> on localhost. Guess what? While the spamming was taking place
> there was no smtp traffic passing through on localhost port 25.
your server is open relay?
- Jamie skrev den 2013-02-26 11:32:
> We would appreciate your thoughts.check that you have not external nameservers that can resolve localhost
into 127.0.0.1, but show logs on what postfix really did, even if sender
ip is localhost it should not allow relaying, unless you have
permit_mynetwork to early, thats why i only allow smpt auth relaying,
even from localhost/rfc1918 ips
to minimise the risk you should only trust localhost nameservers
and possible it would make sense to reject clients that have mx set as
localhost or 127.0.0.1
well i admit it just speculating here, so logs please, with postconf -n