Loading ...
Sorry, an error occurred while loading the content.

Re: possible localhost dns spoof attack

Expand Messages
  • Noel Jones
    ... Hash: SHA1 On 2/27/2013 8:37 PM, Jamie wrote: The useful information gained from your postconf is: a) It s very unlikely postfix is an open relay b) you re
    Message 1 of 32 , Feb 27, 2013
    • 0 Attachment
      -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA1

      On 2/27/2013 8:37 PM, Jamie wrote:


      The

      useful information gained from your postconf is:
      a) It's very unlikely postfix is an open relay
      b) you're using a content_filter, so that may explain the "connect
      from [127.0.0.1]" log snippit.




      I was hoping to see logs of the original incident.



      I'm sorry if this feels like abuse; that's not the intent. A few
      of us here wanted to see evidence before sending you on wild goose
      chase. You'll just have to trust me when I tell you the people
      who made a diagnosis without evidence weren't doing you any favors
      - -- they wasted a lot of your time looking for problems that didn't
      exist, and drowned out the few posts that were actually useful.




      Peace,


      -- Noel Jones
      -----BEGIN PGP SIGNATURE-----
      Version: GnuPG v2.0.17 (MingW32)
      Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

      iQEcBAEBAgAGBQJRLsvVAAoJEJGRUHb5Oh6gWK0H/jSMfezlcobnuWqsb/6uL7Re
      D3mMhAGHaBZx+ZVznGwvgflJmyM9k1UuQbcKreKuc1KNKdWIw/ZCcjmbAhKw3ndt
      v1pRf0SumI8nSfLY6pPoabzkYrn5jjzEgeRLp92oI8UgASI0mkXXaJDkaYFjIe3b
      ejX6SmilhNAis6OqykEHCZ8VVHehvDEnTMIsD04aZG/S4WkOSyYgJwGsf+9GoCOH
      5kVdLT9gMEdoSAvYkhqen9LBIy2aQM0in04n1Mneqjjhe0wrcJAvMw+tdJKAup1x
      7cC/mHqMHNTxTGQjz5x5mAQef1Lt6X8b10FnVDg3UZbGeQLosKPG7SAGyYO0Xr4=
      =nOaT
      -----END PGP SIGNATURE-----
    • Benny Pedersen
      ... check that you have not external nameservers that can resolve localhost into 127.0.0.1, but show logs on what postfix really did, even if sender ip is
      Message 32 of 32 , Feb 28, 2013
      • 0 Attachment
        Jamie skrev den 2013-02-26 11:32:

        > We would appreciate your thoughts.

        check that you have not external nameservers that can resolve localhost
        into 127.0.0.1, but show logs on what postfix really did, even if sender
        ip is localhost it should not allow relaying, unless you have
        permit_mynetwork to early, thats why i only allow smpt auth relaying,
        even from localhost/rfc1918 ips

        to minimise the risk you should only trust localhost nameservers

        and possible it would make sense to reject clients that have mx set as
        localhost or 127.0.0.1

        well i admit it just speculating here, so logs please, with postconf -n
      Your message has been successfully submitted and would be delivered to recipients shortly.