0

Good day to you all,

today, I was setting up a postfix mail server. Everything works well: mails get forwarded from my server's mail address, [email protected], to my personal email [email protected].

When testing with telnet, like this, I found that I could send mail only to [email protected].

The problem

The thing is: My logs show me that I get connections from 'unknown'. Here is a part of my /var/log/maillog (default CentOS postfix log location. On other Linux systems possibly /var/log/mail.log):

Jun 2 22:58:31 vps postfix/smtpd[23587]: connect from unknown[A.B.C.D] Jun 2 22:58:31 vps postfix/smtpd[23585]: connect from unknown[A.B.C.E] Jun 2 22:58:43 vps postfix/smtpd[23592]: connect from unknown[A.B.F.G] Jun 2 22:58:55 vps postfix/smtpd[23597]: connect from unknown[A.B.F.H] Jun 2 22:58:58 vps postfix/smtpd[23587]: disconnect from unknown[A.B.C.D] ...

With my current ruleset, these unknown spambots should be completely unable to send their garbage on their way to the internet.

However, I would like to check if these unknowns actually got any mail sent from my server.

What I tried

I tried the mailq command to check queued mails. This list was empty. However, this does not exclude that there was traffic. Also, I checked my log with cat /var/log/maillog | grep 'sent'. Zero matches. I am uncertain whether this means no bot could send spam or that postfix does not log sent mails from unknown's.

The Question

How can one check outgoing mail traffic with postfix?

Improve this question

2 Answers 2

Reset to default
2

If any mail was sent, it would be in the log.

Improve this answer
0

From your post, I suppose that ultimately you want to block unknown users sending email via your postfix server.

For that you need to tighten up your "smtpd restrictions" in your /etc/postfix/main.cf file

Here is a sample that you can use ...

smtpd_client_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_unknown_client_hostname, permit smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated reject_unknown_reverse_client_hostname

More info at:

https://www.linuxbabe.com/mail-server/block-email-spam-postfix http://www.postfix.org/SMTPD_ACCESS_README.html#lists

Improve this answer
2
  • Thanks for your information! I would quite like it if no 'unknown' bots/people could connect. Currently, I have setup a config which contain your suggested client restrictions. However, unknowns can still establish connections. Maybe reject_unknown_reverse_client_hostname does the trick Commented Jun 3, 2019 at 9:02
  • Share your main.cf pls if you still have issues ... Commented Jun 3, 2019 at 16:00

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.