Wednesday, November 30, 2011

Home server being used as an open rely

My email account got locked today because my home server was being using as an open rely so the spammers could send mail at will from brewer.me.uk. It looks like it started at Nov 28 15:33:49 and the account got locked at Nov 30 04:20:40, with a total of 5109 spam mails being sent. Doh!

What I can't understand is why my router was allowing access to the mail server i.e. port forwarding port 25. I have a vague feeling that it was another half completed project that I was playing around with years ago.

Anyway, firewall is working correctly and the mail server is configured a bit better now.  These are the changes I made to my postfix configuration file (main.cf):

smtpd_client_restrictions = permit_mynetworks, reject

smtpd_helo_restrictions = reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname 

smtpd_sender_restrictions = reject_unknown_sender_domain 

smtpd_recipient_restrictions = permit_mynetworks, reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_destination, reject_rbl_client sbl.spamhaus.org

smtpd_data_restrictions = reject_unauth_pipelining

One and one were very quick to unlock the account.