Recently had an issue where everytime I tried to send an email, it was getting rejected by my smtp server. At the same time, it seemed like I was getting a barrage of spam hitting my inboxes, so I assumed I had been hacked.
To cut a long story short, turned out to be that my server had lost its configuration for DNS lookup, and the anti-spam rule reject_unknown_sender_domain was then being triggered! 3 fucking days to work that one out…the following two files should have contained some DNS info:
- /var/spool/postfix/etc/resolv.conf
- /etc/resolv.conf
I used dig to prove that I did not even have DNS lookup abilities. dig is a command-line tool for querying DNS name servers for information about host addresses, mail exchanges, name servers, and related information.
-
# get a list of yahoo's mail servers dig yahoo.com MX +noall +answer
In the end, I defined Google’s open DNS servers in the interfaces configuration file at /etc/network/interfaces: dns-nameservers 8.8.8.8 8.8.4.4 (ref : http://wiki.debian.org/NetworkConfiguration#Definingthe.28DNS.29Nameservers)
In the process, I learnt a lot about Postfix anti-spam config:
- A good overview of how Postfix anti-spam works: http://www.akadia.com/services/postfix_uce.html
- For a full postfic config plus comments: http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
- To test if known spam merchants get blocked: http://www.crynwr.com/spam/ or send an email to nelson-SBL-test@crynwr.com
- Spamhaus: http://www.spamhaus.org/zen/
- And to check if a given email sender is in the block list, pull the sender IP from the full mail header, and run the checkĀ http://www.spamhaus.org/query/bl?ip=85.234.24.52 (replacing IP as needed)