Mail server analysis
One of my friend is having some problem with her mail server and I don't know how to deal with it or how to explain. She does gave me a pcap file, from that I guess some spam problem. But I don't know exactly or sure about this. I hope you guys can point me to the right thing and ensure this.
So, I leave it to you guys if you're willing to help or for those who like thrill. I already upload the file she gave to me here 21april.pcap
Thank you again. I will post my own analysis about this matter soon.
From the pcap file it appears she is running postfix.
Ask her to provide you with /etc/postfix/main.cf and post it here.
It's the main postfix configuration file.
It would also be helpful to have the mail log (e.g. /var/log/mail)
The first issue I see is that she has no authentication.
Anyone can connect and attempt to send mail.
While relaying appears to be denied, I was able to telnet to her smtp port and send mail to local users. e.g. postmaster
she needs to modify her postfix config to require smtp authentication.
this may require additional software to be installed.
Need to see the config files. as per ^.