I'm running postfix with opendkim. My opendkim milter is running on port 10029.
CORRECTION: My opendkim milter is running on a unix socket, and there is a DKIM content filter set up on port 10029.
Just today, I started seeing messages like this appearing in my postfix log ...
2023.11.01 21:29:40 hippo postfix/smtp[29756]: EBBA428F83B: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10029, delay=0.94, delays=0.78/0.01/0.04/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as B71ED28F83C)
It appears that some people have figured out how to use my opendkim milter as an open relay. Or am I somehow misinterpreting this log message?
My postfix server itself is not an open relay, and smtp can only be initiated via authentication.
If I am correct in guessing that opendkim is being used as an open relay, is this a known problem? Or if I'm totally misunderstanding what's going on, can anyone help me understand what's actually happening with those seemingly relayed messages?
Thank you very much.
UPDATE: Could it be that someone discovered that 10029 is an open port, and that it's possible to misuse DKIM's listening port in order to relay emails?
If so, do I simply need to do the following in order to only enable port 10029 access from localhost? ...
iptables -I INPUT -p tcp --dport 10029 -j DROP
iptables -I INPUT -s 127.0.0.1 -p tcp --dport 10029 -j ACCEPT