spam connections to 25 port via local 10.255.0.3 port
FROM debian:jessie install exim4
Docker version 17.03.0-ce, build 60ccb22
Hello.
I have set up docker exim service as smarthost for php-fpm app.
relay was enabled for overlay network: dc_relay_nets=‘10.0.9.0/24’
But i have many cpam connections in exim log:
2017-03-21 09:04:04 H=(MY_SERVER_IP) [10.255.0.3] F=<yjupsgtc@mail2000_com_tw> rejected RCPT <like_cmy1314@yahoo_com_tw>: relay not permitted
2017-03-21 09:04:04 H=(MY_SERVER_IP) [10.255.0.3] F=<zgkdmpfg@yam_com> rejected RCPT <dream-true@yahoo_com_tw>: relay not permitted
2017-03-21 09:04:04 H=(MY_SERVER_IP) [10.255.0.3] F=<yjupsgtc@mail2000_com_tw> rejected RCPT <junior1976_168@yahoo_com_tw>: relay not permitted
2017-03-21 09:04:04 H=(MY_SERVER_IP) [10.255.0.3] F=<zgkdmpfg@yam_com> rejected RCPT <deep_vivi@yahoo_com_tw>: relay not permitted
2017-03-21 09:04:04 H=(MY_SERVER_IP) [10.255.0.3] F=<yjupsgtc@mail2000_com_tw> rejected RCPT <leo7708802001@yahoo_com_tw>: relay not permitted
2017-03-21 09:04:04 H=(MY_SERVER_IP) [10.255.0.3] F=<zgkdmpfg@yam_com> rejected RCPT <eiain@yahoo_com_tw>: relay not permitted
All connections via local 10.255.0.3 IP address via H=(MY_SERVER_IP).
Also, i don’t see any connections to 25 port on main server:
# netstat -an | grep 25
tcp6 0 0 :::25 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 11290774 /run/docker/libnetwork/738427efba66246a3a223d571729df5259bcdc1f92f6e9261f4fa13fc0d04096.sock
unix 3 [ ] STREAM CONNECTED 18725
unix 3 [ ] STREAM CONNECTED 18625 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 22595
network in exim container:
# ip route show all
default via 172.19.0.1 dev eth1
10.0.9.0/24 dev eth2 proto kernel scope link src 10.0.9.8
10.255.0.0/16 dev eth0 proto kernel scope link src 10.255.0.6
172.19.0.0/16 dev eth1 proto kernel scope link src 172.19.0.4
Can anyone help how to find the source IP of spam connections ?
(sorry for my English)