Yesterday we had an emergency spam problem where our Postfix server could be used as an open relay :-\ – see https://discuss.noisebridge.info/t/what-is-using-so-much-disk-space-on-unicorn/1112/9 .
I have stopped and disabled Postfix so that this very server (Unicorn, hosting
*.noisebridge.info) would be unsuspended by our hosting provider, SSDNodes.com .
“Why I No Receive Email???”
In the past weeks, it probably took a long time for Discourse account confirmation emails to go out to people because ~millions of spam emails were being sent at the same time, filling up the queue (@mct seems to have had this problem, mentioned above).
If someone signed up for Discourse yesterday, then it is possible that their confirmation email was deleted by me along with ~84,000 spam messages; I deleted everything from the queue because 99.99%-100% of it was spam, but sorry for the inconvenience.
Our IP’s reputation has dropped significantly and so, in the weeks and months before the last few days, it is possible that entire domains/email providers were blocking any and all emails originating from our IP.
Figure out which exact Discourse-related functionality the Postfix server has been used for (probably email replies that become Discourse posts, but any thing else?)
If necessary for our desired functionality, re-enable Postfix (with
$ sudo systemctl enable postfix) but only after securing port 2533, which currently gets sent to port 25 (see What is using so much disk space on Unicorn? ), which is the port Postfix was running on before I stopped and disabled it
Step #1 will be a lot easier if we figure out who needed 2533 open and why. (My goal is of course to determine a secure configuration, not to point fingers etc.)
I know who initially configured Discourse, but this person typically really knows their shit and so I doubt they would have left an SMTP relay open to the world.
Anyone remember who set up reply-to-Discourse-email-to-create-post? That should at least give us clues. /cc @James @tdfischer