Hello, I receive massive email come from .mail.ru on my emal [email protected]. How to to block the domain mail.ru spam filter set on non-paying example : dovecot: auth-worker(30371): Error: mysql(localhost): Connect failed to database (dbispconfig): Too many connections ==> impact on my website Thank you. AAF2A1D50B74 11967 Mon Feb 24 15:35:02 [email protected] [email protected] A80B61D50B6A 11967 Mon Feb 24 15:35:02 [email protected] [email protected] ACDC01D50B77 11957 Mon Feb 24 15:35:02 [email protected] [email protected] AC0BD1D50B76 11959 Mon Feb 24 15:35:02 [email protected] [email protected] ABC011D50B75 11959 Mon Feb 24 15:35:02 [email protected] [email protected] A99331D4F889* 12517 Mon Feb 24 15:33:41 [email protected] [email protected] 3FAFC1D5042B* 12517 Mon Feb 24 14:51:45 [email protected] [email protected] 76E251D4F955* 12541 Mon Feb 24 15:33:44 [email protected] [email protected] 29C251D504AB* 12513 Mon Feb 24 15:34:28 [email protected] [email protected]
@Taleman Look that I have lot of .ru. I want to block this. Code: qshape deferred Code: T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 49221 323 270 1140 1815 4422 7238 12694 21319 0 0 mail.ru 21109 11 0 625 870 2378 3119 5462 8644 0 0 yandex.ru 17028 152 148 305 616 1204 2536 4581 7486 0 0 ukr.net 2349 20 20 36 58 147 290 478 1300 0 0 yahoo.com 1270 12 7 14 44 75 139 248 731 0 0 ya.ru 1202 6 12 18 43 77 170 318 558 0 0 bk.ru 997 33 21 34 27 113 182 263 324 0 0 list.ru 941 22 21 15 21 123 173 261 305 0 0 inbox.ru 793 19 13 31 22 94 144 205 265 0 0 tut.by 550 3 4 7 20 30 88 145 253 0 0 yandex.ua 330 4 1 7 10 22 44 97 145 0 0 narod.ru 136 0 3 4 4 10 19 31 65 0 0 nm.ru 88 0 1 1 2 5 13 22 44 0 0 e1.ru 81 0 0 2 6 10 11 17 35 0 0 qip.ru 77 0 0 5 3 9 11 19 30 0 0 hotbox.ru 66 3 2 1 1 5 14 10 30 0 0 land.ru 58 1 0 1 5 2 9 12 28 0 0 front.ru 54 0 0 2 1 3 6 22 20 0 0 pisem.net 50 1 1 1 1 4 9 14 19 0 0 intway.com 44 1 1 0 3 0 5 7 27 0 0
I found this : https://www.howtoforge.com/tutorial/how-to-block-email-from-certain-tld-in-ispconfig/ Is it correct ? More log : Code: eb 24 19:55:11 nsxxxxxx postfix/qmgr[26246]: DA95E1D55D00: removed Feb 24 19:55:11 nsxxxxxx postfix/smtp[26268]: 3BDB91D55A9C: host mxs.mail.ru[94.100.180.31] said: 421 Try again later (94.23.7.166). Please contact [email protected]. (in reply to end of DATA command) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26265]: F1EEE1D4EA04: host mxs.MAIL.ru[94.100.180.31] said: 421 Try again later (94.23.7.166). Please contact [email protected]. (in reply to end of DATA command) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26798]: 4241B1D4FE16: host mxs.MAIL.ru[94.100.180.104] said: 421 Try again later (94.23.7.166). Please contact [email protected]. (in reply to end of DATA command) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26271]: Untrusted TLS connection established to mxs.mail.ru[94.100.180.31]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26623]: 483891D56E14: host mxs.MAIL.ru[94.100.180.31] said: 421 Try again later (94.23.7.166). Please contact [email protected]. (in reply to end of DATA command) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26653]: Untrusted TLS connection established to mxs.mail.ru[94.100.180.31]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26873]: 7B4CD1D4828F: host mxs.MAIL.ru[94.100.180.104] said: 421 Try again later (94.23.7.166). Please contact [email protected]. (in reply to end of DATA command) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26506]: 1D8761D51CD0: host mxs.MAIL.ru[94.100.180.104] said: 421 Try again later (94.23.7.166). Please contact [email protected]. (in reply to end of DATA command) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26379]: Untrusted TLS connection established to mxs.mail.ru[94.100.180.31]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Feb 24 19:55:11 nsxxxxxx postfix/smtpd[26385]: 7BAA61D55D00: client=localhost[127.0.0.1] Feb 24 19:55:11 nsxxxxxx postfix/smtp[26844]: Untrusted TLS connection established to mxs.mail.ru[94.100.180.104]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Feb 24 19:55:11 nsxxxxxx postfix/cleanup[31064]: 7BAA61D55D00: message-id=<[email protected]> Feb 24 19:55:11 nsxxxxxx postfix/smtp[26612]: Untrusted TLS connection established to mxs.mail.ru[94.100.180.104]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26288]: BD5BB1D44809: host mxs.MAIL.ru[94.100.180.31] said: 421 Try again later (94.23.7.166). Please contact [email protected]. (in reply to end of DATA command) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26996]: Untrusted TLS connection established to mxs.mail.ru[94.100.180.31]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Feb 24 19:55:11 nsxxxxxx postfix/qmgr[26246]: 7BAA61D55D00: from=<[email protected]>, size=12511, nrcpt=1 (queue active) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26374]: Untrusted TLS connection established to mxs.mail.ru[94.100.180.104]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Feb 24 19:55:11 nsxxxxxx amavis[31679]: (31679-11) Passed CLEAN {RelayedOpenRelay}, [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: YkhH-RFxK3RN, Hits: 5.358, size: 12049, queued_as: 7BAA61D55D00, 344 ms Feb 24 19:55:11 nsxxxxxx postfix/smtp[31797]: E2D971D55CB1: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.79, delays=0.14/0.3/0/0.34, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7BAA61D55D00) Feb 24 19:55:11 nsxxxxxx postfix/qmgr[26246]: E2D971D55CB1: removed Feb 24 19:55:11 nsxxxxxx postfix/smtp[26875]: Untrusted TLS connection established to mxs.mail.ru[94.100.180.104]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26911]: A98331D5259C: to=<[email protected]>, relay=mxs.MAIL.ru[94.100.180.104]:25, delay=9310, delays=8883/425/1.8/0.3, dsn=4.0.0, status=deferred (host mxs.MAIL.ru[94.100.180.104] said: 421 Try again later (94.23.7.166). Please contact [email protected]. (in reply to end of DATA command)) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26378]: D6DE11D5211B: to=<[email protected]>, relay=mxs.MAIL.ru[94.100.180.104]:25, delay=14481, delays=14054/425/1.9/0.29, dsn=4.0.0, status=deferred (host mxs.MAIL.ru[94.100.180.104] said: 421 Try again later (94.23.7.166). Please contact [email protected]. (in reply to end of DATA command)) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26283]: Untrusted TLS connection established to mxs.mail.ru[94.100.180.104]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26271]: 9AA7D1D533F5: to=<[email protected]>, relay=mxs.MAIL.ru[94.100.180.31]:25, delay=634, delays=207/425/2.1/0.27, dsn=4.0.0, status=deferred (host mxs.MAIL.ru[94.100.180.31] said: 421 Try again later (94.23.7.166). Please contact [email protected]. (in reply to end of DATA command)) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26653]: 491361D49624: host mxs.MAIL.ru[94.100.180.31] said: 421 Try again later (94.23.7.166). Please contact [email protected]. (in reply to end of DATA command) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26799]: Untrusted TLS connection established to mxs.mail.ru[94.100.180.31]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26844]: CA1991D5297A: host mxs.MAIL.ru[94.100.180.104] said: 421 Try again later (94.23.7.166). Please contact [email protected]. (in reply to end of DATA command) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26268]: Untrusted TLS connection established to mxs.mail.ru[94.100.180.104]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26282]: Untrusted TLS connection established to mxs.mail.ru[94.100.180.31]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Feb 24 19:55:11 nsxxxxxx postfix/smtp[26374]: 896681D59616: host mxs.MAIL.ru[94.100.180.104] said: 421 Try again later (94.23.7.166). Please contact [email protected]. (in reply to end of DATA command)
What is the spamscore of the emails? You could start with making your spam policy more strict. The tutorial you are linking to blocks all email from a tld (so .com, .net, etc), I wouldn't suggest doing that. You can block a specific domain under Email -> Blacklist -> Add blacklist record -> User: yourdomain.com, Email: @example.com
From the last log it looks like you are sending mails to mail.ru and they have temporarily blocked your server. I am not sure that blocking the domain will solve the source of the problem
I try this under ispconfig menu Mail :Content filter Postfix Header and Body Checks Yes ns3xxxxx.ip-94-23-7.eu /<.+?@.+?.ru>/ REJECT ==> seems do not wok Menu Mail / Postfix / Blask List Email Blacklist Yes nsxxxxxxx.ip-94-23-7.eu mail.ru Recipient Do not work ==> This ch**t create some pb on the server, Kill mysql server or my web server
You should stop postfix. At the moment your server is sending so much spam, that it blocks other services. Furthermore your IP will loose all reputation and you will not be able to send mails anymore in the near future. Stop sending mails Set in your /etc/postfix/main.cf Code: defer_transports = hold default_transport = hold Then "postfix reload". Now all mails should go to queue (mailq) and not being sent. There you can delete (postsuper -d ID) or release (postsuper -r ID) them Find the source of sending mails. Probably some php code (wordpress plugin, etc..) Remove problem, revert postfix conf change, release good mail and hope your reputation will recover
I add this at the end of main.cf message_size_limit = 0 ################################### smtp_header_checks = regexp:/etc/postfix/smtp_header_checks defer_transports = hold default_transport = hold ==> do not work, ===> the mail is always sent via an email but does not exist [email protected] on server currently I checked in all the database (in past it has been created, no pb) That's the problem I stop potsfix ==> mail stop Code: eb 24 22:24:47 xxxxxxx postfix/qmgr[10970]: 777C51D5109A: from=<[email protected]>, size=12528, nrcpt=1 (queue active) Feb 24 22:24:47 xxxxxxx postfix/qmgr[10970]: CDA731D40A30: from=<[email protected]>, size=12410, nrcpt=1 (queue active) Feb 24 22:24:47 xxxxxxx postfix/qmgr[10970]: EB2421D484C5: from=<[email protected]>, size=12522, nrcpt=1 (queue active) Feb 24 22:24:47 xxxxxxx postfix/qmgr[10970]: 061BD1D4A41C: from=<[email protected]>, size=12540, nrcpt=1 (queue active) Feb 24 22:24:47 xxxxxxx postfix/qmgr[10970]: BB18E1D54262: from=<[email protected]>, size=12522, nrcpt=1 (queue active) Feb 24 22:24:47 xxxxxxx postfix/qmgr[10970]: DE3901D5B8BA: from=<[email protected]>, size=12391, nrcpt=1 (queue active) Feb 24 22:24:47 xxxxxxx postfix/error[11056]: 8366D1D4E51D: to=<[email protected]>, relay=none, delay=25616, delays=25610/5.7/0/0.17, dsn=4.3.2, status=deferred (deferred transport) Feb 24 22:24:47 xxxxxxx postfix/error[11040]: 1153A1D58E4A: to=<[email protected]>, relay=none, delay=9729, delays=9723/5.7/0/0.17, dsn=4.3.2, status=deferred (deferred transport) Feb 24 22:24:47 xxxxxxx postfix/error[11038]: C52A01D4BB55: to=<[email protected]>, relay=none, delay=33781, delays=33775/5.7/0/0.17, dsn=4.3.2, status=deferred (deferred transport) Feb 24 22:24:47 xxxxxxx postfix/error[11027]: 5B7591D47768: to=<[email protected]>, relay=none, delay=38058, delays=38052/5.7/0/0.17, dsn=4.3.2, status=deferred (deferred transport) Feb 24 22:24:47 xxxxxxx postfix/error[11059]: 4B4FC1D5FD72: to=<[email protected]>, relay=none, delay=420, delays=414/5.7/0/0.17, dsn=4.3.2, status=deferred (deferred transport) Feb 24 22:24:47 xxxxxxx postfix/error[11057]: 036C81D477A4: to=<[email protected]>, relay=none, delay=38055, delays=38049/5.7/0/0.17, dsn=4.3.2, status=deferred (deferred transport) Feb 24 22:24:47 xxxxxxx postfix/error[11001]: 163FB1D4F518: to=<[email protected]>, relay=none, delay=24707, delays=24701/5.7/0/0.17, dsn=4.3.2, status=deferred (deferred tra
