Good morning, recently i observe a lot of messages like this: Aug 22 18:50:07 vps515897 postfix/error[645295]: 6A08BBD0EF: to=<[email protected]>, relay=none, delay=0.06, delays=0.02/0.03/0/0.01, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to vps-xxxxx.vps.net[xx.xx.xx.xx]:25: Connection timed out) which are derrered and i supposse finally discarded, they come from a vps that hosts static websites with contact forms, these contact forms have a very basic captcha protection based on a sum, so i´m thinking that most probably it´s spam. The emails are forwarded from the vps with nullmailer through an ispconfig email account. When exec qshape deferred: T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 328 1 1 2 4 8 16 34 65 128 69 vps-xxxxx.vps.net 324 1 1 2 4 8 16 32 65 128 67 I haven´t a so deep knowledge in email systems so can anybody suggest me some action to correct this?, i suppose to implement a re-captcha system should help, and for the other hand can somebody confirm to me that this really is spam?, so i don´t find where the emails are to inspect them. Thank you very much for your time. Regards.
Whatever vps-xxxxx.vps.net is, your server is not able to connect to it. The connection times out as statet in the log. Postfix will try to deliver the mails again after a defined amount of time and a some point will delete the mail from the queue when the error persists for too long. Depending on the kind of website that's an idea. For CMS Systems like Wordpress there are a ton of plugins to help fight such abuse. Get the ID of the mails in question and check the content with postcat. For example: Code: # mailq ... ABCDE123 [email protected] STATUS ... # postcat -q ABCDE123
Thank you very much for your help, i really appreciate it. About the command postcat -q is completely great, now thanks to it i have discovered the origin of mails. Received: (nullmailer pid 13989 invoked by uid 33); Tue, 22 Aug 2023 09:25:01 -0000 From: [email protected] (Cron Daemon) To: [email protected] Subject: Cron <www-data@vps-xxx> php -f /var/www/cloudserver/cron.php MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Cron-Env: <SHELL=/bin/sh> X-Cron-Env: <HOME=/var/www> X-Cron-Env: <PATH=/usr/bin:/bin> X-Cron-Env: <LOGNAME=www-data> Date: Tue, 22 Aug 2023 09:25:01 +0000 I found it. The cron was in /var/spool/cron/crontabs/www-data and executed each 5 min, probably it was installed by an old installation of nextcloud. Well, another mistery solved. About the spam i´m implementing the google re-captcha in all forms in the static websites, for wordpress i use wp-cerber which implements a section with re-captha for the forms too. The only doubt pending to me (curiosity) is, why my mailserver tries to connect (when it receives the emails) with the source vps at the port 25? Anyway, thanks for the help!
Thats cron sending mail to another user on the host if "vps-xxx.net" is the same here. It may tries to connect to itself. I don't know your setup and settings regarding local delivery.
