Is my postfix is hacked?

bzzik · May 8, 2009

Is my postfix hacked?

Hi guys! I really need help in my matter!

Yesterday I analyzed mail logs and noticed something really strange. I think my postfix is hacked. We do not use our mail server too much, but maillog is full of unrecognized records. Here is the part of it:

May 8 07:32:55 s2 postfix/qmgr[10256]: 7FDF11049C6: to=<[email protected]>, relay=none, delay=75981, delays=75981/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host inw.wanadoo.es
[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:55 s2 postfix/qmgr[10256]: 71C79104A43: from=<[email protected]>, size=2453, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 71C79104A43: to=<[email protected]>, relay=none, delay=73514, delays=73514/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host ing.wanad
oo.es[62.36.20.73] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:55 s2 postfix/qmgr[10256]: 71C79104A43: to=<[email protected]>, relay=none, delay=73514, delays=73514/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host inw.wa
nadoo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:55 s2 postfix/qmgr[10256]: 7C1C210479C: from=<[email protected]>, size=2421, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 72A04104B17: from=<>, size=5258, nrcpt=1 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 980FF10483E: from=<[email protected]>, size=2395, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 93DE41049B6: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 93DE41049B6: to=<[email protected]>, relay=none, delay=76076, delays=76076/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host gateway-f1
.isp.att.net[204.127.217.16] refused to talk to me: 550-87.226.13.245 blocked by ldapu=rblmx,dc=att,dc=net 550 Error - Blocked for abuse. See http://att.net/blocks)
May 8 07:32:55 s2 postfix/qmgr[10256]: 9CEC21049E1: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 9CEC21049E1: to=<[email protected]>, relay=none, delay=75833, delays=75833/0.01/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host g
ateway-f1.isp.att.net[204.127.217.16] refused to talk to me: 550-87.226.13.245 blocked by ldapu=rblmx,dc=att,dc=net 550 Error - Blocked for abuse. See http://att.net/blocks)
May 8 07:32:55 s2 postfix/qmgr[10256]: 9CEC21049E1: to=<[email protected]>, relay=none, delay=75833, delays=75833/0.01/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx1b
.comcast.net[76.96.62.116] refused to talk to me: 554 IMTA22.westchester.pa.mail.comcast.net comcast 87.226.13.245 Comcast requires that all mail servers must have a PTR record with a valid Reverse DN
S entry. Currently your mail server does not fill that requirement. For more information, refer to: http://help.comcast.net/content/faq/PTR)
May 8 07:32:55 s2 postfix/qmgr[10256]: 9CEC21049E1: to=<[email protected]>, relay=none, delay=75833, delays=75833/0.02/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx.dca.unt
d.com[64.136.44.37] refused to talk to me: 550 Access denied...4f513585c185a9a9616014d901bdb901804d3d59f0658d50a9b4f050e990904495cdad1090ad6420e100...)
May 8 07:32:55 s2 postfix/qmgr[10256]: 95BDD1049BC: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 9750E1047F7: from=<[email protected]>, size=2395, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 6F4F8104704: from=<[email protected]>, size=2466, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 6AA8C1047BD: from=<[email protected]>, size=2421, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 6A0111046F2: from=<[email protected]>, size=2466, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 6C3D210492F: from=<[email protected]>, size=2395, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 6C3D210492F: to=<[email protected]>, relay=none, delay=213500, delays=213500/0.01/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host inw.wan
adoo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:55 s2 postfix/qmgr[10256]: 634571047A1: from=<[email protected]>, size=2421, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 634571047A1: to=<[email protected]>, relay=none, delay=327123, delays=327123/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx1b.c
omcast.net[76.96.62.116] refused to talk to me: 554 IMTA22.westchester.pa.mail.comcast.net comcast 87.226.13.245 Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS
entry. Currently your mail server does not fill that requirement. For more information, refer to: http://help.comcast.net/content/faq/PTR)
May 8 07:32:55 s2 postfix/qmgr[10256]: 634571047A1: to=<[email protected]>, relay=none, delay=327123, delays=327123/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx.west.cox
May 8 07:32:56 s2 postfix/qmgr[10256]: 303C410494A: to=<[email protected]>, relay=none, delay=213333, delays=213332/0.82/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host ine.wanado
o.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:56 s2 postfix/qmgr[10256]: E3BD71048A3: to=<[email protected]>, relay=none, delay=248015, delays=248014/0.69/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host in
e.wanadoo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:56 s2 postfix/qmgr[10256]: E1B1310480D: to=<[email protected]>, relay=none, delay=214804, delays=214804/0.67/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host ine.
wanadoo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:56 s2 postfix/qmgr[10256]: 08B9E10479B: to=<[email protected]>, relay=none, delay=326939, delays=326939/0.64/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host ine.wanad
oo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:56 s2 postfix/qmgr[10256]: 08B9E10479B: to=<[email protected]>, relay=none, delay=326939, delays=326939/0.64/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host ine.
wanadoo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es: num=19:self signed certificate in certificate chain
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es: num=24:invalid CA certificate
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es: num=26:unsupported certificate purpose
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es: num=19:self signed certificate in certificate chain
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es: num=24:invalid CA certificate
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es: num=26:unsupported certificate purpose
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21709]: certificate verification failed for mail.aselegal.com: num=18:self signed certificate
May 8 07:32:56 s2 postfix/smtp[21659]: 1B3CD1048F0: to=<[email protected]>, relay=none, delay=245073, delays=245072/0.12/1/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name ser
vice error for name=ramonsamada.es type=MX: Host not found, try again)
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net: num=19:self signed certificate in certificate chain
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net: num=24:invalid CA certificate
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net: num=26:unsupported certificate purpose
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21696]: certificate verification failed for mail.envalladolid.com: num=18:self signed certificate
May 8 07:32:56 s2 postfix/smtp[21696]: certificate verification failed for mail.envalladolid.com: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21696]: certificate verification failed for mail.envalladolid.com:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21696]: certificate verification failed for mail.envalladolid.com:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21691]: 738FC1049C2: host mailin-02.mx.aol.com[205.188.249.91] said: 421 SERVICE NOT AVAILABLE, TEMPORARY DNS FAILURE (in reply to MAIL FROM command)
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es: num=19:self signed certificate in certificate chain
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es: num=24:invalid CA certificate
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es: num=26:unsupported certificate purpose
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21747]: 980FF10483E: to=<[email protected]>, relay=imp-1.mail.tiscali.it[213.205.33.248]:25, delay=214747, delays=214746/0.74/0.42/0, dsn=4.0.0, status=deferred (host
imp-1.mail.tiscali.it[213.205.33.248] refused to talk to me: 554 imp-1.mail.tiscali.it ESMTP server not available if you do not have a reverse dns mapping)
May 8 07:32:56 s2 postfix/smtp[21673]: 1FFFF104B60: to=<[email protected]>, relay=none, delay=58192, delays=58190/0.24/0.99/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service
error for name=todoyoga.es type=MX: Host not found, try again)
May 8 07:32:56 s2 postfix/smtp[21731]: connect to mail.q8online.com[195.39.142.2]: Connection refused (port 25)
May 8 07:32:56 s2 postfix/smtp[21731]: 7FDF11049C6: to=<[email protected]>, relay=none, delay=75982, delays=75981/0.68/0.5/0, dsn=4.4.1, status=deferred (connect to mail.q8online.com[195.39.142.2
]: Connection refused)
May 8 07:32:56 s2 postfix/smtp[21708]: 754B810452E: to=<[email protected]>, relay=none, delay=246705, delays=246704/0.55/0.65/0, dsn=4.4.3, status=deferred (Host or domain name not fou
nd. Name service error for name=deandalucia.es type=MX: Host not found, try again)
May 8 07:32:56 s2 postfix/smtp[21726]: certificate verification failed for relay.unizar.es: num=19:self signed certificate in certificate chain
May 8 07:32:56 s2 postfix/smtp[21707]: 771BB1047A8: host mailin-02.mx.aol.com[205.188.249.91] said: 421 SERVICE NOT AVAILABLE, TEMPORARY DNS FAILURE (in reply to MAIL FROM command)
Click to expand...

Many .es domain names, but our mail server is in .lv zone! And we do not have so much users, to send SO MANY emails!!!

What steps should I take now? Is it trojan horse on my server or something???

P.S.
I am using CentoOS 5.2 (Perfect server install)

maikcat · May 8, 2009

have you checked that your relay is not open?

please post main.cf so that we can help you.

cheers,

maik

bzzik · May 8, 2009

Thanks for you answer!

Sry, I am new to mail server. How do I check this?

P.S.
I can post configs only in the evening - I am at work now.

maikcat · May 8, 2009

you must have something inside main.cf like this:

mynetworks = 192.168.1.0/24 <--your local net
fallback_relay =
mydestination = test.gr
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated-header = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination

the above are for authanticating users to enable to relay mail through
your server.

try this to check your mail server
telnet ip 25

you will get smtp banner like

220 Esmtp service

then type

ehlo localhost.localdomain

you should get something like

250-PIPELINING
250-SIZE 15000000
250-ETRN
250-AUTH PLAIN LOGIN <--this means that your sever can authenticate clients to allow them to relay
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

if there is not the above line ,means that your server allows relay based
on ip address origin only.
check main.cf... (my networks setting..)

have a nice day

michael

ps: if you want to enable auth to work you MUST start saslauthd service as well..

bzzik · May 8, 2009

maikcat I really appreciate your help.

I will look in the evening and will post what I found there I did not even thought, that something like this is possible (real newbie I am in mails servers)...

P.S.
Btw, when I was analyzing logs, I noticed taht this started in April 25th. Till that time, everything was fine.

bzzik · May 8, 2009

Here is main.cf options:

smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
mynetworks = 127.0.0.0/8
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
Click to expand...

And more from telnet:

250-PIPELINING
250-SIZE 40960000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Click to expand...

So as I understand I have relay opened. Should I simply make smtpd_sasl_auth_enable = yes to NO ? And what I will loose after that? I do not so good in all this... I hope you will help me to understand.

Thank you!

P.S.
I made all setting to postfix using this article:
http://www.howtoforge.com/perfect-server-centos-5.2-p5

P.P.S.
I have tested my server for OPEN Relay here http://www.myiptest.com/staticpages/index.php/open-relay-test and got the answer:
>Unable to relay: Invalid response code received from server
> This server is NOT Open Relay

falko · May 9, 2009

bzzik said: ↑

P.P.S.
I have tested my server for OPEN Relay here http://www.myiptest.com/staticpages/index.php/open-relay-test and got the answer:
>Unable to relay: Invalid response code received from server
> This server is NOT Open Relay
Click to expand...

That's a good thing.
But it is still possible that spammers abuse web applications on your server (like contact forms, gustbooks, etc.).

bzzik · May 10, 2009

Ok!

But what I think, that I am a victim of Backscatter mails. Can you advice me something regarding it?

falko said: ↑

That's a good thing.
But it is still possible that spammers abuse web applications on your server (like contact forms, gustbooks, etc.).
Click to expand...

How do I check this?

falko · May 11, 2009

That's difficult to check. You can have a look at Apache's access logs to see if there's a contact form/guestbook/whatever that is accessed again and again from the same IP.

bzzik · May 11, 2009

I do not think that it is from guestbooks/forms. What I have done: I stopped postfix for about 3 hours. Then I started it again and look into logs. Immediately after start I got tons of mails in queue (I am not posting all of them):

May 10 20:33:18 s2 postfix/postfix-script: stopping the Postfix mail system
May 10 20:33:18 s2 postfix/master[9501]: terminating on signal 15
May 10 21:36:21 s2 dovecot: pop3-login: Login: user=<llimejib>, method=PLAIN, rip=::ffff:78.84.91.197, lip=::ffff:87.226.13.245
May 10 21:36:21 s2 dovecot: POP3(llimejib): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
May 10 23:29:10 s2 sendmail[24894]: alias database /etc/aliases rebuilt by root
May 10 23:29:10 s2 sendmail[24894]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total
May 10 23:29:10 s2 postfix/postfix-script: starting the Postfix mail system
May 10 23:29:10 s2 postfix/master[24940]: daemon started -- version 2.3.3, configuration /etc/postfix
May 10 23:29:10 s2 postfix/qmgr[24943]: EF8FB104715: from=<[email protected]>, size=2466, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 12BB110476C: from=<[email protected]>, size=2411, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: DD321104AA3: from=<[email protected]>, size=2453, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1F1C31049C8: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: B4256104A91: from=<[email protected]>, size=2453, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 16087104ABA: from=<[email protected]>, size=2453, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7C140104A30: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1DBF8104763: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 3EF34104A94: from=<[email protected]>, size=2453, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 10524104B1D: from=<>, size=4283, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: D7476104739: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1B061104A63: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 20B4A1049BF: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1AE4F104A3E: from=<[email protected]>, size=3322, nrcpt=49 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: E83FD1048F8: from=<[email protected]>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1F6591046ED: from=<[email protected]>, size=2466, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: B2B1910470C: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1190610463F: from=<[email protected]>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7FDF11049C6: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 150BB104940: from=<[email protected]>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 6C9B3104A3B: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1E5E210470F: from=<[email protected]>, size=2466, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 18B78104A20: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 19F8F104913: from=<[email protected]>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: EA5E21048A8: from=<[email protected]>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1EC44104978: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 37BD41046F1: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1849B1048E5: from=<>, size=8177, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 87D4B1049E9: from=<[email protected]>, size=2453, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1AD35104B0A: from=<>, size=11424, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 863FA104ACF: from=<[email protected]>, size=2453, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 11766104B27: from=<>, size=5173, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 53AF210478E: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 18F8D10482E: from=<>, size=7066, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1098C104A85: from=<[email protected]>, size=2453, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1A565104971: from=<[email protected]>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 14EAE1047B1: from=<>, size=10543, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 16CCE104B24: from=<>, size=5388, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1C4411048D8: from=<[email protected]>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 17C83104791: from=<[email protected]>, size=2411, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 14407104A0A: from=<>, size=8067, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 154FD10478F: from=<[email protected]>, size=2411, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 11328104A44: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1686C104A03: from=<>, size=10161, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 164DC104757: from=<[email protected]>, size=2411, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 17EF5104A8B: from=<[email protected]>, size=2453, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 11E691049A5: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 12D171048E4: from=<[email protected]>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 10D321046CE: from=<>, size=8321, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 197FE1047E9: from=<[email protected]>, size=2411, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1C48D104AA0: from=<[email protected]>, size=2453, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1BB5C1047DA: from=<[email protected]>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 16C15104784: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1FFFF104B60: from=<[email protected]>, size=2488, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1EFD3104AE8: from=<>, size=8352, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7F386104A0E: from=<>, size=5229, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 73BD9104A1F: from=<>, size=8178, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 74669104923: from=<[email protected]>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 75C431049ED: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7EDEF1049DA: from=<>, size=8358, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7281610477F: from=<[email protected]>, size=2411, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 789D410460E: from=<>, size=8246, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7DE241046F6: from=<[email protected]>, size=2466, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 726C8104A67: from=<>, size=10565, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 75E9D104A29: from=<>, size=7685, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7127B10493A: from=<[email protected]>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7AA23104A50: from=<>, size=11375, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7CAA9104993: from=<>, size=8730, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7083D104B0D: from=<>, size=8723, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 738FC1049C2: from=<[email protected]>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7E04C10478C: from=<[email protected]>, size=2411, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 771BB1047A8:
Click to expand...

And then activity started again:

May 10 23:29:11 s2 postfix/qmgr[24943]: 0817B104877: from=<[email protected]>, size=2395, nrcpt=49 (queue active)
May 10 23:29:11 s2 postfix/qmgr[24943]: 0C0C7104A14: from=<>, size=5170, nrcpt=1 (queue active)
May 10 23:29:11 s2 postfix/qmgr[24943]: 052E9104717: from=<>, size=5478, nrcpt=1 (queue active)
May 10 23:29:11 s2 postfix/smtp[24960]: connect to primera.net.uniovi.es[156.35.11.21]: Connection refused (port 25)
May 10 23:29:11 s2 postfix/smtp[24952]: 12BB110476C: host mxav2.loschatosdelturia.com[62.193.206.40] refused to talk to me: 554 av3.amenworld.com AMEN AMEN requires that all mail servers must have a P
TR record with a valid Reverse DNS entry. Currently your mail server does not fill that requirement.
May 10 23:29:11 s2 postfix/smtp[24965]: connect to correo0.uma.es[150.214.40.111]: Connection refused (port 25)
May 10 23:29:11 s2 postfix/smtp[24961]: connect to mailhost.inves.es[62.97.103.145]: Connection refused (port 25)
May 10 23:29:11 s2 postfix/smtp[24961]: DD321104AA3: to=<[email protected]>, relay=none, delay=303490, delays=303490/0.14/0.2/0, dsn=4.4.1, status=deferred (connect to mailhost.inves.es[62.97.103.145]:
Connection refused)
May 10 23:29:11 s2 postfix/smtp[24952]: 12BB110476C: to=<[email protected]>, relay=mxav1.loschatosdelturia.com[62.193.206.39]:25, delay=393754, delays=393754/0.07/0.29/0, dsn=4.0
.0, status=deferred (host mxav1.loschatosdelturia.com[62.193.206.39] refused to talk to me: 554 av3.amenworld.com AMEN AMEN requires that all mail servers must have a PTR record with a valid Reverse D
NS entry. Currently your mail server does not fill that requirement.)
May 10 23:29:11 s2 postfix/smtp[25011]: connect to correo0.uma.es[150.214.40.111]: Connection refused (port 25)
May 10 23:29:11 s2 postfix/smtp[24951]: 12BB110476C: host mx.dca.untd.com[64.136.44.37] refused to talk to me: 550 Access denied...4df38e2b4e03c3c373833e4b5a3b5ae3cf83779a63c78a5bc39e635b5ef7f7bb132ad
3bef7d3afabdfdb...
May 10 23:29:11 s2 postfix/smtp[24953]: 12BB110476C: host mxav2.loscorleone.com[62.193.206.42] refused to talk to me: 554 av4.amenworld.com AMEN AMEN requires that all mail servers must have a PTR rec
ord with a valid Reverse DNS entry. Currently your mail server does not fill that requirement.
May 10 23:29:11 s2 postfix/smtp[25032]: connect to mailhost-antispam.ttd.net[213.0.184.65]: Connection refused (port 25)
May 10 23:29:11 s2 postfix/smtp[25032]: 1DBF8104763: to=<[email protected]>, relay=none, delay=307199, delays=307199/0.45/0.09/0, dsn=4.4.1, status=deferred (connect to mailhost-antispam.ttd.net[213
.0.184.65]: Connection refused)
May 10 23:29:11 s2 postfix/smtp[24986]: connect to mail-av.celbio.it[217.194.7.78]: Connection refused (port 25)
May 10 23:29:11 s2 postfix/smtp[24963]: certificate verification failed for mx.terra.es: num=19:self signed certificate in certificate chain
May 10 23:29:11 s2 postfix/smtp[24963]: certificate verification failed for mx.terra.es: num=24:invalid CA certificate
May 10 23:29:11 s2 postfix/smtp[24963]: certificate verification failed for mx.terra.es: num=26:unsupported certificate purpose
May 10 23:29:11 s2 postfix/smtp[24963]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24963]: certificate verification failed for mx.terra.es:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24963]: certificate verification failed for mx.terra.es:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24963]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24963]: certificate verification failed for mx.terra.es:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24963]: certificate verification failed for mx.terra.es:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24948]: EF8FB104715: to=<[email protected]>, relay=vip-us-br-mx.terra.com[208.84.244.133]:25, delay=368659, delays=368658/0.06/0.53/0, dsn=4.7.1, status=de
ferred (host vip-us-br-mx.terra.com[208.84.244.133] refused to talk to me: 450 4.7.1 Client host rejected: cannot find your hostname, [87.226.13.245])
May 10 23:29:11 s2 postfix/smtp[25002]: 16087104ABA: to=<[email protected]>, relay=ing.wanadoo.es[62.36.20.73]:25, delay=303410, delays=303409/0.32/0.28/0, dsn=4.0.0, status=deferred (host ing.w
anadoo.es[62.36.20.73] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 10 23:29:11 s2 postfix/smtp[24962]: DD321104AA3: to=<[email protected]>, relay=inc.wanadoo.es[62.36.20.20]:25, delay=303491, delays=303490/0.14/0.47/0, dsn=4.0.0, status=deferred (ho
st inc.wanadoo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 10 23:29:11 s2 postfix/smtp[24979]: certificate verification failed for tnetmx.telefonica.net: num=19:self signed certificate in certificate chain
May 10 23:29:11 s2 postfix/smtp[24979]: certificate verification failed for tnetmx.telefonica.net: num=24:invalid CA certificate
May 10 23:29:11 s2 postfix/smtp[24979]: certificate verification failed for tnetmx.telefonica.net: num=26:unsupported certificate purpose
May 10 23:29:11 s2 postfix/smtp[24979]: certificate verification failed for tnetmx.telefonica.net: num=10:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24979]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24979]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24979]: certificate verification failed for tnetmx.telefonica.net: num=10:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24979]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24979]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
Click to expand...

These .es domains - can I simply somehow ban them? What I am suffering from?

maikcat · May 12, 2009

the local_recipient_maps option in your
set the
local_recipient_maps =
this will accept mail for whatever user (exist or not)
combine it with
luser_relay = [email protected]

this will stop bounced back messages...

the side effect is that if someone mistypes a valid mail account
he will never get notification back from you with his error.... :s

cheers,

bzzik · May 12, 2009

maikcat sry - I have not provided all main.cf file. I have it like this at the moment:

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
mydomain = mydomain.lv
inet_interfaces = all
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
smtpd_sasl_local_domain = s2.mydomain.lv
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
mynetworks = 127.0.0.0/8
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
myhostname = s2.mydomain.lv
home_mailbox = Maildir/
mailbox_command =

virtual_maps = hash:/etc/postfix/virtusertable

mydestination = /etc/postfix/local-host-names

message_size_limit = 40960000
Click to expand...

Do you really think I need to set local_recipient_maps to empty value? This will turn off local recipient checking

maikcat · May 14, 2009

yes it will turn off local recipient check,

the reason i believe you need this is for avoiding spammers
to querie your mail server for valid users (they also use VRFY and EXPN commands as well).

the use of luser_relay is for creating a bucket ,so that your system
will never try to send back mail telling that the x mailbox doesnt exists,
the drawback of this approach is that if a valid user sends mail to one
of yours account but he mistyped his mail,he will never know that his
mail never reached the intended recipient, the advantage is that
your queue will never be full with postfix trying to send back notifications
to spammers (who will probably provided erroneous from: address..)

cheers,

matiasCU · Jun 25, 2009

bzzik your problem was solved?

Hi bzzik:
Could you solve the bounce problem?

I'm having apparentry the same problem, that it is killing my server.

Hi maikcat:
The
Look this:

Jun 25 07:28:08 server1 postfix/smtp[10056]: 072DF121DA3: to=<[email protected]>, relay=mail1.sunbeach.net[64.119.192.31]:25, delay=130988, delays=130853/131/2.6/0.77, dsn=5.0.0, status=bounced (host mail1.sunbeach.net[64.119.192.31] said: 553 sorry, the recipient in not a valid user on this domain (#5.7.1) (in reply to RCPT TO command))
Jun 25 07:28:08 server1 postfix/smtp[10056]: 072DF121DA3: to=<[email protected]>, relay=mail1.sunbeach.net[64.119.192.31]:25, delay=130988, delays=130853/131/2.6/0.84, dsn=5.0.0, status=bounced (host mail1.sunbeach.net[64.119.192.31] said: 553 sorry, the recipient in not a valid user on this domain (#5.7.1) (in reply to RCPT TO command))
Jun 25 07:28:08 server1 postfix/smtp[10056]: 072DF121DA3: to=<[email protected]>, relay=mail1.sunbeach.net[64.119.192.31]:25, delay=130988, delays=130853/131/2.6/0.93, dsn=5.0.0, status=bounced (host mail1.sunbeach.net[64.119.192.31] said: 553 sorry, the recipient in not a valid user on this domain (#5.7.1) (in reply to RCPT TO command))
Jun 25 07:28:07 server1 postfix/smtp[9324]: 0BA06120557: to=<[email protected]>, relay=none, delay=143242, delays=143104/132/6.8/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=services.dese.state.mo.us type=MX: Host not found, try again)
Jun 25 07:28:07 server1 postfix/smtp[9330]: 081B0121669: host sunbeach.net.s6b2.psmtp.com[64.18.5.14] refused to talk to me: 451 not currently accepting mail from your ip - psmtp
Jun 25 07:33:22 server1 postfix/smtp[9010]: 363C5120060: to=<[email protected]>, relay=mailin-04.mx.aol.com[205.188.159.216]:25, delay=183943, delays=183880/0.88/26/36, dsn=4.0.0, status=deferred (host mailin-04.mx.aol.com[205.188.159.216] said: 421 SERVICE NOT AVAILABLE, TEMPORARY DNS FAILURE (in reply to MAIL FROM command))
Jun 25 07:33:23 server1 postfix/smtp[9010]: 363C5120060: to=<[email protected]>, relay=mailin-04.mx.aol.com[205.188.159.216]:25, delay=183943, delays=183880/0.88/26/36, dsn=4.0.0, status=deferred (host mailin-04.mx.aol.com[205.188.159.216] said: 421 SERVICE NOT AVAILABLE, TEMPORARY DNS FAILURE (in reply to MAIL FROM command))
Jun 25 07:33:24 server1 postfix/smtp[10108]: 363C5120060: host mail.ureach.com[63.150.151.36] said: 451 4.1.8 Domain of sender address [email protected] does not resolve (in reply to MAIL FROM command)
Jun 25 07:33:24 server1 postfix/smtp[8853]: DCA07120026: host mail-in.freeserve.com[193.252.22.185] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command)
Jun 25 07:33:24 server1 postfix/smtp[10035]: 972F0121C04: to=<[email protected]>, relay=mx2.ust.hk[143.89.14.128]:25, delay=123940, delays=123844/0.32/57/38, dsn=4.7.1, status=deferred (host mx2.ust.hk[143.89.14.128] said: 450 4.7.1 <[email protected]>... server [engbbs.ust.hk] for <[email protected]> not answering (in reply to RCPT TO command))
Jun 25 07:33:24 server1 postfix/smtp[9981]: 363C5120060: to=<[email protected]>, relay=mailin-02.mx.aol.com[64.12.138.120]:25, delay=183942, delays=183880/2.9/46/14, dsn=4.0.0, status=deferred (host mailin-02.mx.aol.com[64.12.138.120] said: 421 SERVICE NOT AVAILABLE, TEMPORARY DNS FAILURE (in reply to MAIL FROM command))
Click to expand...

This would be the solution?
local_recipient_maps =
luser_relay = [email protected]

Thanks

falko · Jun 26, 2009

Are you trying to relay through another server? Take a look here: http://www.howtoforge.com/postfix_relaying_through_another_mailserver

matiasCU · Jun 26, 2009

Hi Falko:
No. I'm doing direct from my server, I'm not using relay. Why ask this?

I think the attack is Backscatter for the messages I have in the queue of deferred look this:

T 5 10 20 40 80 160 320 640 1280 1280+
TOTAL 16908 0 0 1 0 0 0 184 4 7 16712
yahoo.com 3665 0 0 0 0 0 0 149 0 0 3516
emirates.net.ae 2982 0 0 0 0 0 0 1 0 0 2981
bellsouth.net 1729 0 0 0 0 0 0 3 0 0 1726
comcast.net 1469 0 0 0 0 0 0 0 0 0 1469
freenet.columbus.oh.us 294 0 0 0 0 0 0 1 0 0 293
sunbeach.net 270 0 0 0 0 0 0 2 0 0 268
adelphia.net 202 0 0 0 0 0 0 0 0 0 202
verizon.net 150 0 0 0 0 0 0 0 0 0 150
tampabay.rr.com 108 0 0 0 0 0 0 0 0 0 108
cfl.rr.com 88 0 0 0 0 0 0 0 0 0 88
knology.net 83 0 0 0 0 0 0 0 0 0 83
mslottery.com 74 0 0 1 0 0 0 1 4 7 61
scf.usc.edu 70 0 0 0 0 0 0 0 0 0 70
aludra.usc.edu 66 0 0 0 0 0 0 0 0 0 66
nc.rr.com 62 0 0 0 0 0 0 0 0 0 62
rochester.rr.com 62 0 0 0 0 0 0 0 0 0 62
engbbs.ust.hk 61 0 0 0 0 0 0 1 0 0 60
twcny.rr.com 60 0 0 0 0 0 0 0 0 0 60
aol.com 57 0 0 0 0 0 0 0 0 0 57
Click to expand...

I've made the changes mentioned maikcat, also erased the deferred queue, with postsuper -d ALL deferred command.
Apparently now the queue is empty, but I have to continue to monitor the operation of the server.

#qshape deferred
T 5 10 20 40 80 160 320 640 1280 1280+
TOTAL 25 0 0 0 0 0 0 0 0 0 25
comcast.net 5 0 0 0 0 0 0 0 0 0 5
cs.com 2 0 0 0 0 0 0 0 0 0 2
aol.com 1 0 0 0 0 0 0 0 0 0 1
....
Click to expand...

falko · Jun 27, 2009

Do your domains have proper A and MX records? What about SPF and PTR records?

matiasCU · Jul 3, 2009

Sry for the delay... Yes I have A, MX, and txt SPF record for the domain.
The only thing I can get to be in the unusual configuration is that I have 2 MX records plus, that not responding "the concept of nolisting"

site.com. 86400 IN MX 5 dummy1.site.com.
site.com. 86400 IN MX 10 mail.site.com.
site.com. 86400 IN MX 20 dummy2.site.com.

dummy1.site.com. 86400 IN A 190.xx.yy.z1
mail.site.com. 86400 IN A 190.xx.yy.z2
dummy2.site.com. 86400 IN A 190.xx.yy.z3

site.com. 86400 IN TXT "v=spf1 ip4:190.xx.yy.z2 a mx ptr ~all"

Obviously in dummy1 and dummy2 I don't have mail server.

falko · Jul 4, 2009

Please delete the MX records for
site.com. 86400 IN MX 5 dummy1.site.com.
site.com. 86400 IN MX 20 dummy2.site.com.

matiasCU · Jul 14, 2009

Please tell me why should I delete?

Tks

Log in or Sign up

Is my postfix is hacked?

bzzik New Member

maikcat New Member

bzzik New Member

maikcat New Member

bzzik New Member

bzzik New Member

falko Super Moderator Howtoforge Staff

bzzik New Member

falko Super Moderator Howtoforge Staff

bzzik New Member

maikcat New Member

bzzik New Member

maikcat New Member

matiasCU Member

falko Super Moderator Howtoforge Staff

matiasCU Member

falko Super Moderator Howtoforge Staff

matiasCU Member

falko Super Moderator Howtoforge Staff

matiasCU Member

Share This Page

Log in or Sign up

Is my postfix is hacked?

bzzik New Member

maikcat New Member

bzzik New Member

maikcat New Member

bzzik New Member

bzzik New Member

falko Super Moderator Howtoforge Staff

bzzik New Member

falko Super Moderator Howtoforge Staff

bzzik New Member

maikcat New Member

bzzik New Member

maikcat New Member

matiasCU Member

falko Super Moderator Howtoforge Staff

matiasCU Member

falko Super Moderator Howtoforge Staff

matiasCU Member

falko Super Moderator Howtoforge Staff

matiasCU Member

Share This Page

Useful Searches