Mail Log - postfix/smtpd

Hi,

recently i always receive email error, and i notice on my mail log there was something like this:

Code:

May 29 08:48:14 server postfix/local[12157]: BEF641F700: to=<[email protected]>, relay=local, delay=0.13, delays=0.07/0.06/0/0, dsn=5.1.1, status=bounced (unknown user: "=?utf-8?q?=d0=be=d1=82=20?=")
May 29 08:48:14 server postfix/local[12153]: BEF641F700: to=<=?utf-8?Q?=D0=BF=D1=80=D0=B8=D0=B7=D0=BE=D0=B2=20?=@server.sariraya.com>, relay=local, delay=0.13, delays=0.07/0.06/0/0, dsn=5.1.1, status=bounced (unknown user: "=?utf-8?q?=d0=bf=d1=80=d0=b8=d0=b7=d0=be=d0=b2=20?=")
May 29 08:48:14 server postfix/local[12155]: BEF641F700: to=<=?utf-8?Q?=D0=BF=D1=80=D0=B8=D0=B7=D0=BE=D0=B2=D1=8B=D0=BC=20?=@server.sariraya.com>, relay=local, delay=0.13, delays=0.07/0.06/0/0, dsn=5.1.1, status=bounced (unknown user: "=?utf-8?q?=d0=bf=d1=80=d0=b8=d0=b7=d0=be=d0=b2=d1=8b=d0=bc=20?=")
May 29 08:48:26 server postfix/qmgr[1518]: BE787203FA: removed
May 29 08:50:02 server postfix/anvil[11017]: statistics: max connection rate 1/60s for (smtp:209.85.161.187) at May 29 08:40:02
May 29 08:50:02 server postfix/anvil[11017]: statistics: max connection count 1 for (smtp:209.85.161.187) at May 29 08:40:02
May 29 08:50:02 server postfix/anvil[11017]: statistics: max message rate 1/60s for (smtp:209.85.161.187) at May 29 08:40:04
May 29 08:50:02 server postfix/anvil[11017]: statistics: max cache size 3 at May 29 08:43:59
May 29 08:50:02 server dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.1.1, session=<VYK5xkxtlr5/AAAB>
May 29 08:50:02 server dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.1.1, session=<Yae5xkxtQqt/AAAB>
May 29 08:50:02 server postfix/smtpd[12303]: connect from ip6-localhost[127.0.0.1]
May 29 08:50:02 server postfix/smtpd[12303]: lost connection after CONNECT from ip6-localhost[127.0.0.1]
May 29 08:50:02 server postfix/smtpd[12303]: disconnect from ip6-localhost[127.0.0.1] commands=0/0
May 29 08:55:02 server dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=127.0.0.1, lip=127.0.1.1, session=<wZeX2ExtVqt/AAAB>
May 29 08:55:02 server postfix/smtpd[12970]: connect from ip6-localhost[127.0.0.1]
May 29 08:55:02 server postfix/smtpd[12970]: lost connection after CONNECT from ip6-localhost[127.0.0.1]
May 29 08:55:02 server postfix/smtpd[12970]: disconnect from ip6-localhost[127.0.0.1] commands=0/0
May 29 08:55:02 server dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.1.1, session=<gQWY2Extqr5/AAAB>
May 29 08:55:22 server postfix/smtpd[12970]: connect from mail-yw0-f186.google.com[209.85.161.186]
May 29 08:55:24 server postfix/smtpd[12970]: NOQUEUE: filter: RCPT from mail-yw0-f186.google.com[209.85.161.186]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-yw0-f186.google.com>
May 29 08:55:24 server postfix/smtpd[12970]: NOQUEUE: filter: RCPT from mail-yw0-f186.google.com[209.85.161.186]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-yw0-f186.google.com>
May 29 08:55:24 server postfix/smtpd[12970]: NOQUEUE: reject: RCPT from mail-yw0-f186.google.com[209.85.161.186]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-yw0-f186.google.com>
May 29 08:55:24 server postfix/smtpd[12970]: disconnect from mail-yw0-f186.google.com[209.85.161.186] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7
May 29 08:58:44 server postfix/anvil[13401]: statistics: max connection rate 1/60s for (smtp:209.85.161.186) at May 29 08:55:22
May 29 08:58:44 server postfix/anvil[13401]: statistics: max connection count 1 for (smtp:209.85.161.186) at May 29 08:55:22
May 29 08:58:44 server postfix/anvil[13401]: statistics: max message rate 1/60s for (smtp:209.85.161.186) at May 29 08:55:24
May 29 08:58:44 server postfix/anvil[13401]: statistics: max cache size 1 at May 29 08:55:22
May 29 09:00:02 server dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=127.0.0.1, lip=127.0.1.1, session=<ADB46kxtdKt/AAAB>
May 29 09:00:02 server dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.1.1, session=<Nmp46kxtyL5/AAAB>
May 29 09:00:02 server postfix/smtpd[13637]: connect from ip6-localhost[127.0.0.1]
May 29 09:00:02 server postfix/smtpd[13637]: lost connection after CONNECT from ip6-localhost[127.0.0.1]
May 29 09:00:02 server postfix/smtpd[13637]: disconnect from ip6-localhost[127.0.0.1] commands=0/0
May 29 09:00:12 server postfix/smtpd[13637]: connect from mail-qt0-f196.google.com[209.85.216.196]
May 29 09:00:14 server postfix/smtpd[13637]: NOQUEUE: filter: RCPT from mail-qt0-f196.google.com[209.85.216.196]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-qt0-f196.google.com>
May 29 09:00:14 server postfix/smtpd[13637]: NOQUEUE: filter: RCPT from mail-qt0-f196.google.com[209.85.216.196]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-qt0-f196.google.com>
May 29 09:00:14 server postfix/smtpd[13637]: NOQUEUE: reject: RCPT from mail-qt0-f196.google.com[209.85.216.196]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-qt0-f196.google.com>
May 29 09:00:14 server postfix/smtpd[13637]: disconnect from mail-qt0-f196.google.com[209.85.216.196] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7
May 29 09:03:35 server postfix/anvil[14262]: statistics: max connection rate 1/60s for (smtp:209.85.216.196) at May 29 09:00:12
May 29 09:03:35 server postfix/anvil[14262]: statistics: max connection count 1 for (smtp:209.85.216.196) at May 29 09:00:12
May 29 09:03:35 server postfix/anvil[14262]: statistics: max message rate 1/60s for (smtp:209.85.216.196) at May 29 09:00:14
May 29 09:03:35 server postfix/anvil[14262]: statistics: max cache size 1 at May 29 09:00:12
May 29 09:04:40 server postfix/smtpd[14412]: connect from mail-qt0-f193.google.com[209.85.216.193]
May 29 09:04:42 server postfix/smtpd[14412]: NOQUEUE: filter: RCPT from mail-qt0-f193.google.com[209.85.216.193]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-qt0-f193.google.com>
May 29 09:04:42 server postfix/smtpd[14412]: NOQUEUE: filter: RCPT from mail-qt0-f193.google.com[209.85.216.193]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-qt0-f193.google.com>
May 29 09:04:42 server postfix/smtpd[14412]: NOQUEUE: reject: RCPT from mail-qt0-f193.google.com[209.85.216.193]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-qt0-f193.google.com>
May 29 09:04:42 server postfix/smtpd[14412]: disconnect from mail-qt0-f193.google.com[209.85.216.193] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7
May 29 09:05:01 server postfix/smtpd[14412]: connect from ip6-localhost[127.0.0.1]
May 29 09:05:01 server postfix/smtpd[14412]: lost connection after CONNECT from ip6-localhost[127.0.0.1]
May 29 09:05:01 server postfix/smtpd[14412]: disconnect from ip6-localhost[127.0.0.1] commands=0/0
May 29 09:05:01 server dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.1.1, session=<xcRU/ExtoKt/AAAB>
May 29 09:05:01 server dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.1.1, session=<1s5U/Ext9L5/AAAB>

do any of you guys know what i have to do?
honestly i am not an expert at managing server.
kindly need your advice, thank you in advance.

 

Hi till,
i receive the email like this:
with title: Undelivered Mail Returned to Sender or Delivery status notification, MTA-BLOCKED

Code:

Reporting-MTA: dns; server.sariraya.com
X-Postfix-Queue-ID: 51CA92034A
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Tue, 29 May 2018 10:39:15 +0900 (JST)

Final-Recipient: rfc822; =?utf-8?Q?$1086=20=D1=83=D0=BA=D0=B0=D0=B6=D0=B8=D1=82=D0=B5=20?=@server.mydomain.com
Original-Recipient: rfc822;=?utf-8?Q?$1086=20=D1=83=D0=BA=D0=B0=D0=B6=D0=B8=D1=82=D0=B5=20?=@server.mydomain.com
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Postfix; unknown user:
    "=?utf-8?q?$1086=20=d1=83=d0=ba=d0=b0=d0=b6=d0=b8=d1=82=d0=b5=20?="


Subject    アカウントを確認してください
From    Owner
To    =?utf-8?Q?=D0=A1=D1=80=D0=B5=D0=B4=D1=81=D1=82=D0=B2=D0=B0=20?=@server.mydomain.com, =?utf-8?Q?=D0=B2=20=D1=80=D0=B0=D0=B7=D0=BC=D0=B5=D1=80=D0=B5=20?=@server.mydomain.com, [email protected], =?utf-8?Q?=D0=BF=D0=BE=D0=BB=D1=83=D1=87=D0=B5=D0=BD=D1=8B.=20?=@server.mydomain.com, [email protected], =?utf-8?Q?=D0=B7=D0=B0=D0=B2=D0=B5=D1=80=D1=88=D0=B5=D0=BD=D0=B8=D1=8F=20?=@server.mydomain.com, =?utf-8?Q?=D0=BE=D0=B1=D0=BC=D0=B5=D0=BD=D0=B0=20=D0=BD=D0=B0=20?=@server.mydomain.com, =?utf-8?Q?$1086=20=D1=83=D0=BA=D0=B0=D0=B6=D0=B8=D1=82=D0=B5=20?=@server.mydomain.com, =?utf-8?Q?=D0=BD=D0=BE=D0=BC=D0=B5=D1=80=20?=@server.mydomain.com, =?utf-8?Q?=D0=B1=D0=B0=D0=BD=D0=BA=D0=BE=D0=B2=D1=81=D0=BA=D0=BE=D0=B9=20?=@server.mydomain.com, =?utf-8?Q?=D0=BA=D0=B0=D1=80=D1=82=D1=8B=20?=@server.mydomain.com, "=?utf-8?Q?https://www.google.com/url=3Fhl=3Dru&q=3D%68tt%70s%3A%2F%2F%62%69%74"@2Ely/2LzVYLH&ust=3D1527641896785000&usg=3DAFQjCNF4k1xg7uURfNK4-M9plzAas=5FX4pw=20?=, =?utf-8?Q?=D0=9D=D0=B0=D0=BF=D0=BE=D0=BC=D0=B8=D0=BD=D0=B0=D0=B5=D0=BC=2C=20?=@server.sariraya.com, =?utf-8?Q?=D1=87=D0=B5=D1=80=D0=B5=D0=B7=2024=20?=@server.mydomain.com, =?utf-8?Q?=D1=87=D0=B0=D1=81=D0=B0=200=2C15=20=20BTC=20?=@server.mydomain.com, =?utf-8?Q?=D0=B2=D0=B5=D1=80=D0=BD=D1=83=D1=82=D1=81=D1=8F=20?=@server.mydomain.com, =?utf-8?Q?=D0=BD=D0=B0=20=D0=B2=D0=B0=D1=88=20?=@server.mydomain.com, =?utf-8?Q?=D0=BA=D0=BE=D1=88=D0=B5=D0=BB=D0=B5=D0=BA=20***[email protected], [email protected], =?utf-8?Q?=D0=B2=D1=8B=D1=87=D0=B5=D1=82=D0=BE=D0=BC=20?=@server.mydomain.com, =?utf-8?Q?=D0=BA=D0=BE=D0=BC=D0=B8=D1=81=D1=81=D0=B8=D0=B8=20?=@server.mydomain.com, [email protected]
Date    Today 08:39

almost every 5 minutes i receive the same email like above

 

Have you tried using Internet search engines with

Code:

Diagnostic-Code: X-Postfix; unknown user:

Maybe add

Code:

site: howtoforge.com 

 

Tried your suggestion, thank you!

Maybe in my case is because there was somebody tried to sent an email to:
=?utf-8?q?$1086=20=d1=83=d0=ba=d0=b0=d0=b6=d0=b8=d1=82=d0=b5=20?=
in which there was no address like that in my server.

i try to sent an email to the valid address, and there was no error at all.

so, is this a normal case? or is there anything that i could improve?

FYI, this was my main.cf

Expand: main.cf

Code:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = server.mydomain.com
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
myorigin = /etc/mailname
mydestination = server.mydomain.com, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains =
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10023
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unix:private/policy-spf
smtpd_tls_security_level = may
transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo
smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf, reject_rbl_client cbl.abuseat.org, reject_rbl_client b.barracudacentral.org
smtpd_client_message_rate_limit = 100
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = dovecot
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
owner_request_special = no
smtp_tls_security_level = may
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
message_size_limit = 0
policy-spf_time_limit = 3600s

 

I see, so it was like that...
Thank you, till!

 

check wether you have http://www.postfix.org/SMTPUTF8_README.html#enabling enabled. might cause issues from time to time if, like docs say, infrastructure doesn't support it 100%

 

Hi

i didn't see :
"smtputf8_enable = yes"
in my main.cf
which mean SMTPUTF8 wasn't enabled, right?
i haven't modify anything on SMTP intaller since i only following tutorial provided by ISPConfig

 

have you tried it yet?
default might be

Code:

smtputf8_enable = ${{$compatibility_level} < {1} ? {no} : {yes}}

so it depends.

 

I tried, but no luck
so i try another approach, since the pattern was always same, so i create a filter on mail content then discard those kind of email.

Thank you for the support.