Hi I have about 22 mb of logfile for my mailserver. for today... What is this : Code: Oct 29 15:06:11 web1 postfix/smtp[28274]: connect to orngca-02.mgw.rr.com[24.28.204.56]: server refused to talk to me: 550-hrndva-mx-20.mgw.rr.com 550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54 (port 25) Oct 29 15:06:11 web1 postfix/smtp[28287]: connect to hrndva-01.mgw.rr.com[24.28.204.22]: server refused to talk to me: 550-hrndva-mx-03.mgw.rr.com 550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54 (port 25) Oct 29 15:06:11 web1 postfix/smtp[28292]: connect to clmboh-02.mgw.rr.com[65.24.7.15]: server refused to talk to me: 550-clmboh-mx-14.mgw.rr.com 550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54 (port 25) Oct 29 15:06:11 web1 postfix/smtp[28274]: connect to clmboh-01.mgw.rr.com[65.24.7.12]: server refused to talk to me: 550-clmboh-mx-03.mgw.rr.com 550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54 (port 25) Oct 29 15:06:11 web1 postfix/smtp[28287]: connect to clmboh-01.mgw.rr.com[65.24.7.20]: server refused to talk to me: 550-clmboh-mx-06.mgw.rr.com 550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54 (port 25) Oct 29 15:06:11 web1 postfix/smtp[28274]: connect to hrndva-01.mgw.rr.com[24.28.204.23]: server refused to talk to me: 550-hrndva-mx-04.mgw.rr.com 550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54 (port 25) Oct 29 15:06:12 web1 postfix/smtp[28274]: connect to hrndva-02.mgw.rr.com[24.28.204.29]: server refused to talk to me: 550-hrndva-mx-10.mgw.rr.com 550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54 (port 25) Oct 29 15:06:12 web1 postfix/smtp[28287]: connect to orngca-01.mgw.rr.com[66.75.160.128]: server refused to talk to me: 550-orngca-mx-01.mgw.rr.com 550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54 (port 25) Oct 29 15:06:12 web1 postfix/smtp[28274]: connect to hrndva-01.mgw.rr.com[24.28.204.22]: server refused to talk to me: 550-hrndva-mx-03.mgw.rr.com 550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54 (port 25) Oct 29 15:06:12 web1 postfix/smtp[28287]: connect to hrndva-02.mgw.rr.com[24.28.204.27]: server refused to talk to me: 550-hrndva-mx-08.mgw.rr.com 550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54 (port 25) Oct 29 15:06:12 web1 postfix/smtp[28276]: connect to hrndva-01.mgw.rr.com[24.28.204.21]: server refused to talk to me: 550-hrndva-mx-02.mgw.rr.com 550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54 (port 25) Oct 29 15:06:12 web1 postfix/smtp[28287]: connect to hrndva-02.mgw.rr.com[24.28.204.28]: server refused to talk to me: 550-hrndva-mx-09.mgw.rr.com 550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54 (port 25) Oct 29 15:06:12 web1 postfix/smtp[28292]: connect to orngca-02.mgw.rr.com[66.75.160.144]: server refused to talk to me: 550-orngca-mx-10.mgw.rr.com 550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54 (port 25) Oct 29 15:06:12 web1 postfix/smtp[28274]: connect to hrndva-02.mgw.rr.com[24.28.204.37]: server refused to talk to me: 550-hrndva-mx-14.mgw.rr.com 550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54 (port 25) Oct 29 15:06:12 web1 postfix/smtp[28276]: connect to orngca-01.mgw.rr.com[24.28.204.55]: server refused to talk to me: 550-hrndva-mx-19.mgw.rr.com 550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54 (port 25) Oct 29 15:06:12 web1 postfix/smtp[28276]: 9CA3C6F467C: to=<[email protected]>, relay=none, delay=27372, status=deferred (connect to orngca-01.mgw.rr.com[24.28.204.55]: server refused to talk to me: 550-hrndva-mx-19.mgw.rr.com 550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54 )
Your IP address is listed in CBL as psam sender: http://cbl.abuseat.org/lookup.cgi?ip=85.82.7.54 Thats why the server refuses your emails. Please check that your server is not a open relay and check that you do not have PHP or perl formmail scripts installed on your server that allow mail relaying. With the command postqueue -p you can check how many mails are stored in your mailqueue.
mess... i have 816 in queue... I have stopped my smtp server... How can i make it possible on to use SMTP from localhost ?
You can set: inet_interfaces = 127.0.0.1 in your postfix main.cf. But if the origin of the spam is a formmail script, this solution wont help.
Hi.. I have set that now. How do i delete the queue ? And how can i see if there is a script they are using ? This sucks I througt i had a safe system.. But nothing is safe in this world
To empty the que, run this command: postsuper -d ALL Before you empty the queue, you can try to find out which script has send the mails by inpecting the mail content with the command: postcat -q /path/to/the/mailspol/file To find the path of the mailfile, you may run: updatedb and then search the file with: locate [MAILID] where [MAILID] is the ID of a spool item in the postqueue -p listing.
After updatedb locate 5D7846F4519 5D7846F4519 is that the ID i should search for ? It can't locate anything ?
This looks like a correct mail ID: if your run: postqueue -p | grep 5D7846F4519 Do you get the line with the mail? Maybe the email has been delivered already. You might have to stop postfix for a while to analyse the mails.
I get this: postqueue: warning: Mail system is down -- accessing queue directly 5D7846F4519 60590 Thu Oct 26 18:01:07 [email protected] The mailserver is down... I did not dare not to..
Hi... After i set inet_interfaces = 127.0.0.1 in mail.cf i get no mail at all... ??? Now i have removed it... And i get mail again.. How can i set so my smtp server on work from 127.0.0.1, but i can get mail from outside ? P.S. At this moment my server is not spamming...
Thats correct. It means you will be able to send email only from localhost. OK, thats an other question as this If you followed the perfect setup, your server is already configured like that. You can check it here: http://www.abuse.net/relay.html
Hi Till I did use the perfect setup... How can i tell if there is a script where it is possible to send mail via ? If i test http://www.abuse.net/relay.html I don't have any problems !!! And it is not being used for spam ?
You must review the file with the postcat command as i described above to get the content of the original email. Then you must try to figure out through which account or with wich original email recipient is has been send on your server. Finding the correct mail form is not trivial in most cases.
When I use the POSTCAT command with mail id i get an error It can't find the ID ? But the ID is from "postqueue -p" ? At this point I'm not spamming... I think.. i can't find anything in the log.. But i still have a few entries in blacklisting www.dnsstuff.com/tools/ip4r.ch?ip=85.82.7.54
You must use the path to the file with postcat, not the ID. Please see the example that I had posted.
HI... Now i have this in my log... Nov 8 20:04:02 web1 postfix/smtpd[11028]: connect from unknown[83.91.85.91] Nov 8 20:04:02 web1 postfix/smtpd[11028]: setting up TLS connection from unknown[83.91.85.91] Nov 8 20:04:02 web1 postfix/smtpd[11028]: TLS connection established from unknown[83.91.85.91]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Nov 8 20:04:02 web1 postfix/smtpd[11028]: NOQUEUE: reject: RCPT from unknown[83.91.85.91]: 450 Client host rejected: cannot find your hostname, [83.91.85.91]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<ns-1.danskespil.dk> Nov 8 20:04:03 web1 postfix/smtpd[11028]: disconnect from unknown[83.91.85.91] What parameter is causing this ? It's not bad when someone is trying to connect from home, but this is a big company in DK...
This message does not mean that your server can not find the hostname for danskespil.dk, it can not find the hostname for the IP 83.91.85.91, which means that this IP has no reverse record.
