Hi, I have many of these messages in my ISPConfig > Monitor > Mail Queue -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- C0DAE496D0 2490 Wed Jan 27 15:18:24 [email protected] (connect to test.com[69.172.200.235]:25: No route to host) [email protected] I blocked above IP from my server route add -host 69.172.200.235 reject How could I get rid of these messages from Mail Queue?
And you'll probably need to stop the source of those messages to be rid of them as well; it sounds like you blocked the destination mail server of one specific message.
Thank You! I'm aware of postsuper -d ALL however, those message reappear. How would I go about: "And you'll probably need to stop the source of those messages to be rid of them as well;"?
If the source is a "webmaster" address, my first guess would be they're coming a compromised/abused website, and I'd go to looking at the contents of one of those messages (postcat -q C0DAE496D0 | less <--- using a current message queue id) to see what the headers indicate. Assuming that's what's going on, if it's not obvious what is being abused on the site (often a form, sometimes malware or other), head to web server logs and see what requests are triggering the spam. If it's not from a website, or just as a generally safe place to start anyways, your mail log will tell you where the messages are coming from, and if it's an authenticated user or ??
Thanks @Jesse Norell. I use wordfence plugin on some website, once I install plugin, they ask for email, in the past I entered [email protected] instead of actual email. This is what's in header of C0DAE496D0. *** HEADER EXTRACTED deferred/C/C0DAE496D0 *** named_attribute: dsn_orig_rcpt=rfc822;[email protected] original_recipient: [email protected] recipient: [email protected] *** MESSAGE FILE END deferred/C/C0DAE496D0 *** I found UNSUBSCRIBE link in those messages from MAIL QUEUE and unsubscribed. I'm hopping this will take are of the issue. Thank You All!
I have another message in MAIL QUEUE. My server ip is changed to 111.222.333.444) for privacy. I'm using "Send Copy to" field/item ISPCONFIG > EMAIL > MAILBOX on email account [email protected] "Send Copy to" [email protected] MAIL LOG -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- 4E7D44964C 25569 Thu Jan 28 12:29:04 [email protected] (host alt1.gmail-smtp-in.l.google.com[173.194.68.27] said: 421-4.7.28 [111.222.333.444 15] Our system has detected an unusual rate of 421-4.7.28 unsolicited mail originating from your IP address. To protect our 421-4.7.28 users from spam, mail sent from your IP address has been temporarily 421-4.7.28 rate limited. Please visit 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. c84si1580629qkg.210 - gsmtp (in reply to end of DATA command)) [email protected] MESSAGE HEADERS root@myserver~# postcat -q 4E7D44964C | less *** ENVELOPE RECORDS deferred/4/4E7D44964C *** message_size: 25569 315 1 0 25569 0 message_arrival_time: Thu Jan 28 06:29:04 2021 create_time: Thu Jan 28 06:29:04 2021 named_attribute: rewrite_context=local sender_fullname: root sender: [email protected] named_attribute: dsn_orig_rcpt=rfc822;[email protected] original_recipient: [email protected] recipient: [email protected] *** MESSAGE CONTENTS deferred/4/4E7D44964C *** Received: by myserver.com (Postfix, from userid 5000) id 4E7D44964C; Thu, 28 Jan 2021 06:29:04 -0600 (CST) X-Sieve: Pigeonhole Sieve 0.4.16 () X-Sieve-Redirected-From: [email protected] Delivered-To: [email protected] Received: from myserver.com by myserver.com (Dovecot) with LMTP id KnnxERCuEmAlGgAAJoZrcw for <[email protected]>; Thu, 28 Jan 2021 06:29:04 -0600 Received: from 66-220-144-147.mail-mail.facebook.com (66-220-144-147.mail-mail.facebook.com [66.220.144.147]) by lmyserver.com (Postfix) with ESMTPS id C16C9494AD for <[email protected]>; Thu, 28 Jan 2021 06:29:03 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=facebookmail.com; s=s1024-2013-q3; t=1611836925; bh=41BHpv2yrELBZDmFC5OkXQ6kJxXZ0AEsT9pt5x0TR7E=; h=Date:To:Subject:From:MIME-Version:Content-Type; b=UKF39dNey9PgLi+rutv5pXsxHIXpbEjIp7zep5XHDuQX3t3MiJsGz3cCPSUlayFPi 1iKoiXkYX42O6MPp2dTTV8W5xPIacSEGPKOw9DLcScNtixfKV/yy1E6CsdS+QCu9n2 a8dfcytEQFEMIg+uhfEzRCp84KBp7qa/6P3m48VY= X-Facebook: from 2401:db00:21:b154:face:0:2e:0 ([MTI3LjAuMC4x]) by www.facebook.com with HTTPS (ZuckMail); Date: Thu, 28 Jan 2021 04:28:45 -0800 To: Cooper Price <[email protected]> Subject: =?UTF-8?B?8J+OgiBTaGVsaWEgTWFyc2hh?= =?UTF-8?B?bGwsIE1hcmNpZSBCYXJy?= =?UTF-8?B?b24gQm9vbXNsaXRlciBh?= =?UTF-8?B?bmQgUGVnZ3kgVGltbSBo?= This messages also has a link to Facebook - Would you like to opt out of this email notification? You will no longer receive emails at [email protected] for this email type: Upcoming birthdays
If that is legitimately a forwarded facebook email, that message is an innocent victim, you won't find the source of your issues by looking at it. Check your mail log if there's nothing left in queue to examine. Google is pretty quick to respond to a spam run stopping, and those messages will clear out of queue once you find and fix the spam source(s).
Thank You @Jesse Norell I edited my post #7 with more info. From your response post #8 i shouldn't worry about this being SPAM, correct?
