hi many clients are complaining that their website is not sending out emails... i tested it and checked on maillog , did not find the email being sent out, but lots of other spam entries.. see last 20 entries below.. [root@server1 log]# tail -20 maillog Mar 9 09:05:01 server1 postfix/pickup[711618]: A01557E26A8: uid=5012 from=<web11> Mar 9 09:05:01 server1 postfix/cleanup[713378]: A01557E26A8: message-id=<[email protected]> Mar 9 09:05:01 server1 postfix/qmgr[1819]: A01557E26A8: from=<[email protected]>, size=982, nrcpt=1 (queue active) Mar 9 09:05:01 server1 postfix/smtpd[714280]: discarding EHLO keywords: CHUNKING Mar 9 09:05:02 server1 postfix/smtpd[707365]: connect from localhost[127.0.0.1] Mar 9 09:05:02 server1 postfix/smtpd[707365]: discarding EHLO keywords: CHUNKING Mar 9 09:05:02 server1 postfix/smtpd[707365]: 055DD7E22C7: client=localhost[127.0.0.1] Mar 9 09:05:02 server1 postfix/cleanup[713378]: 055DD7E22C7: message-id=<[email protected]> Mar 9 09:05:02 server1 postfix/smtpd[707365]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 Mar 9 09:05:02 server1 postfix/qmgr[1819]: 055DD7E22C7: from=<[email protected]>, size=1444, nrcpt=1 (queue active) Mar 9 09:05:02 server1 amavis[711702]: (711702-09) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: u7-hbu8dVW9V, Hits: 1.999, size: 981, queued_as: 055DD7E22C7, 371 ms Mar 9 09:05:02 server1 postfix/smtp[706315]: A01557E26A8: to=<[email protected]>, orig_to=<web11>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.39, delays=0.01/0/0/0.37, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 055DD7E22C7) Mar 9 09:05:02 server1 postfix/qmgr[1819]: A01557E26A8: removed Mar 9 09:05:02 server1 postfix/local[706021]: 055DD7E22C7: to=<[email protected]>, relay=local, delay=0.02, delays=0.01/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox) Mar 9 09:05:02 server1 postfix/qmgr[1819]: 055DD7E22C7: removed Mar 9 09:05:02 server1 postfix/smtpd[714299]: connect from localhost[::1] Mar 9 09:05:02 server1 postfix/smtpd[714299]: lost connection after CONNECT from localhost[::1] Mar 9 09:05:02 server1 postfix/smtpd[714299]: disconnect from localhost[::1] commands=0/0 Mar 9 09:05:02 server1 dovecot[2337]: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<Ftxst8PZhLMAAAAAAAAAAAAAAAAAAAAB> Mar 9 09:05:02 server1 dovecot[2337]: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<Pt1st8PZSNEAAAAAAAAAAAAAAAAAAAAB> [root@server1 log]#
How do they send mail form that site, using PHP mail function or by smtp? Do you have php chroot enabled in that site? If yes, the site must send by SMTP and not use PHP mail() function.
all complaining clients get their emails sent via a program...so PHP one is a booking system which the booking person gets confirmation after booking the other gets a message with a brochure attached after the browsing client enter his email address the other uses a web based ticketing system so far, these are the complainants, i'm expecting more as they realise their clients arent getting mail from the website.
Do you have php chroot enabled in that site? If yes, the site must send by SMTP and not use PHP mail() function.
Tx for the response, how do I check the enablement of PHP Root? I have check 3 sites, they do not offer SMTP sending option.
i was disabled, however, the client programs can only send via php..... is there any error log i can check?
If the websites are sending with php, they will most likely be calling the sendmail program (you can confirm in php.ini) and logs related to that will be the mail log; you included an example of exactly that in your initial post, which shows a message being delivered to [email protected]: This is the message recipient because server1.cloudastrix.com is the server's hostname, and the message was sent from "web11" to "web11" with no domain: So both addresses were changed to [email protected] by default. In this example I don't know that there's anything wrong with php or the mail system, it is simply the website needs to specify a recipient address for the email. Specifying a real email address for the sender is likely to become useful at some point as well.
i dont believe we're on the same page. The WEB11 is a dormant website, i'm not even sure why its sending emails. In the last 25 entries of the maillog, i see only SPAM messages being sent..see log below when i enable PHP-FPM Chroot, it breaks the websites i tried it on. All their programs requires to send mail via PHP as it was working before.. i dont know what broke it. PHP mail is still not being sent. Code: [root@server1 log]# tail -25 maillog Mar 10 07:28:50 server1 postfix/smtpd[1121341]: connect from unknown[87.246.7.229] Mar 10 07:28:51 server1 postfix/smtpd[1122181]: warning: hostname ip246.tervelnet.com does not resolve to address 87.246.7.246 Mar 10 07:28:51 server1 postfix/smtpd[1122181]: connect from unknown[87.246.7.246] Mar 10 07:28:52 server1 postfix/smtpd[1121341]: discarding EHLO keywords: CHUNKING Mar 10 07:28:52 server1 postfix/smtpd[1122181]: discarding EHLO keywords: CHUNKING Mar 10 07:28:53 server1 postfix/smtp[1250821]: connect to homedecorandcrafts.com[209.141.38.71]:25: Connection timed out Mar 10 07:28:53 server1 postfix/smtp[1250821]: AB8767E5B0A: to=<[email protected]>, relay=none, delay=225465, delays=225374/0.75/90/0, dsn=4.4.1, status=deferred (connect to homedecorandcrafts.com[209.141.38.71]:25: Connection timed out) Mar 10 07:28:56 server1 dovecot[2337]: auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Mar 10 07:29:00 server1 postfix/smtpd[1121341]: warning: unknown[87.246.7.229]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Mar 10 07:29:00 server1 postfix/smtpd[1121341]: disconnect from unknown[87.246.7.229] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 Mar 10 07:29:01 server1 postfix/pickup[1245026]: 9446F7E2523: uid=5012 from=<web11> Mar 10 07:29:01 server1 postfix/cleanup[1249982]: 9446F7E2523: message-id=<[email protected]> Mar 10 07:29:01 server1 postfix/qmgr[1819]: 9446F7E2523: from=<[email protected]>, size=983, nrcpt=1 (queue active) Mar 10 07:29:01 server1 postfix/smtpd[1121686]: connect from localhost[127.0.0.1] Mar 10 07:29:01 server1 postfix/smtpd[1121686]: discarding EHLO keywords: CHUNKING Mar 10 07:29:01 server1 postfix/smtpd[1121686]: DBD9F7E2522: client=localhost[127.0.0.1] Mar 10 07:29:01 server1 postfix/cleanup[1249982]: DBD9F7E2522: message-id=<[email protected]> Mar 10 07:29:01 server1 postfix/smtpd[1121686]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 Mar 10 07:29:01 server1 postfix/qmgr[1819]: DBD9F7E2522: from=<[email protected]>, size=1445, nrcpt=1 (queue active) Mar 10 07:29:01 server1 amavis[1246039]: (1246039-10) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: RkbbIsuEj-4i, Hits: 1.999, size: 982, queued_as: DBD9F7E2522, 301 ms Mar 10 07:29:01 server1 postfix/local[1110499]: DBD9F7E2522: to=<[email protected]>, relay=local, delay=0.01, delays=0.01/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox) Mar 10 07:29:01 server1 postfix/smtp[1118666]: 9446F7E2523: to=<[email protected]>, orig_to=<web11>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.31, delays=0.01/0/0/0.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as DBD9F7E2522) Mar 10 07:29:01 server1 postfix/qmgr[1819]: DBD9F7E2522: removed Mar 10 07:29:01 server1 postfix/qmgr[1819]: 9446F7E2523: removed Mar 10 07:29:02 server1 postfix/smtpd[1122181]: warning: unknown[87.246.7.246]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 [root@server1 log]#
I did not ask you to enable it, I asked you if it is enabled as mail sending via PHP mail() function is not possible from within a jail. So if you would have enabled it, it might have been the cause of your issue. Did you check the mail queue with 'postqueue -p' command? How many emails are in there? maybe web11 sends masses of spam and PHP mail function is working fine but your server is just blacklisted for sending spam?
Agreed, I misunderstood what the web11 mail was. You might set that site to inactive and check for any cron jobs to do that mail. As for the other sites, try setting up a simple test script which sends you an email and see what shows up in the maillog when you run that.
I think you're right about the blacklist.. have a look at the postqueue report below..suggestions? Code: 7AAAC7E48A9 32191 Sun Mar 6 14:37:26 [email protected] (host mx-aol.mail.gm0.yahoodns.net[98.136.96.92] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 7393D7E48B6 32014 Sun Mar 6 14:46:45 [email protected] (host mx-aol.mail.gm0.yahoodns.net[67.195.228.86] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 728EF7E32F1 30546 Mon Mar 7 02:30:43 MAILER-DAEMON (host cluster4a.eu.messagelabs.com[46.137.95.199] said: 421 Unexpected failure, please try later (in reply to MAIL FROM command)) [email protected] 76D617E49BF 32477 Sat Mar 5 18:41:37 [email protected] (host mx-aol.mail.gm0.yahoodns.net[67.195.204.75] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 71FD37E5304 32514 Sun Mar 6 16:30:13 [email protected] (host mx-aol.mail.gm0.yahoodns.net[67.195.204.75] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 7128F7E52FF 32270 Sun Mar 6 16:30:12 [email protected] (host mx-aol.mail.gm0.yahoodns.net[67.195.228.86] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 712127E582B 30091 Mon Mar 7 07:41:56 MAILER-DAEMON (host mx.ipower.com[65.254.254.56] refused to talk to me: 554 walimpinc14 bizsmtp Connection refused. 163.123.183.223 has a poor reputation on Cloudmark Sender Intelligence (CSI). Please visit http://csi.cloudmark.com/reset-request/?ip=163.123.183.223 to request a delisting) [email protected] 722A57E29C6 30759 Sun Mar 6 11:45:42 MAILER-DAEMON (host mta7.am0.yahoodns.net[67.195.204.73] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 72F547E46E3 32352 Mon Mar 7 08:00:44 [email protected] (delivery temporarily suspended: host smtp-in.orange.fr[80.12.242.9] refused to talk to me: 550 opmta1mti45nd1 smtp.orange.fr SKU8nhcZ6gsOS Adresse IP source bloquee pour incident de spam. Client host blocked for spamming issues. OFR006_102 Ref http://csi.cloudmark.com/reset-request/?ip=163.123.183.223 [102]) [email protected] 73D967E5705 32210 Mon Mar 7 08:46:20 [email protected] (host mx-aol.mail.gm0.yahoodns.net[67.195.204.80] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 7B5F67E56D0 32013 Mon Mar 7 03:02:28 [email protected] (delivery temporarily suspended: host mx2h1.comcast.net[96.102.157.179] refused to talk to me: 554 resimta-h1p-037533.sys.comcast.net resimta-h1p-037533.sys.comcast.net 163.123.183.223 Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS entry. Currently your mail server does not fill that requirement. For more information, refer to: http://postmaster.comcast.net/smtp-error-codes.php#554) [email protected] 7D2747E4432 28580 Sun Mar 6 12:30:02 [email protected] (delivery temporarily suspended: connect to mx1a1.comcast.net[2001:558:fd01:2bad::5]:25: Network is unreachable) [email protected] 713F27E588D 28340 Mon Mar 7 08:39:11 [email protected] (host mx-aol.mail.gm0.yahoodns.net[67.195.228.86] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 7F9237E55AD 31851 Sun Mar 6 23:03:31 [email protected] (host mx-aol.mail.gm0.yahoodns.net[67.195.204.80] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 7E1B87E52E3 31658 Sun Mar 6 01:13:44 [email protected] (delivery temporarily suspended: host mx2a1.comcast.net[96.103.145.164] refused to talk to me: 554 resimta-a1p-087345.sys.comcast.net resimta-a1p-087345.sys.comcast.net 163.123.183.223 Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS entry. Currently your mail server does not fill that requirement. For more information, refer to: http://postmaster.comcast.net/smtp-error-codes.php#554) [email protected] 759C67E5843 11186 Mon Mar 7 12:50:54 MAILER-DAEMON (host mx2.oldcastle.iphmx.com[68.232.137.186] refused to talk to me: 554-esa2.oldcastle.iphmx.com 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.) [email protected] 70E667E3573 32157 Sun Mar 6 03:57:43 [email protected] (delivery temporarily suspended: host mx.lb.btinternet.com[213.120.69.5] refused to talk to me: 521 sa-prd-rgin-019.btmx-prd.synchronoss.net Service not available - no PTR record for 163.123.183.223) [email protected] 747247E3874 28572 Sun Mar 6 08:06:46 [email protected] (delivery temporarily suspended: host mx2a1.comcast.net[96.103.145.164] refused to talk to me: 554 resimta-a1p-087381.sys.comcast.net resimta-a1p-087381.sys.comcast.net ESMTP server not available) [email protected] 7DC0D7E568A 34329 Mon Mar 7 02:27:42 MAILER-DAEMON (connect to nsacorp.com[52.71.57.184]:25: Connection timed out) [email protected] 7B98E7E53C9 34588 Sun Mar 6 19:11:57 MAILER-DAEMON (host mx.kalmangroner.com.cust.a.hostedemail.com[216.40.42.4] refused to talk to me: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [163.123.183.223]) [email protected] 7E1C27E5568 31955 Sun Mar 6 23:03:50 [email protected] (host mx-aol.mail.gm0.yahoodns.net[98.136.96.93] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 7117A7E3A07 31714 Sun Mar 6 09:39:28 [email protected] (host mx-aol.mail.gm0.yahoodns.net[98.136.96.92] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 71C257E14E5 34937 Wed Mar 9 12:57:20 MAILER-DAEMON (connect to afriquechallenge.com[2600:1f16:389:3100:b05:3579:a214:7c44]:25: Network is unreachable) [email protected] 7EF067E4A70 28210 Sat Mar 5 19:07:59 [email protected] (host mx-aol.mail.gm0.yahoodns.net[67.195.228.86] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 701647E31A7 5209 Mon Mar 7 18:49:43 MAILER-DAEMON (host mx-eu.mail.am0.yahoodns.net[188.125.72.73] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 722317E5A4A 9196 Mon Mar 7 13:12:54 [email protected] (host mx-aol.mail.gm0.yahoodns.net[67.195.204.75] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 776917E1AC6 34704 Thu Mar 10 06:52:29 MAILER-DAEMON (connect to callmecorp.com[3.64.163.50]:25: Connection timed out) [email protected] 743EF7E2EB7 27953 Sun Mar 6 02:51:55 [email protected] (host mx-aol.mail.gm0.yahoodns.net[67.195.228.86] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 76A4E7E5802 30265 Mon Mar 7 06:56:38 MAILER-DAEMON (host medcan.in.tmes.trendmicro.com[18.208.22.80] said: 450 4.7.1 <[email protected]>: Recipient address rejected: Mail from <163.123.183.223> was refused due to the sender IP found in ERS-QIL. For details, query the IP reputation on https://www.ers.trendmicro.com/. (in reply to RCPT TO command)) [email protected] 7A2BB7E5414 34024 Mon Mar 7 03:58:15 MAILER-DAEMON (host mx.gowestward.com.cust.a.hostedemail.com[216.40.42.4] refused to talk to me: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [163.123.183.223]) [email protected] 7C8007E168F 34999 Thu Mar 10 08:58:44 MAILER-DAEMON (connect to iwfca.com[64.98.135.22]:25: No route to host) [email protected] 7DB9A7E491D 28056 Sun Mar 6 15:49:34 [email protected] (host mx-aol.mail.gm0.yahoodns.net[67.195.228.84] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 7C4AC7E55BC 34095 Mon Mar 7 00:47:53 MAILER-DAEMON (host mailstore1.secureserver.net[72.167.238.32] refused to talk to me: 554 p3plibsmtp01-02.prod.phx3.secureserver.net CMGW IB105. Connection refused. 163.123.183.223 is listed on the Exploits Block List (XBL) <http://www.spamhaus.org/query/ip/163.123.183.223> Please visit http://www.spamhaus.org/xbl/ for more information.) [email protected] 729827E4514 32444 Sun Mar 6 12:58:48 [email protected] (delivery temporarily suspended: host mx-ha02.web.de[212.227.17.8] refused to talk to me: 554-web.de (mxweb102) Nemesis ESMTP Service not available 554-No SMTP service 554-IP address is block listed. 554 For explanation visit https://web.de/email/senderguidelines?ip=163.123.183.223&c=bl) [email protected] 7B3737E35B3 32780 Sun Mar 6 04:59:41 [email protected] (delivery temporarily suspended: host mx.lb.btinternet.com[213.120.69.2] refused to talk to me: 521 sa-prd-rgin-011.btmx-prd.synchronoss.net Service not available - no PTR record for 163.123.183.223) [email protected] 74ACA7E4AA6 27918 Sat Mar 5 23:36:55 [email protected] (host mx-aol.mail.gm0.yahoodns.net[98.136.96.93] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 74B9A7E59AE 11170 Mon Mar 7 14:11:22 MAILER-DAEMON (host mta5.am0.yahoodns.net[67.195.228.94] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 7F01C7E32DA 30668 Sun Mar 6 17:30:43 MAILER-DAEMON (connect to nbgoodwynlumber.com[199.59.243.200]:25: Connection timed out) [email protected] 77B7A7E4375 28350 Sun Mar 6 12:24:03 [email protected] (delivery temporarily suspended: connect to mx2h1.comcast.net[2001:558:fd02:243f::3]:25: Network is unreachable) [email protected] 7E4B27E27FC 28392 Sun Mar 6 02:16:42 [email protected] (host mx-aol.mail.gm0.yahoodns.net[67.195.204.80] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 757BF7E1AFC 34788 Wed Mar 9 13:22:30 MAILER-DAEMON (connect to pbc.edu[104.21.90.190]:25: Connection timed out) [email protected] 7F2757E5629 34316 Mon Mar 7 01:18:02 MAILER-DAEMON (connect to mediaone.net[5.152.179.84]:25: Connection timed out) [email protected] 7EBB97E5334 34341 Sun Mar 6 17:02:42 MAILER-DAEMON (host mxlb.ispgateway.de[80.67.18.126] refused to talk to me: 550 No reverse dns for IP 163.123.183.223. Help at/Hilfe unter www.mfaq.info) [email protected] 76F717E1BAD 34693 Thu Mar 10 03:27:25 MAILER-DAEMON (host mailstore1.secureserver.net[68.178.213.243] refused to talk to me: 554 p3plibsmtp02-06.prod.phx3.secureserver.net CMGW IB105. Connection refused. 163.123.183.223 is listed on the Exploits Block List (XBL) <http://www.spamhaus.org/query/ip/163.123.183.223> Please visit http://www.spamhaus.org/xbl/ for more information.) [email protected] 779E57E5556 31827 Sun Mar 6 23:03:26 [email protected] (host mx-aol.mail.gm0.yahoodns.net[67.195.228.84] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] 71D117E4996 28187 Sat Mar 5 20:39:51 [email protected] (host mx-aol.mail.gm0.yahoodns.net[67.195.204.75] said: 421 4.7.0 [TSS04] Messages from 163.123.183.223 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command)) [email protected] -- 111814 Kbytes in 3999 Requests. [root@server1 ~]#
Then you should check the contens of the emails which you suspect to be spam in the mailqueue to see how and from which site or account they were sent to stop the issue. Emails in the queue can be inspected like this: postcat -q 7128F7E52FF where 7128F7E52FF is the ID of the mail you want to inspect. You can see the id#s in the postcat -p output.
unfortunately, i cannot seem to find 'an account' its sending from ... although i can clearly see that 99.99% of the emails being sent are spam. Code: [root@server1 log]# postcat -q 779E57E5556 *** ENVELOPE RECORDS deferred/7/779E57E5556 *** message_size: 31827 669 1 0 31827 0 message_arrival_time: Sun Mar 6 23:03:26 2022 create_time: Sun Mar 6 23:03:26 2022 named_attribute: log_ident=779E57E5556 named_attribute: rewrite_context=local sender: [email protected] named_attribute: encoding=7bit named_attribute: log_client_name=localhost named_attribute: log_client_address=127.0.0.1 named_attribute: log_client_port=59132 named_attribute: log_message_origin=localhost[127.0.0.1] named_attribute: log_helo_name=localhost named_attribute: log_protocol_name=ESMTP named_attribute: client_name=localhost named_attribute: reverse_client_name=localhost named_attribute: client_address=127.0.0.1 named_attribute: client_port=59132 named_attribute: server_address=127.0.0.1 named_attribute: server_port=10027 named_attribute: helo_name=localhost named_attribute: protocol_name=ESMTP named_attribute: client_address_type=2 named_attribute: dsn_orig_rcpt=rfc822;[email protected] original_recipient: [email protected] recipient: [email protected] *** MESSAGE CONTENTS deferred/7/779E57E5556 *** Received: from localhost (localhost [127.0.0.1]) by server1.cloudastrix.com (Postfix) with ESMTP id 779E57E5556 for <[email protected]>; Sun, 6 Mar 2022 23:03:26 +0200 (SAST) X-Virus-Scanned: amavisd-new at localhost Received: from server1.cloudastrix.com ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10026) with LMTP id hvOS1BHSeeZE for <[email protected]>; Sun, 6 Mar 2022 23:03:26 +0200 (SAST) Received: from localhost (localhost [127.0.0.1]) by server1.cloudastrix.com (Postfix) with ESMTP id 3742B7E5555 for <[email protected]>; Sun, 6 Mar 2022 23:02:48 +0200 (SAST) From: LinkedIn <[email protected]> Subject: You appeared in 23 searches this week Content-Transfer-Encoding: base64 Perishes-Isolate: 7 Message-ID: <[email protected]> Content-Type: text/html; charset=UTF-8 Content-ID: html-body Date: Sun, 6 Mar 2022 23:02:48 +0000 (UTC) To: "[email protected]" <[email protected]> Unaided-Sterilizing: E2B122383D MIME-Version: 1.0 PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgVHJhbnNpdGlvbmFs
That particular one didn't come from an account, it originated via an smtp connection on localhost address. That could come from numerous places, eg. a compromised site being abused, cron jobs left running to send spam, an open proxy (either intentional and malicious or unintentional), an abused ssh account, etc. See what processes are running and investigate any which have connections to localhost port 25 (lsof is handy for that); you might have to script something to monitor that until a culprit is found if you can't catch it in manual attempts.
i think we lost track here and we're mixing two matters.. let's get back to basics... the server is now not sending any mail.. smtp or php...
i deleted the queue in postfix, there were 3500+ emails in there. now the smtp is working, but emails sent via php from the woocommerce /whmcs websites are not sending.
