Hi everybody, I found following line in my syslog file: Postfix/smtpd[3440]: NOQUEUE: filter: RCPT from unknown[193.32.160.146]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[193.32.160.151]> It try to send several accounts of my domain. these are my "restrictions" in main.cf : smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf I don't have any problem for send/receive e-mail but I am worry about my mail server security, is it worrying issue? I'll really appreciate any help. Thanks in advance.
I have a lot of following line in my syslog file : Postfix/smtpd[3440]: NOQUEUE: filter: RCPT from unknown[193.32.160.146]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[193.32.160.151]> postfix/smtpd[25559]: NOQUEUE: filter: RCPT from unknown[193.32.160.146]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[193.32.160.151]> this IP try several my email accounts. I worry about security.
It good to pay attention to security, but just worrying does not help. If you are curious what it means when mail.log has something, use Internet Search Engines, for example with Code: postfix NOQUEUE I checked mail.log on a e-mail server I maintain, it has "RCPT from unknown" 1864 times. This happens when e-mail server is connected to the Internet. Not much can be done, fail2ban helps a little by banning IP that repeatedly fails at something.
This line tells you, that the message was not delivered to a mailbox, but forwarded to the amavis filter (which you have probably set up to do virus/spam scanning for you). The line afterwards should give you information about what amavis did with this message. So, there is nothing obvious wrong here. As long as we do not know, what you want achieve (what is your problem?), there is nothing we can do.
