Mar 30 13:36:19 server dovecot: POP3(joe): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Mar 30 13:36:45 server postfix/smtp[19866]: connect to grudf.com[64.20.43.107]: Connection timed out (port 25) Mar 30 13:37:15 server postfix/smtp[19866]: connect to grudf.com[66.45.237.187]: Connection timed out (port 25) Mar 30 13:37:15 server postfix/smtp[19866]: A63407F6D7: to=<[email protected]>, relay=none, delay=37856, delays=37766/0.04/90/0, dsn=4.4.1, status=deferred (connect to grudf.com[66.45.237.187]: Connection timed out) what is this and where is it coming from also i looks like someone has tried to attack my mail server with a dictionary attack is there any way of stoping this stuff, thank you JShel
So this means you're not sending emails to grudf.com yourself? Please check your mail log and your mail queue ( Code: postqueue -p ) if you see lots of spam mails. Also check that SMTP-AUTH is working and noone can send emails to external accoutns without authentication. And finally take a look at http://www.mxtoolbox.com/blacklists.aspx to find out if your server is blacklisted.
I am on a few blacklists due to my ISP and the reverse DNS. I'm expecting this tell they get there butts in gear and change somethings but I'm not realy shur how to check smtp-auth other than telnet to port 25 and ehlo localhost and it is there 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN along with a few others of course, who else should i check it? thank your again JShel
Looks ok. SMTP-AUTH is working. What about my other suggestions? Also, what's the value of mynetworks in /etc/postfix/main.cf?
mynetworks = 192.168.1.0/24 127.0.0.0/8 only LAN and local NO WAN also I did try your other suggestions I looked at the blacklist but there is nothing I can do tell my ISP clears my IP. but still how is this spam coming through i check my maillog today and yet still more. JShel
Please try Code: postconf -e 'mynetworks = 127.0.0.0/8' /etc/init.d/postfix restart Maybe someone from your LAN was abusing your mail server?
I wish it was the case of someone on the inside but while i'm bringing this server up I'm the only one on it and the only account. I don't know about you but i'm out of ideas and i just don't know how to stop it. JShel
Another possibility to abuse a server is through web forms (contact forms, guestbooks, etc.) that aren't programmed very well. Bots can abuse them to send spam.
Thank you for all your help and suggestions I'm going to remove postfix and reinstall mabye there some hole from an options i did (i don't know) I'm also thinking about trying qmail, but thanks again you guys have been great JShel
