I get about 5-10 new emails like this in my mailq per day: Code: 0271E805E7 10619 Sat Nov 22 15:12:49 [email protected] (host alt1.gmail-smtp-in.l.google.com[173.194.68.26] said: 421-4.7.0 [173.8.196.155 15] Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0 http://www.google.com/mail/help/bulk_mail.html to review our Bulk 421 4.7.0 Email Senders Guidelines. c90si13043701qgf.111 - gsmtp (in reply to end of DATA command)) [email protected] When I use postcat to look at the header of one of them, this is what I get: Code: postcat /var/spool/postfix/deferred/0/0271E805E7 *** ENVELOPE RECORDS /var/spool/postfix/deferred/0/0271E805E7 *** message_size: 10619 681 1 0 10619 message_arrival_time: Sat Nov 22 15:12:49 2014 create_time: Sat Nov 22 15:12:49 2014 named_attribute: log_ident=0271E805E7 named_attribute: rewrite_context=local sender: [email protected] named_attribute: encoding=8bit named_attribute: log_client_name=localhost.localdomain named_attribute: log_client_address=127.0.0.1 named_attribute: log_client_port=33427 named_attribute: log_message_origin=localhost.localdomain[127.0.0.1] named_attribute: log_helo_name=localhost named_attribute: log_protocol_name=ESMTP named_attribute: client_name=localhost.localdomain named_attribute: reverse_client_name=localhost.localdomain named_attribute: client_address=127.0.0.1 named_attribute: client_port=33427 named_attribute: helo_name=localhost named_attribute: protocol_name=ESMTP named_attribute: client_address_type=2 named_attribute: dsn_orig_rcpt=rfc822;[email protected] original_recipient: [email protected] recipient: [email protected] *** MESSAGE CONTENTS /var/spool/postfix/deferred/0/0271E805E7 *** Received: from localhost (localhost.localdomain [127.0.0.1]) by vroach.thewebmotel.com (Postfix) with ESMTP id 0271E805E7 for <[email protected]>; Sat, 22 Nov 2014 15:12:49 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at vroach.thewebmotel.com Received: from vroach.thewebmotel.com ([127.0.0.1]) by localhost (vroach.thewebmotel.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BYZDyRhZ7Fab for <[email protected]>; Sat, 22 Nov 2014 15:12:47 -0800 (PST) Received: from mail2.host1000.biz (mail2.host1000.biz [186.251.139.195]) by vroach.thewebmotel.com (Postfix) with ESMTP id E6F888049E for <[email protected]>; Sat, 22 Nov 2014 15:12:46 -0800 (PST) Received: from www.host1000.biz (unknown [127.0.0.1]) by mail2.host1000.biz (Postfix) with ESMTP id 11F26B61B90 for <[email protected]>; Sat, 22 Nov 2014 19:08:28 -0200 (BRST) To: [email protected] Subject: Como Fazer Limpeza e tratamento de Piscinas Message-ID: <[email protected]> Date: Sat, 22 Nov 2014 19:08:28 -0200 From: "=?UTF-8?B?RGljYXMgZGUgUGlzY2luYSBlbSBWw61kZW8=?=" <[email protected]> Reply-To: [email protected] MIME-Version: 1.0 X-Mailer-LID: 6 List-Unsubscribe: <http://www.host1000.biz/unsubscribe.php?M=279143&C=a6ea9bbc428ed9182181808e9d0576e4&L=6&N=6> X-Mailer-RecptId: 279143 X-Mailer-SID: 6 X-Mailer-Sent-By: 1 Content-Type: multipart/alternative; charset="UTF-8"; boundary="b1_0da623ada0b2843f71929c362e521354" Content-Transfer-Encoding: 8bit --b1_0da623ada0b2843f71929c362e521354 Content-Type: text/plain; format=flowed; charset="UTF-8" Content-Transfer-Encoding: 8bit Can anyone help me figure out how this is being sent and how to stop it?
Look at the ispconfig mail logs. /var/log/mail.* logs are probably too long. I had a [email protected] with a weak password. I checked for open relay, deleted the mailbox, deleted the mailq and addeded any attempted logins into my blacklist. Unfortunately I still might have problems. I am waiting for my que to fill up again and then try. http://www.howtoforge.com/forums/showthread.php?t=67719
