Hello, I'm pretty much of a Linux newbie, but we are getting inundated by spam. I followed all the instructions in the SpamSnake tutorial (http://www.howtoforge.com/the-perfect-spamsnake-ubuntu-8.04) and it isn't producing any errors, but it also isn't doing anything. When I log into MailWatch there are no messages listed. Under Recent Messages and most of the Reports it always returns "No Rows Retrieved". I checked the status and configurations under Tools/Reports and they don't return any errors. I am receiving a huge number of emails from the system that all start "Postfix SMTP server: errors from unknown[SOME.IP.ADDR.HERE]" They are almost entirely addressed to invalid recipients, but some look like they could be legitimate mail. I sent a test mail in and it never arrived in my mailbox. What is my next step for troubleshooting this? Thanks. Peter
Hi, Prior to installing MailWatch, were you receiving emails? I would double check every step to make sure that you did everything correctly. Also, are you using it as a relay, because thats what its for? Rocky
Yes, I was receiving mail. I had my MX record pointing directly to my Exchange server. I changed it to point to the SpamSnake and then had the SpamSnake relay to the Exchange server. I think there may be a bigger problem because all the error messages from the Postfix server include the line "451 4.3.5 Server configuration error" If I telnet into the SpamSnake and try to send mail to a legitimate Exchange user at our domain it returns a 4.3.5 even with a valid email address.
Charles, I need to see your mail.log file. Do the following and post the output. tail -f /var/log/mail.log
Here you go. There was one legitimate internal email address in there that I changed. May 21 11:56:37 spamsnake postfix/smtpd[6406]: lost connection after DATA (0 bytes) from unknown[85.110.30.97] May 21 11:56:37 spamsnake postfix/cleanup[6267]: 537C628C147: message-id=<[email protected]> May 21 11:56:37 spamsnake postfix/qmgr[6260]: 537C628C147: from=<[email protected]>, size=1029, nrcpt=1 (queue active) May 21 11:56:37 spamsnake postfix/smtpd[6406]: disconnect from unknown[85.110.30.97] May 21 11:56:37 spamsnake postfix/smtp[6268]: 537C628C147: to=<[email protected]>, orig_to=<postmaster>, relay=207.8.215.228[207.8.215.228]:25, delay=0.27, delays=0.02/0/0.02/0.22, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> Queued mail for delivery) May 21 11:56:37 spamsnake postfix/qmgr[6260]: 537C628C147: removed May 21 11:56:42 spamsnake postfix/smtpd[6263]: warning: unknown smtpd restriction: "check" May 21 11:56:42 spamsnake postfix/smtpd[6263]: NOQUEUE: reject: RCPT from unknown[78.191.152.42]: 451 4.3.5 Server configuration error; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<78.191.152.42>
Charles, There's an error in your /etc/postfix/main.cf file. The following line gives it away: warning: unknown smtpd restriction: "check" Post the content of your /etc/postfix/main.cf file.
Rocky, You totally rock!! I found the problem once you pointed me in the right direction. I was missing the first underscore in "check_sender_access", that's where the "check" error was coming from. Once I added that and restarted postfix it started working. Thanks for your help!!!
