Hi all, this time I have for you a good challenge, in the last few weeks an account in particular (I don't know if this happened in more accounts) when anyone send it a mail, other is receiving to that person whit the next data... -----Original Message----- From: Mail Delivery Subsystem [mailto:[email protected]] Sent: Martes, 27 de Mayo de 2008 14:19 To: Ruz,Andres Subject: Returned mail: see transcript for details The original message was received at Tue, 27 May 2008 14:16:34 -0300 from at [127.0.0.1] ----- The following addresses had permanent fatal errors ----- [email protected] (reason: 553 Mail from 190.49.236.116 not allowed - 5.7.1 [BL21] Connections not accepted from IP addresses on Spamhaus PBL; see http://postmaster.yahoo.com/550-bl21.html [550]) (expanded from: <jxvnr1@localhost>) ----- Transcript of session follows ----- ... while talking to d.mx.mail.yahoo.com.: <<< 553 Mail from 190.49.236.116 not allowed - 5.7.1 [BL21] Connections not accepted from IP addresses on Spamhaus PBL; see http://postmaster.yahoo.com/550-bl21.html [550] ... while talking to c.mx.mail.yahoo.com.: >>> QUIT <<< 553 Mail from 190.49.236.116 not allowed - 5.7.1 [BL21] Connections not accepted from IP addresses on Spamhaus PBL; see http://postmaster.yahoo.com/550-bl21.html [550] ... while talking to a.mx.mail.yahoo.com.: >>> QUIT <<< 553 Mail from 190.49.236.116 not allowed - 5.7.1 [BL21] Connections not accepted from IP addresses on Spamhaus PBL; see http://postmaster.yahoo.com/550-bl21.html [550] ... while talking to f.mx.mail.yahoo.com.: >>> QUIT <<< 553 Mail from 190.49.236.116 not allowed - 5.7.1 [BL21] Connections not accepted from IP addresses on Spamhaus PBL; see http://postmaster.yahoo.com/550-bl21.html [550] ... while talking to b.mx.mail.yahoo.com.: >>> QUIT <<< 553 Mail from 190.49.236.116 not allowed - 5.7.1 [BL21] Connections not accepted from IP addresses on Spamhaus PBL; see http://postmaster.yahoo.com/550-bl21.html [550] ... while talking to g.mx.mail.yahoo.com.: >>> QUIT <<< 553 Mail from 190.49.236.116 not allowed - 5.7.1 [BL21] Connections not accepted from IP addresses on Spamhaus PBL; see http://postmaster.yahoo.com/550-bl21.html [550] ... while talking to e.mx.mail.yahoo.com.: >>> QUIT <<< 553 Mail from 190.49.236.116 not allowed - 5.7.1 [BL21] Connections not accepted from IP addresses on Spamhaus PBL; see http://postmaster.yahoo.com/550-bl21.html [550] 554 5.0.0 Service unavailable If I am not wrong this means my system is resending the mail to that user in yahoo... am I right? I don't know where start to search, any idea? PD: this happens if I send an email from an account in the same domain too
That IP and that mail isn't my. [email protected] is not a mail in use in any place in the server. I thing maybe it's an intrusion, but I don know where in the system can be configured to resend data to that mail
maybe helps in the log I see Jun 10 13:31:49 mail postfix/smtp[21224]: B1ECF13A04A0: host d.mx.mail.yahoo.com[66.196.82.7] refused to talk to me: 421 Message from (200.5.90.195) temporarily deferred - 4.16.50. Please refer to http://help.yahoo.com/help/us/mail/defer/defer-06.html
Yes I check that, in fact it is, but even in that case it's very strange because no one never send an email to that yahoo user... the syestem it's doing it... and that happens only in one user so far...
Sometimes you get blacklisted because other hosts from your subnet are sending spam, or because you are on a dynamic IP address.
Ok, I understand that, but... I don't want my system redirect emails to that yahoo user, because I think that is a hack, an intrusion, someone redirecting mails from my users to his accounts!!! I don't know if I am clear.
If I send an email from [email protected] to [email protected], user2 receives the email but user1 receives an email with that data from yahoo
zen@mail:~$ cat /etc/postfix/main.cf # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h # TLS parameters smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. alias_maps = hash:/etc/aliases myorigin = /etc/mailname #mydestination = mail.ibap.com.ar, localhost.ibap.com.ar, localhost.localdomain, localhost mynetworks = 127.0.0.0/8, 192.168.0.0/16, 200.5.90.192/26, 200.51.200.0/24, 200.70.43.0/24, 190.11.150.0/24, 190.30.255.0/24, 190.136.23.0/24, 200.51.43.64/26, 200.51.41.128/29, 190.11.151.0/24, 200.107.224.0/21 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_protocols = all smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_tls_auth_only = no smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom message_size_limit = 20000000 virtual_maps = hash:/etc/postfix/virtusertable mydestination = /etc/postfix/local-host-names
Hm... Do you see Yahoo mentioned somewhere in the outputs of Code: postconf -d and Code: postconf -n ? BTW, listing that many networks is an invitation for spammers to abuse your server... Code: mynetworks = 127.0.0.0/8 would be better.
Thanks falko, I'll check with the administrator responsible for that configuration in "mynetworks". I did "postconf -d|grep yahoo" and "postconf -n|grep yahoo", neither gave me any result.
