Strange outgoing connections [Perfect Server Deb10 - Postfix]

Discussion in 'Server Operation' started by halif, May 25, 2022.

  1. halif

    halif New Member

    Hi Guys!

    I have problem with smtp sending mails from postfix+amavis+clamav. Incoming traffic is fine, but all sending mails going to be deferred/Connection timed out.
    Postfix works fine. Amavis also. I didn't notice any strange behaviors on DNS, but someone possible hijacked my SMTP traffic.

    Mailq shows 32-mails queue.
    Any could point me where to look for hijack?
    Thanks in advance :)
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    On what evidence do you base this assumtion of hijack?
    If you have outgoing e-mails in mailq, use command
    Code:
    mailq
    to examine what is in mailq. The use the queue ID to examine what happens to those emails. You can read the mails in queue using postcat. See e-mail tutorial, link in my signature, it has Troubleshooting chapter to help you.
     
  3. halif

    halif New Member

    Thank you for response.
    Previously I attached part of my /mail.info log
    So mailq eg.:
    and /var/log/mail.info:
    So, i believe I've mixed up two things. Unable to send SMTP (quotes above) and strange outbound traffic to the address. No idea how to determine why in 2nd case.
     
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Likely your isp/hoster has outgoing connections on port 25 blocked, you would need to request that be allowed.
     
  5. halif

    halif New Member

    Thx.
    That was my thought too. I sent an inquiry to the ISP.
     
  6. halif

    halif New Member

    Could anyone advise me where to look for the cause of these unusual connections to 5.34.207.98?
     
  7. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    You mean connections from 5.34.207.98, the "cause" is you have a mail server open on the internet, and that host has connected to it. Nothing unusual there, any mail server gets connections around the clock attempting to send you spam, relay spam, or login to and abuse your mail accounts to send spam; and there's even a smattering of legitimate mail delivery in the mix.
     

Share This Page