Hi Guys! I have problem with smtp sending mails from postfix+amavis+clamav. Incoming traffic is fine, but all sending mails going to be deferred/Connection timed out. Postfix works fine. Amavis also. I didn't notice any strange behaviors on DNS, but someone possible hijacked my SMTP traffic. Mailq shows 32-mails queue. Any could point me where to look for hijack? Thanks in advance
On what evidence do you base this assumtion of hijack? If you have outgoing e-mails in mailq, use command Code: mailq to examine what is in mailq. The use the queue ID to examine what happens to those emails. You can read the mails in queue using postcat. See e-mail tutorial, link in my signature, it has Troubleshooting chapter to help you.
Thank you for response. Previously I attached part of my /mail.info log So mailq eg.: and /var/log/mail.info: So, i believe I've mixed up two things. Unable to send SMTP (quotes above) and strange outbound traffic to the address. No idea how to determine why in 2nd case.
Likely your isp/hoster has outgoing connections on port 25 blocked, you would need to request that be allowed.
You mean connections from 5.34.207.98, the "cause" is you have a mail server open on the internet, and that host has connected to it. Nothing unusual there, any mail server gets connections around the clock attempting to send you spam, relay spam, or login to and abuse your mail accounts to send spam; and there's even a smattering of legitimate mail delivery in the mix.