Hi there,
Yahoo starts blocking e-mails from our server. It is possible that someone/somehow is sending spams. Please help me find what is sending spam from our server. First please explain to me the following logs (ourdomain is hosted on our server): Code:
Feb 3 14:45:57 softexp postfix/smtpd[23394]: NOQUEUE: reject: RCPT from unknown[117.87.x.x]: 554 5.7.1 Service unavailable; Client host [117.87.x.x] blocked using sbl-xbl.spamhaus.org; http://www.spamhaus.org/query/bl?ip=117.87.x.x; from=<xyz@yahoo.com.au> to=<experienceoffice@ourdomain.ro> proto=ESMTP helo=<PC-200901111752> 1. the client 117.87.x.x tries to connect to our server but is blocked. (it is at spamhouse). It tries to send frm xyz@yahoo.com to experienceoffie@ourdomain.com. Everything ok till now. 2. what does the second line means? Our server is tring to send to xyz@yahoo.com. Why? It is for sure related with the first log line... It is because of some bounce message or what? Thank you my postfix restrictions are: Code:
smtpd_helo_restrictions = |
Strangely it looks like your Postfix is accepting messages even though the RBL check happened after RCPT. That means even though the message is rejected, Postfix has accepted it, then sent a bounce later (really the only explanation that fits the logs). That's not standard behavior as far as I know.
What's the output of postconf -n? |
Quote:
Code:
postconf -n What you are saying is exactly what I was thinking. But why and how can I solve it? Thank you. |
Another interesting thing is that I get spams with forged sender address. They come from our domains but from remote servers.
So in main.cf I put after permit_sasl_authenticated: check_sender_access hash:/usr/local/etc/postfix/access_sender and in access_sender: mydomain.com REJECT Message1 mydomain1.com REJECT Message2 Now I get in logs Messae1 and Message2, it seems they are rejected but I still receive them. It is very strange.. |
All times are GMT -5. The time now is 09:04 AM. |