[resolved] Question about Postfix Log Entry
I have a web server running Postfix for my mail server. I am the only user setup with mail accounts on the box, but I do have a bunch of aliases, a few of which go to other people. I use Thunderbird as a mail client and I have it setup to send my email through Gmail's SMTP servers (I have a gmail account) instead of connecting to my own box.
I also have Logwatch setup to email me a report every day. I am currently seeing records like this: Code:
3134C641B9: host SMTP1.lerelaisinternet.com[194.206.126.201] said: I guess I don't understand the log entries. I am trying to make sure that my machine is not compromised. Thanks. |
looks like you're being used, or trying to be used, as an open relay. check what http://www.abuse.net/relay.html says about your relaying status. I'm not too familiar with the errors there but it looks like postfix has correctly blocked the relaying anyway.
|
Chris,
Thanks for the response. I have used the tools at dnsstuff.com to check for being an open relay and that check has came out clean. You said that "it looks like postfix has correctly blocked the relaying anwyay." I guess that is what I don't really understand. I have seen relaying denied log entries, they look like this: Code:
Relaying denied: Thanks. |
Look in the logs to see what submitted the message. It might be a cron job (from a previous admin), an alias, etc.
|
Ok, I greped the logs for that email address and here is what I found:
Code:
[root@myhost log]# grep "horspistes.fr" * |
Yes, that email was eventually delivered. Now, you have to check the logs to see how that email was submitted in the first place.
grep for the queue id (3134C641B9). |
Thank you Berhanie for the suggestion to use the queue id. That was the missing peace of the puzzle for me.
I traced this to a form on one of my websites that allows people to sign up to be on a mailing list and then sends them a confirmation email. Apparently, there are bots out there submitting the form with junk information and that is why I am seeing these records. I will have to implement some kind of form submission protection. Many thanks! |
You're welcome.
|
All times are GMT -5. The time now is 01:00 AM. |