Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I have a web server running Postfix for my mail server. I am the only user setup with mail accounts on the box, but I do have a bunch of aliases, a few of which go to other people. I use Thunderbird as a mail client and I have it setup to send my email through Gmail's SMTP servers (I have a gmail account) instead of connecting to my own box.
I also have Logwatch setup to email me a report every day. I am currently seeing records like this:
3134C641B9: host SMTP1.lerelaisinternet.com[126.96.36.199] said:
450 <firstname.lastname@example.org>: Recipient address rejected: Greylisted
for 5 minutes (in reply to RCPT TO command)
Now, this doesn't make sense to me. Why would my machine be trying to send email to email@example.com? I am not sending anything to that address.
I guess I don't understand the log entries. I am trying to make sure that my machine is not compromised.
looks like you're being used, or trying to be used, as an open relay. check what http://www.abuse.net/relay.html says about your relaying status. I'm not too familiar with the errors there but it looks like postfix has correctly blocked the relaying anyway.
Thanks for the response. I have used the tools at dnsstuff.com to check for being an open relay and that check has came out clean. You said that "it looks like postfix has correctly blocked the relaying anwyay." I guess that is what I don't really understand. I have seen relaying denied log entries, they look like this:
From 61-216-81-33.dynamic.hinet.net[188.8.131.52] to firstname.lastname@example.org : 3 Time(s)
The log entry in question seems to indicate that Postfix is actually trying to deliver the email. It has looked up the MX record for horspistes.fr and is trying to deliver the message. Their mail server, SMTP1.lerelaisinternet.com, then responded to my postfix server with the 450 message. Why would my postfix server be trying to deliver the message? Shouldn't it see that email@example.com is not a valid email address on my local machine, is not in the relaying allowed domains, and issue a relaying denied message?
Thank you Berhanie for the suggestion to use the queue id. That was the missing peace of the puzzle for me.
I traced this to a form on one of my websites that allows people to sign up to be on a mailing list and then sends them a confirmation email. Apparently, there are bots out there submitting the form with junk information and that is why I am seeing these records. I will have to implement some kind of form submission protection.