Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I have a web server running Postfix for my mail server. I am the only user setup with mail accounts on the box, but I do have a bunch of aliases, a few of which go to other people. I use Thunderbird as a mail client and I have it setup to send my email through Gmail's SMTP servers (I have a gmail account) instead of connecting to my own box.
I also have Logwatch setup to email me a report every day. I am currently seeing records like this:
Code:
3134C641B9: host SMTP1.lerelaisinternet.com[194.206.126.201] said:
450 <vnlawi@horspistes.fr>: Recipient address rejected: Greylisted
for 5 minutes (in reply to RCPT TO command)
Now, this doesn't make sense to me. Why would my machine be trying to send email to vnlawi@horspistes.fr? I am not sending anything to that address.
I guess I don't understand the log entries. I am trying to make sure that my machine is not compromised.
looks like you're being used, or trying to be used, as an open relay. check what http://www.abuse.net/relay.html says about your relaying status. I'm not too familiar with the errors there but it looks like postfix has correctly blocked the relaying anyway.
Thanks for the response. I have used the tools at dnsstuff.com to check for being an open relay and that check has came out clean. You said that "it looks like postfix has correctly blocked the relaying anwyay." I guess that is what I don't really understand. I have seen relaying denied log entries, they look like this:
Code:
Relaying denied:
From 61-216-81-33.dynamic.hinet.net[61.216.81.33] to candy59839@yahoo.com.tw : 3 Time(s)
The log entry in question seems to indicate that Postfix is actually trying to deliver the email. It has looked up the MX record for horspistes.fr and is trying to deliver the message. Their mail server, SMTP1.lerelaisinternet.com, then responded to my postfix server with the 450 message. Why would my postfix server be trying to deliver the message? Shouldn't it see that vnlawi@horspistes.fr is not a valid email address on my local machine, is not in the relaying allowed domains, and issue a relaying denied message?
Yes, that email was eventually delivered. Now, you have to check the logs to see how that email was submitted in the first place.
grep for the queue id (3134C641B9).
Thank you Berhanie for the suggestion to use the queue id. That was the missing peace of the puzzle for me.
I traced this to a form on one of my websites that allows people to sign up to be on a mailing list and then sends them a confirmation email. Apparently, there are bots out there submitting the form with junk information and that is why I am seeing these records. I will have to implement some kind of form submission protection.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
