LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   unexplained mails in postfix queue (http://www.linuxquestions.org/questions/linux-server-73/unexplained-mails-in-postfix-queue-821223/)

tiemen3r 07-21-2010 05:28 AM

unexplained mails in postfix queue
 
On the postfix mailserver of our company I'm seeing several of these messages in the deferred queue (apologies for the terrible formatting, I couldn't get it any better):

Code:

C?          3670            186              1              0T^P1279698549 45939A^Vcreate_time=1279698549A^Xlog_message_origin=localA^Mtrace_flags=0S^@O^Oeipx@ph1.com.sgR^Oeipx@ph1.com.sg
Received: by mail.ourdomain.com (Postfix)
  id 0B3E7B401C9; Wed, 21 Jul 2010 09:49:09 +0200 (CEST)
Date: Wed, 21 Jul 2010 09:49:09 +0200 (CEST)
From: MAILER-DAEMON@ourdomain.com (Mail Delivery System)
Subject: Undelivered Mail Returned to SenderN^STo: eipx@ph1.com.sg
Auto-Submitted: auto-replied
MIME-Version: 1.0
<Content-Type: multipart/report; report-type=delivery-status;
    boundary="E7F59B401CA.1279698549/mail.ourdomain.com"
Content-Transfer-Encoding: 7bitN9Message-Id: <20100721074909.0B3E7B401C9@mail.ourdomain.com>
This is a MIME-encapsulated message.
E7F59B401CA.1279698549 mail.ourdomain.com
Content-Description: NotificationN*Content-Type: text/plain; charset=us-ascii
This is the mail system at host mail.ourdomain.com.
I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can delete your own text from the attached returned message.
                  The mail system
<t.faseeyah@ourdomain.com>: Host or domain name not found. Name service error for name=hermus.glomobi.local type=A: Host not found E7F59B401CA.1279698549 mail.ourdomain.com
Content-Description: Delivery report Content-Type: message/delivery-status
Reporting-MTA: dns; mail.ourdomain.com
X-Postfix-Queue-ID: E7F59B401CAN
X-Postfix-Sender: rfc822; eipx@ph1.com.sg Arrival-Date: Wed, 21 Jul 2010 09:49:03 +0200 (CEST)
Final-Recipient: rfc822; t.faseeyah@ourdomain.com Original-Recipient: rfc822;t.faseeyah@ourdomain.com
Action: failed
Status: 5.4.4 Diagnostic-Code: X-Postfix; Host or domain name not found. Name service error for name=hermus.glomobi.local type=A: Host not found
E7F59B401CA.1279698549 mail.ourdomain.com Content-Description: Undelivered Message Content-Type: message rfc822 Content-Transfer-Encoding: 7bit
 Received: from localhost (mailproxy.glomobi.local [127.0.0.1])
        by mail.ourdomain.com (Postfix) with ESMTP id E7F59B401CANE
                      for <t.faseeyah@ourdomain.com>; Wed, 21 Jul 2010 09:49:03 +0200 (CEST)
N+X-Virus-Scanned: amavisd-new at ourdomain.com
Received: from mail.ourdomain.com ([127.0.0.1])
        by localhost (mailproxy.ourdomain.com [127.0.0.1]) (amavisd-new, port 10024)
                with LMTP id c86XypZS1eoO
                        for <t.faseeyah@ourdomain.com>
Wed, 21 Jul 2010 09:49:02 +0200 (CEST)
Received: from smtpgate4.pacific.net.sg (smtpgate4.pacific.net.sg [203.120.68.34])
  by mail.ourdomain.com (Postfix) with SMTP id 44899B401ABNE
        for <t.faseeyah@ourdomain.com>;
Wed, 21 Jul 2010 09:49:00 +0200 (CEST)NGReceived: (qmail 7974 invoked from network);
21 Jul 2010 07:48:59 -0000
Received: from wm2.pacific.net.sg (HELO localhost) (eipx@ph1.com.sg@61.14.139.69)
        by smtpgate4.pacific.net.sg with ESMTPA; 21 Jul 2010 07:48:59 -0000
Received: from adsl1500-243.dyn252.pacific.net.sg (adsl1500-243.dyn252.pacific.net.sg [210.24.252.243])
        by cw2.web.pacific.net.sg (Horde MIME library) with HTTP;
Wed, 21 Jul 2010 15:48:59 +0800NDMessage-ID: <20100721154859.n0eo0fb1oo8okwkc@cw2.web.pacific.net.sg>
Date: Wed, 21 Jul 2010 15:48:59 +0800
        From: eipx@ph1.com.sg
Reply-to: ipxsupport@ph1.com.sgN0To: s.saliza@ourdomain.com, t.faseeyah@ourdomain.com
Subject: Termination of service subscribed and a callback: Ms.Crystal
90042778 ctc; 81186612 MIME-Version: 1.0 Content-Type: text/plain;
charset=ISO-8859-1;
DelSp="Yes";
format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.1.4)

BODY

the message in the queue is:

Code:

0B3E7B401C9    3670 Wed Jul 21 09:49:09  MAILER-DAEMON
        (connect to mxcorp1.pacific.net.sg[192.169.41.21]: Connection refused)
                                        eipx@ph1.com.sg

looking at the headers, there is probably something wrong with our DNS-server, which we will investigate, but I still have some questions about the failure notice:

- why are the failure notices refused? Is that a fault on the sender side, for example sending the wrong return address?

- where does this mxcorp1.pacific.net.sg[192.169.41.21] come from anyway? I don't see it anywhere in the headers.

--edit: all the original messages are legitimate mail, not spam

Berhanie 07-21-2010 09:57 AM

Quote:

- why are the failure notices refused? Is that a fault on the sender side, for example sending the wrong return address?
the failure notification is refused because the server was unable to connect back to mxcorp1.pacific.net.sg, which is
the MX for ph1.com.sg.
Code:

[berhanie@machine ~]$ dig ph1.com.sg mx +short
10 mxcorp1.pacific.net.sg.
10 mxcorp2.pacific.net.sg.

You can use the postcat command to read mail in queues.


All times are GMT -5. The time now is 03:35 PM.