Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm running postfix on SuSE 10.2. I really don't want to be relaying mail for spammers. When I went into Webmin the postfix mail queue showed 8 undelivered messages.
I can't give you a more technical answer than 'I followed the examples' and it works, because when I run mail stats on the log files the black lists are definitely blocking. It looks like it can be done in either location.
Wow. Looks like my SuSE Linux server has been hacked and is spamming people.
This is the email I've just got:
"Hi. This is the qmail-send program at webmail2.ecritel.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<dt@industrietextile.com>:
user is over quota
--- Below this line is a copy of the message.
Return-Path: <dougnc@me.ccom>
Received: (qmail 25544 invoked by uid 505); 23 Jul 2007 15:47:11 -0000
Received: from dougnc@me.com by webmail2.ecritel.net by uid 502 with qmail-scanner-1.16
*( Clear:.
*Processed in 2.073625 secs); 23 Jul 2007 15:47:11 -0000
Received: from unknown (HELO cpe90-146-30-32.liwest.at) (90.146.30.32)
* by webmail2.ecritel.net with SMTP; 23 Jul 2007 15:47:09 -0000
Received: from asbrmnw ([192.187.112.115])
********by cpe90-146-30-32.liwest.at (8.13.4/8.13.4) with SMTP id k459414943495m1Da119383
********for <dt@industrietextile.com>; Mon, 23 Jul 2007 17:45:04 +0100 (CDT)
********(envelope-from dougnc@me.com)
Message-ID: <00ab01c7cd40$702a4d50$201e925a@asbrmnw>
From: "dougnc" <dougnc@me.com>
To: <dt@industrietextile.com>
Subject: gratifying debutante
Date: Mon, 23 Jul 2007 22:41:10 +0600
MIME-Version: 1.0
Content-Type: multipart/related;
********boundary="----=_NextPart_000_00A8_01C7CD51.33508AF0";
********type="multipart/alternative"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3028
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
The error posted in your last message is simply another mail server that is unable to deliver a message your server send because the recipient mailbox is full.
Quote:
user is over quota
Theres no way I can tell from what is posted whether that message was relayed from somewhere else or if it was a legit message sent by one of your users.
I see a lot of junk like that when our users have their autoreply turned on and it replies to a spam message.
still your best bet is to use one of the online tests to verify your mail server status... open or closed
The error posted in your last message is simply another mail server that is unable to deliver a message your server send because the recipient mailbox is full.
Theres no way I can tell from what is posted whether that message was relayed from somewhere else or if it was a legit message sent by one of your users.
I see a lot of junk like that when our users have their autoreply turned on and it replies to a spam message.
still your best bet is to use one of the online tests to verify your mail server status... open or closed
I know definitely that it wasn't sent from one of my users. It's a home server and I'm the only login.
I used that relay test and all my domains tested as no relay.
But when I went into Webmin, postfix configuration, and looked at mail queue, I found this new one. It's definitely not one of my users. (I changed the first email addy)
67EA46CAD8 67EA46CAD8 Tue Jul 24 08:29:11 name@domain to postmaster@com.com 2.36 kB connect to com.com[216.239.122.102]: Connection timed out
I'm really not getting this. Postfix is supposed to default to no relay. I must assume that Postfix has been hacked like I used to get my Exchange server hacked.
Also, you might post complete logs, not pieces of lines, so we can see what's going on. The part in bold (below) is especially important, as it records how the mail was submitted, whether by smtp (as below), or via the command line. Since you're probably not an open relay, maybe someone's submitting mail through one of your web forms.
Code:
Jul 24 17:07:17 myhost postfix/smtpd[11277]: connect from somehost.domain.com.br[xxx.xxx.xxx.xxx]
And here's the logs from a bogus email that's in my postfix out queue. See the email addy it was first sent to? lastnamedoug@mydomain.com? The original has my real last name, but I changed it. The very spooky thing is that as far as I know, my last name appears nowhere on the internet.
I would suggest joining the postfix mail list and ask over there. the people that write and maintain postfix monitor that list and theres some people that know postfix inside and out. they would be able to get you sorted out in no time.
I would suggest joining the postfix mail list and ask over there. the people that write and maintain postfix monitor that list and theres some people that know postfix inside and out. they would be able to get you sorted out in no time.
In your postconf output above I don't see a definition for $mynetworks which is what is allowd to relay. The most significant variable is "relay_host". You need to create the '$mynetworks =' variable then you should be fine.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.