Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 10-28-2011, 03:46 AM   #1
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 44

Rep: Reputation: Disabled
understanding /var/log/maillog

Hi everyone,

After developing my mail server for weeks, I finally redirected the DNS Servers to take it 'live' for a few hours of last week. The box runs dovecot/MailScanner/SpamAssassin/SASL/SSL/PostGrey and SquirrelMail , and is based on CentOS 5.6.

After a couple of hours online, I noticed some strange things happening in my MailLog, so I pulled the system offline to take a look. That said, in spite of reverting my DNS changes, I did leave my server 'online' (ie. not firewalled, publically viewable IP address) unwittingly for a few more days - reapplying the firewall just didn't cross my mind!)

Anyway, here are some examples of the /var/log/maillog entries. To me, it looks like I've been inadvertedly running as a realy for a short while - is this correct? If so, how can I improve my /etc/postfix/ to cut this out? (the important bits of this file are posted below too).

example maillog output:
Oct 26 16:05:35 mail update.virus.scanners: Running autoupdate for generic
Oct 26 16:58:42 mail postfix/smtpd[29761]: warning: hostname verification failed: Name or service not known
Oct 26 16:58:42 mail postfix/smtpd[29761]: connect from unknown[]
Oct 26 16:58:44 mail postgrey[3934]: action=pass, reason=recipient whitelist, client_name=unknown, client_address=,,
Oct 26 16:58:44 mail postgrey[3934]: cleaning up old logs... 
Oct 26 16:58:44 mail postfix/smtpd[29761]: C9F05E26AF: client=unknown[]
Oct 26 16:58:46 mail postfix/cleanup[29784]: C9F05E26AF: hold: header Received: from (unknown [])??by (Postfix) with ESMTP id C9F05E26AF??for <>; Wed, 26 Oct 2011 16:58:44 +1100 (EST) from unknown[]; from=<> to=<> proto=ESMTP helo=<>
Oct 26 16:58:46 mail postfix/cleanup[29784]: C9F05E26AF: message-id=<000e01cc51a2$8ed86580$>
Oct 26 16:58:47 mail postfix/smtpd[29761]: disconnect from unknown[]
Oct 26 16:58:48 mail MailScanner[9105]: New Batch: Scanning 1 messages, 1767 bytes
and then:
Oct 26 17:02:07 mail postfix/anvil[29764]: statistics: max connection rate 1/60s for (smtp: at Oct 26 16:58:42
Oct 26 17:02:07 mail postfix/anvil[29764]: statistics: max connection count 1 for (smtp: at Oct 26 16:58:42
Oct 26 17:02:07 mail postfix/anvil[29764]: statistics: max cache size 1 at Oct 26 16:58:42
bottom part of /etc/postfix/
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
#smtpd_recipient_restrictions =  permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_recipient
#check_policy_service unix:postgrey/socket
smtpd_recipient_restrictions = 
  check_policy_service unix:postgrey/socket
broken_sasl_auth_clients = yes

smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_cert_file = /path/to/mydomain.crt
smtpd_tls_key_file = /path/to/mydomain.key
smptd_tls_chain_file = /path/to/gd_bundle.crt
tls_random_source = dev:/dev/urandom

smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

Last edited by scottmusician; 10-28-2011 at 07:09 AM.
Old 10-28-2011, 07:01 AM   #2
Registered: May 2006
Location: Bayern, Germany
Distribution: Many
Posts: 224

Rep: Reputation: 41
If your worry is being an "open relay server", the answer is no.

The email recipient showing on your logs is info at, from your config I guess it's your domain name; so the recipient is valid, albeit clearly spam.

Besides tunning your SpamAssassin you can add these lines to your to stop some spam:
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit
Old 11-02-2011, 11:46 PM   #3
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 44

Original Poster
Rep: Reputation: Disabled
thanks for the advice!


hacked, maillog, postfix, sasl, spam

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help... /var/log/maillog entries L1nuxn00b703 Linux - Newbie 1 10-07-2011 06:44 AM
/var/log/maillog is empty loftus49 Fedora 4 07-08-2010 12:21 AM
Sendmail won't log to /var/log/maillog zumajim Linux - Software 2 07-27-2009 02:38 PM
write mail log to /var/log/maillog jimmyjiang Red Hat 4 01-15-2008 06:18 PM
why is maillog on my server getting created in /var/log/maillog.3 ? weblink_dipti Linux - Software 2 06-16-2007 04:47 AM

All times are GMT -5. The time now is 03:59 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration