Who's sending this mail to "Bad destination mailbox address"
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Who's sending this mail to "Bad destination mailbox address"
I keep getting this in log messages. It happens everyday. Seems to be to just random bad addresses. I typically get from 5 to 15 of these per day. Should I be worried? How can I stop this?
Quote:
6 Sent via SMTP ---------------------------------------------------------------------------
1 aaonline.org
1 dalionline.com
1 pacificpumps.cn
1 sharpinsurance.com
1 teaspoonsugar.com
1 wildernessskishop.com
Any other mail server in the world has the theoretical right to want to talk to you, and that's what's going on here. What is also happening is that you are refusing to pass on the mail, due to a presumably correct config file. they can ask you to do whatever they want, and it's up to you to say yes or no, and these were no's. The quantity isn't huge, but if you did want to reduce it further you could use software like fail2ban to read these logs and block the ip addresses who sent it. on balance *I* probably wouldn't bother...
Maybe I'm wrong, but if postfix was denying the sender shouldn't I get a "relay access denied" in my logs. The error that I am getting is "bad destination mailbox address". This seems to indicate to me that the messages ARE being sent by postfix.
However, if someone was using my postfix for spamming I would expect to see thousands of emails going out. I am only seeing 5 - 20 per day. Of those, only a couple are valid and ALL the others get the "bad destination mailbox address" error. I'm confused
your server tried to SEND (via SMTP) to those 6 domains
6 messages were locally bounced
Do you have a content filter running?
Are you performing recipient validation ?
I'd suspect these messages are messages your server accepted, but then could not deliver, and it tried to send a bounce, and the bounce could not be delivered because the domains are bogus.
Show the appropriate log lines to verify, and output from postconf -n.
I have replaced my domain name with mydomain.com. My mail is relayed through my isp (insightbb.com). The only people that should be sending mail on this server are myself and my drupal sites.
The log lines shown only indicate mail was successfully sent by your server to your ISP. There are no (local) bounces indicated here. Look for status=bounced and show the log lines relating to the queue IDs for the bounced messages.
I've been presuming that the 6 domains listed in the initial post are not your domains, and you are wondering why mail is being unexpectedly sent to those domains. If your users have not sent those messages, then either:
1) your server is an open relay
2) your server is accepting messages for unlisted users and then bouncing messages back to likely innocent servers (i.e. your server is a source of backscatter; this can get your server blacklisted).
There should be no "OK" values in your file /etc/postfix/client_access, as this can make you an open relay given your smtpd_recipient_restrictions.
There should be no "OK" values in your file /etc/postfix/client_access, as this can make you an open relay given your smtpd_recipient_restrictions.
Currently, I have only my own gmail address in my client_access. I'm not sure if this is a security risk. I don't completely understand the postfix documentation. Do you think I should delete this OK for my gmail?
Quote:
Originally Posted by Mr. C.
2) your server is accepting messages for unlisted users and then bouncing messages back to likely innocent servers (i.e. your server is a source of backscatter; this can get your server blacklisted).
I think you are right about this. It looks to me like someone is sending email to a non-existent username i_hate on my server with forged from addresses. Since all of the addresses are bogus and not actually going to any valid server, will this still get me blacklisted? Is there any way to stop my postfix from sending a bounce when it receives mail for a non-existent user?
An email address in your client_access file does not make sense. The check_client_access check tests the *client* hostname or IP address. Show the contents of the file if you are uncertain about how it is used. Again, if you have any OK in there, then your server is open to anyone to anyone to relay. The basic SMTP protocol provides no means for ensuring a connecting server provides accurate, truthful information.
Move the check_client_access *after* the reject_unauth_destination.
Your goal is not to prevent bounces - your goal should be to a) close your system as an open relay, and b) don't accept email for users that don't exist on your system.
Don't think that there is some single person out there trying to use your mail server. Rather, there are millions of owned machines that send to random, dictionary-based email addresses, to or through servers such as yours. Some messages bounce, some are accepted.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.