[lug] Am I spamming? postfix log question

George Sexton georges at mhsoftware.com
Wed Sep 3 08:29:52 MDT 2014 

A reasonable smtpd_sender_restrictions would be:

smtpd_sender_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_rbl_client 
zen.spamhaus.org,permit



On 9/1/2014 12:59 PM, Chip Atkinson wrote:
> Hi folks,
>
> I'm going through my maillogs and I see entries like this:
>
> maillog-20140811:Aug  5 00:03:46 tedward postfix/cleanup[23181]: 
> B64A11AE3AB2: message-id=<20140805060346.B64A11AE3AB2 at tedward.pupman.com>
>
> maillog-20140811:Aug  5 00:03:46 tedward postfix/qmgr[6868]: 
> B64A11AE3AB2: from=<>, size=10913, nrcpt=1 (queue active)
>
> maillog-20140811:Aug  5 00:03:46 tedward postfix/bounce[23183]: 
> 84C3A1AE3AA9: sender non-delivery notification: B64A11AE3AB2
>
> maillog-20140811:Aug  5 00:03:46 tedward postfix/smtp[23187]: 
> B64A11AE3AB2: to=<BureauScores at natric.eu>, 
> relay=hgsp68.natric.eu[162.253.152.22]:25, delay=0.24, 
> delays=0/0.01/0.23/0, dsn=4.4.2, status=deferred (lost connection with 
> hgsp68.natric.eu[162.253.152.22] while receiving the initial server 
> greeting)
>
> maillog-20140811:Aug  5 00:12:38 tedward postfix/qmgr[6868]: 
> B64A11AE3AB2: from=<>, size=10913, nrcpt=1 (queue active)
>
> maillog-20140811:Aug  5 00:12:38 tedward postfix/smtp[1505]: 
> B64A11AE3AB2: to=<BureauScores at natric.eu>, 
> relay=hgsp68.natric.eu[162.253.152.22]:25, delay=532, 
> delays=532/0.01/0.19/0, dsn=4.4.2, status=deferred (lost connection 
> with hgsp68.natric.eu[162.253.152.22] while receiving the initial 
> server greeting)
>
> (Gaps added for clarity due to wrapping)
>
> To me it looks like my server got some email from "<>" and then tried 
> to deliver to BureauScores at natric.edu.
>
> Is my interpretation correct, and if so, any suggestions on how to 
> combat the problem?
>
> Here's postconf -n's output if that helps.
>
> Thanks in advance.
>
> Chip
>
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> data_directory = /var/lib/postfix
> debug_peer_level = 2
> debug_peer_list = 167.88.120.115
> html_directory = no
> in_flow_delay = 1s
> inet_interfaces = all
> inet_protocols = ipv4
> local_recipient_maps =
> mail_owner = postfix
> mail_spool_directory = /var/spool/mail
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> masquerade_domains = pupman.com
> message_size_limit = 20480000
> mydestination = $myhostname, localhost.$mydomain, localhost, 
> $mydomain, mail.$mydomain, www.$mydomain, chip1.$mydomain, 
> tedward.pupman.com, www.pupman.com
> mydomain = pupman.com
> myhostname = tedward.pupman.com
> mynetworks = 127.0.0.0/8, 167.88.120.115 [::1]/128
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> owner_request_special = no
> proxy_interfaces = 167.88.120.115
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
> recipient_delimiter = +
> relay_domains = $mydestination, pupman.com,
> sample_directory = /usr/share/doc/postfix-2.6.6/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtpd_client_restrictions = permit_mynetworks
> smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, 
> reject_unauth_destination
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, 
> reject_invalid_hostname,    permit
> smtpd_recipient_restrictions = permit_mynetworks, 
> permit_sasl_authenticated,           reject_non_fqdn_sender, 
> reject_non_fqdn_recipient,           reject_non_fqdn_hostname, 
> reject_invalid_hostname,           reject_unauth_pipelining, 
> reject_unauth_destination,       check_client_access 
> hash:/etc/postfix/rbl_override, reject_unknown_sender_domain, 
> reject_unknown_recipient_domain,           reject_rbl_client 
> zen.spamhaus.org,           reject_rbl_client dnsbl.njabl.net, 
> reject_rbl_client bl.spamcop.net,           reject_rbl_client 
> cbl.abuseat.org,           reject_rhsbl_helo dbl.spamhaus.org, 
> reject_rhsbl_sender dbl.spamhaus.org,           permit
> smtpd_sender_restrictions = permit_mynetworks, 
> reject_unknown_sender_domain, reject_unknown_address
> unknown_local_recipient_reject_code = 550
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>

-- 
George Sexton
*MH Software, Inc.*
Voice: 303 438 9585
http://www.mhsoftware.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20140903/0c12f6dc/attachment.html>

More information about the LUG mailing list