Date: Mon, 21 Jan 2019 19:25:34 -0800 From: Patrick Mahan <plmahan@gmail.com> To: Noel <noeldude@gmail.com> Cc: User Questions <freebsd-questions@freebsd.org> Subject: Re: Trying to understand some email issues Message-ID: <CAFDHx1%2BLTAOrNVmxRQLTQixiMRVf93BNFvHYgP%2BtsVSvWw2hSQ@mail.gmail.com> In-Reply-To: <e2224174-7fbc-240c-4ee3-273cdc84bdbb@gmail.com> References: <CAFDHx1JFWH8FAJ3nbvZC3m6CCpbjCqrG01PYNMOHJSKo2HnWWQ@mail.gmail.com> <CADy1Ce6-yVcMtZmZW6diGu_3WADNqTFsGEcceSvgp8R0d%2B_vfA@mail.gmail.com> <CAFDHx1J9Mx6gV-yaC4Pgh57SSbtkV1=-m8-qvDVswgG2L0a5ng@mail.gmail.com> <e2224174-7fbc-240c-4ee3-273cdc84bdbb@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Problem solved, some how I had allow some spams through sometime yesterday morning which was when I was initially configuring postfix. So I must of allowed it through. postqueue -p showed a number of deferred messages. postcat -vq showed that they had come through around 4:30 pm PST yesterday. There were about 6 messages in the queue. I used 'postsuper -d' to remove them and those messages have gone away. I have not seen any new messages of that type. My maillog shows multiple drops of unverified users attempting to relay through. So my next goal is to get my site off of some of those blacklists. Thanks, Patrick Thanks for the help On Mon, Jan 21, 2019 at 1:33 PM Noel <noeldude@gmail.com> wrote: > The log messages show you are *sending* mail, not receiving. > > Jan 20 22:09:01 ns postfix/smtp[1308]: 2DA97A2E2EF: to=<pwascak@aol.com > , > relay=mx-aol.mail.gm0.yahoodns.net[98.137.157.43]:25, delay=13730, > delays=13728/0.31/1.1/0.06, dsn=4.7.0, status=deferred (host > mx-aol.mail.gm0.yahoodns.net[98.137.157.43] said: 421 4.7.0 [TSS04] > Messages from 23.24.207.145 temporarily deferred due to user complaints - > 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in > > > Search earlier logs for the first mention of the QUEUEID for this > message, 2DA97A2E2EF, to see where this particular mail originated. > > You running a web server on this host? Insecure web forms are often > used to send spam. A new server install might have forms you didn't > have before, or didn't intend to install. > > > > -- Noel Jones > > On 1/21/2019 12:40 PM, Patrick Mahan wrote: > > Thanks, > > > > mxtoolbox shows that I am on 13 out of 95 blacklists, so it seems I was > > sending out spam. > > > > Patrick > > > > On Mon, Jan 21, 2019 at 8:47 AM Kurt Buff - GSEC, GCIH < > kurt.buff@gmail.com> > > wrote: > > > >> On Sun, Jan 20, 2019 at 10:34 PM Patrick Mahan <plmahan@gmail.com> > wrote: > >>> All, > >>> > >>> FreeBSD 11.2 > >>> > >>> Running postfix 3.3.2_1,1 > >>> > >>> I'm getting hammered with thousands of emails from yahoo.com - > >>> > >>> Here is an example - > >>> > >>> Jan 20 22:09:01 ns postfix/smtp[1308]: 2DA97A2E2EF: to=< > pwascak@aol.com > >>> , > >>> relay=mx-aol.mail.gm0.yahoodns.net[98.137.157.43]:25, delay=13730, > >>> delays=13728/0.31/1.1/0.06, dsn=4.7.0, status=deferred (host > >>> mx-aol.mail.gm0.yahoodns.net[98.137.157.43] said: 421 4.7.0 [TSS04] > >>> Messages from 23.24.207.145 temporarily deferred due to user > complaints - > >>> 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in > >> reply > >>> to MAIL FROM command)) > >>> > >>> I'm trying to determine if I am somehow relaying emails to yahoo.com, > >> or is > >>> this someone attacking me. > >>> > >>> I am pretty sure I have postfix to avoid acting like a relay for > >>> unauthenticated connections. But this maybe something I have messed > up. > >>> This has been happening only since I upgraded to 11.2 (I was at 9.x). > I > >>> also just recently switch from sendmail to postfix as well. > >>> > >>> I can provide my postfix config on request if needed. > >>> > >>> Pointers to other mail-lists are welcomed. I decided to start here > >> before > >>> jumping on the postfix mailing list. > >>> > >>> Thanks in advance, > >>> > >>> Patrick > >> I'd suggest, as a first measure, going to https://mxtoolbox.com, and > >> looking at their reports for your domain name and your IP address. > >> > >> Understanding your config and your logs is good, but a quick review of > >> how others see your domain can point you in the right direction if > >> there's an error in your config. > >> > >> For instance, you might have inadvertently made your host an open > >> relay, and mxtoolbox will understand that. (that just an example - it > >> actually seems unlikely, as otherwise you'd be getting bounces from > >> more than just yahoo) > >> > >> Kurt > >> _______________________________________________ > >> freebsd-questions@freebsd.org mailing list > >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions > >> To unsubscribe, send any mail to " > >> freebsd-questions-unsubscribe@freebsd.org" > >> > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFDHx1%2BLTAOrNVmxRQLTQixiMRVf93BNFvHYgP%2BtsVSvWw2hSQ>