From owner-freebsd-questions@freebsd.org Mon Jan 21 07:31:13 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1B9DA149A1F3 for ; Mon, 21 Jan 2019 07:31:13 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 064A772698 for ; Mon, 21 Jan 2019 07:31:11 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: by mail-wr1-x42e.google.com with SMTP id u4so22017059wrp.3 for ; Sun, 20 Jan 2019 23:31:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tIgXSojLQ+9lsa3i5Z7Yp2+wWmBoV+sVUE7x5gDLExw=; b=excMBrlzA4SUkJXhDxbZflebYutarpobAZ1fkmrQo3dmcZN3seBXU9+S3wR/cwTHpT DaIyxzPvTw0B8rgbVJk8GuwhAYD4X4UQSOdoqG/9/EwUvseJstQiwEfh12T0UBLMSZWV 2qx2TtsCvJqEnYS0xB9iCNdFYZt3FyiVhGoAhje036q2MKPLWY5z1bJpFTLNn09DdlUf 7R+GywXANfacG9gu15AOIWpRaAzdqSw8Fih3iqRu4WTVBx1GLWd4exCw2S+u9CynkNV2 9EB1l89F9KCw/IVp68Zy63czAoAvBnuv0dEFm4UHi7zdvppY/FPWBWT+grUjKf8mx2Ka t0GQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tIgXSojLQ+9lsa3i5Z7Yp2+wWmBoV+sVUE7x5gDLExw=; b=lGCuEpIvtL+m5XAefnmJJZHvCxZb0bktYp4dFueSaZiqrMdSsS37qpi6tR7aRq2d1v uFWTx9fDRXSrzJ/mGPnr+IuU7AS0cvZVyNoRsTxUhrc2zcKClJMT/059VPC9EFidjDWf lQ91ZNieNdY4lq79m6+ga/gFYLN7ZOnnNH3ZTa2i2GEKzua9Qo8cOzxln7KRYfkqQfNI A/Cn6/ae4Vwgct8zWBaczZoJL9J5WUFMtkQhP0URotZX2R0H/4UN5l8UVOsmFRj7aLN1 ZOE2lkFgg+a+xw/Q8BvfRJiCwipTHRNi76dJtr6lpLewPYRJMz/F9PZsp+H6uA67G+16 i/kw== X-Gm-Message-State: AJcUukeQzuBN1piEjAmMLXHqLAm2k3iyJlwnjdB7a+JapZDQN9SVZFOw 9F2+rqLCxKl7lNezFDYzlrjNPOXH506ixitCzuY= X-Google-Smtp-Source: ALg8bN6YaLKWcVcfTqcfv4pBw/GK4eDoV7jPow9d89RgwO5YOBGx+LrIV0ZnOI6DErCCdS9qN/m8nihJcjJHIMqoXi4= X-Received: by 2002:adf:b783:: with SMTP id s3mr27940580wre.274.1548055869598; Sun, 20 Jan 2019 23:31:09 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Odhiambo Washington Date: Mon, 21 Jan 2019 10:30:25 +0300 Message-ID: Subject: Re: Trying to understand some email issues To: Patrick Mahan Cc: User Questions X-Rspamd-Queue-Id: 064A772698 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=excMBrlz; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of odhiambo@gmail.com designates 2a00:1450:4864:20::42e as permitted sender) smtp.mailfrom=odhiambo@gmail.com X-Spamd-Result: default: False [-6.63 / 15.00]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_SHORT(-0.97)[-0.974,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[e.2.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(-2.65)[ip: (-9.17), ipnet: 2a00:1450::/32(-2.14), asn: 15169(-1.85), country: US(-0.08)]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jan 2019 07:31:13 -0000 On Mon, 21 Jan 2019 at 09:35, Patrick Mahan wrote: > All, > > FreeBSD 11.2 > > Running postfix 3.3.2_1,1 > > I'm getting hammered with thousands of emails from yahoo.com - > > Here is an example - > > Jan 20 22:09:01 ns postfix/smtp[1308]: 2DA97A2E2EF: to=, > relay=mx-aol.mail.gm0.yahoodns.net[98.137.157.43]:25, delay=13730, > delays=13728/0.31/1.1/0.06, dsn=4.7.0, status=deferred (host > mx-aol.mail.gm0.yahoodns.net[98.137.157.43] said: 421 4.7.0 [TSS04] > Messages from 23.24.207.145 temporarily deferred due to user complaints - > 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply > to MAIL FROM command)) > > I'm trying to determine if I am somehow relaying emails to yahoo.com, or > is > this someone attacking me. > Your server's public IP address is 23.24.207.145, right? Yahoo MX is "temporarily" (that is what SMTP Error Code 451 is. Code 550 is "permanently") rejecting mail from your server. This is normal with Yahoo and you need to go to the given URL to understand why and possible ways of mitigating the issue. The thing is that ultimately, after some retries, Yahoo servers may accept the mail. You need to check your Postfix logs for this particular, or other such emails to see if they are originated by your legit users/IPs. > I am pretty sure I have postfix to avoid acting like a relay for > unauthenticated connections. But this maybe something I have messed up. > This has been happening only since I upgraded to 11.2 (I was at 9.x). I > also just recently switch from sendmail to postfix as well. > You just need to sit down and read Postfix documentation and understand it's internals, especially the logs. Without a clear understanding of the logs, you should be very worried as a Mail SysAdmin, very worried! :-) I am NOT a Postfix Admin, but I understand some stuff about it. I use Exim as my preferred MTA. > I can provide my postfix config on request if needed. > Not necessary for this case. However, I would advise you to sit easy if you followed a proper howto in setting up your MTA. Just take your time now to read about and understand the logging. > > Pointers to other mail-lists are welcomed. I decided to start here before > jumping on the postfix mailing list. > > No problem. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-)