On 20 Oct 2008, at 18:45, Linux Addict wrote:
On Mon, Oct 20, 2008 at 6:41 PM, Neil <[EMAIL PROTECTED]> wrote:
On 20 Oct 2008, at 18:39, Linux Addict wrote:
On Mon, Oct 20, 2008 at 6:33 PM, Neil <[EMAIL PROTECTED]> wrote:
On 20 Oct 2008, at 18:24, Linux Addict wrote:
Hi, Looks like our MX servers are hit hard by a specific email
address which is sending frequent mails trying to use our relay
effectively many mail servers seems to be blacklisting.
Oct 20 18:20:05 mx01 postfix/qmgr[6512]: DBB784BE68E: from=<[EMAIL PROTECTED]
>, size=3309, nrcpt=1 (queue active)
Oct 20 18:20:05 mx0 postfix/error[9345]: DA960E73E11: to=<[EMAIL PROTECTED]
>, relay=none, delay=77080, delays=76950/130/0/0.01, dsn=4.4.1,
status=deferred (delivery temporarily suspended: connect to
exchange.net Connection timed out)
Please help me stop this. Thank you!
~LA
Unless I'm mistaken (and I'm not the most knowledgeable person on
this list), I think your server thinks it's okay to accept mail for
the domain "exchange.net" (and I'm assuming "exchange.net" isn't
yours). So to fix this, you need to tell postfix only to accept
mail for your domains. I think you should check my_destination,
relay_domains, etc.
Post the output of "postconf -n".
-N.
Thanks for your reply.
mydestination = $myhostname
relay_domains = $mydestination
Actually its not just exchange.net, most of the mails are being
sent to bellsouth.net
Oct 20 18:37:27 mx01 postfix/qmgr[6597]: 5CE74D08FE1: from=<[EMAIL PROTECTED]
>, size=3237, nrcpt=1 (queue active)
Oct 20 18:37:27 mx01 postfix/error[6838]: 57AD01031088: to=<[EMAIL PROTECTED]
>, relay=none, delay=14928, delays=14928/0.05/0/0, dsn=4.0.0,
status=deferred (delivery temporarily suspended: host gateway-
f2.isp.att.net[207.115.11.16] refused to talk to me: 450 too
frequent connects from 63.240.86.13, please try again later.)
Thanks
LA
I don't think you need $mydestination in relay_domains. And the
rest of postconf -n would still be useful.
[snip]
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_invalid_hostname, reject_unauth_pipelining,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_rbl_client blackholes.easynet.nl, reject_rbl_client
cbl.abuseat.org, reject_rbl_client
proxies.blackholes.wirehub.net, reject_rbl_client
bl.spamcop.net, reject_rbl_client sbl.spamhaus.org,
reject_rbl_client dnsbl.njabl.org, reject_rbl_client
list.dsbl.org, reject_rbl_client multihop.dsbl.org, permit
You have a lot of stuff here that I'm not sure about, but the above,
in particular, I think is wrong.
First, I don't think you should have "permit" as the last item. That
is probably your problem. It should probably be "reject", or not
there at all (at which point I think it defaults to "reject").
But while we're here, I don't think you can/should be putting the
following in smtpd_recipient_restrictions:
reject_invalid_hostname (smtpd_helo_restrictions)
reject_unauth_pipelining (smtpd_data_restrictions)
reject_non_fdqn_sender (smtpd_sender_restrictions)
reject_unknown_sender_domain (smtpd_sender_restrictions)
The smtpd_recipient_restrictions should only hold conditions for the
RCPT TO part of the smtp transaction. Those settings listed above
take place during other stages of the smtp transaction. If you look
at the Postfix documentation for smtpd_recipient_restrictions, you'll
see what the valid options are for that setting. In parenthesis, I
put the setting which those options should go in, if you want them at
all. I'm not sure if giving these in smtpd_recipient_restrictions
would do anything to Postfix (though I suspect Wietse has coded it to
just ignore these mistakes).
[snip]
I'm not sure if you need everything that you put in your config; in
some cases I suspect you're overriding defaults for no reason (which
you shouldn't do; Postfix's default usually do the right thing). But
I'll leave the rest of your config for someone with a little more
expertise to comment on...
(And I hope people will correct us if I've given you bad advice.)
-N.
