Thank you IBBoard, that is a nice idea, I am trying to understand it. Now I understand, thank you very much. This is the first time I make use of my evolution mail menu to view the message headers, so the header does show the SMTP id as well and I can use that to grep it in postfix log.
Return-path: <i...@qwestcz.cz> X-original-to: i...@mydomain.com Delivered-to: i...@mydomain.com Received: from conaxedition (unknown [88.229.53.253]) by mail.mydomain.com(Postfix) with SMTP id 2D1A31980003 for < i...@mydomain.com>; Thu, 1 Jan 2009 11:04:47 -0800 (PST) To: i...@mydomain.com Subject: nhmt i...@mydomain.com Thu, 1 Jan 2009 09:05:34 +0200 70%0FF fqnjw From: Viagra.com <i...@mydomain.com> Mime-version: 1.0 Content-type: text/html Message-id: <20090101190448.2d1a31980...@mail.mydomain.com> Date: Thu, 1 Jan 2009 11:04:47 -0800 (PST) (Fri, 03:04 MYT) X-evolution-source: imap://will...@mail.mydomain.com/ Jan 1 11:04:48 www postfix/smtpd[18133]: 2D1A31980003: client=unknown[88.229.53.253] Jan 1 11:04:49 www postfix/cleanup[18139]: 2D1A31980003: message-id=< 20090101190448.2d1a31980...@mail.mydomain.com> Jan 1 11:04:49 www postfix/qmgr[28143]: 2D1A31980003: from=<i...@qwestcz.cz>, size=2162, nrcpt=1 (queue active) Jan 1 11:04:49 www postfix/local[18143]: 2D1A31980003: to=< will...@mydomain.com>, orig_to=<i...@mydomain.com>, relay=local, delay=1.9, delays=1.9/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir) Jan 1 11:04:49 www postfix/qmgr[28143]: 2D1A31980003: removed One more thing, here is a log that show three trials but actually there are at least 30 trials of that, when I grep that queue ID it does not show the client address that is trying to send the message, is that a spammer that trying to use my mail server to send message to some one ? How can I block it ? or What should I do ? Dec 28 01:03:25 www postfix/qmgr[32221]: B041D198056F: from=<>, size=4247, nrcpt=1 (queue active) Dec 28 01:04:16 www postfix/smtp[25721]: B041D198056F: to=< tizia...@barak.net>, relay=none, delay=62670, delays=62618/0.21/51/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=barak.net type=MX: Host not found, try again) Dec 28 02:26:44 www postfix/qmgr[32221]: B041D198056F: from=<>, size=4247, nrcpt=1 (queue active) Dec 28 02:27:35 www postfix/smtp[21822]: B041D198056F: to=< tizia...@barak.net>, relay=none, delay=67669, delays=67618/0.02/51/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=barak.net type=MX: Host not found, try again) Dec 28 03:50:04 www postfix/qmgr[32221]: B041D198056F: from=<>, size=4247, nrcpt=1 (queue active) Dec 28 03:50:56 www postfix/smtp[28421]: B041D198056F: to=< tizia...@barak.net>, relay=none, delay=72670, delays=72618/1.1/51/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=barak.net type=MX: Host not found, try again) Jan 1 07:54:32 www postfix/qmgr[28143]: B041D198056F: from=<>, status=expired, returned to sender Jan 1 07:54:32 www postfix/qmgr[28143]: B041D198056F: removed On Sat, Jan 3, 2009 at 1:07 AM, Victor Duchovni < victor.ducho...@morganstanley.com> wrote: > On Fri, Jan 02, 2009 at 11:42:17PM +0800, William Kisman wrote: > > > Hello, I have searched around trying to understand the postfix log > message > > because I found that my server is being abused by the spammer which the > > spammer sending me the message with the sender as my email. > > Email sender addresses are easily forged. Nothing new here. > > > I have a form > > that allow user to send message to their friends about my website link, > but > > when I checked the apache log files, I did not see the spammer abusing > that > > dynamic link. > > > > What are the possibilities that the spammer could use my mail server to > spam > > ? > > How is this related to receiving email with forged sender addresses? Do > check the headers of the forged email, if it arrived from outside, no > point in checking web logs, .... > > > I have googled on how to understand the postfix log file but not much > useful > > information that I got, do you know any good one ? > > First take the time to understand that email envelope and sender > information is unauthenticated and subject to forgery. > > -- > Viktor. > > Disclaimer: off-list followups get on-list replies or get ignored. > Please do not ignore the "Reply-To" header. > > To unsubscribe from the postfix-users list, visit > http://www.postfix.org/lists.html or click the link below: > <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users> > > If my response solves your problem, the best way to thank me is to not > send an "it worked, thanks" follow-up. If you must respond, please put > "It worked, thanks" in the "Subject" so I can delete these quickly. > -- Thank you Best regards, William Kisman
