On Thu, 07 May 2009, Charles Marcus wrote: > relayhost = [post18.emailfiltering.com]
Interesting. > May 6 15:22:06 myhost postfix/smtpd[4799]: connect from > ixe-mta-18-tx.emailfiltering.com[194.116.198.213] > May 6 15:22:06 myhost postfix/smtpd[4799]: NOQUEUE: reject: RCPT from > ixe-mta-18-tx.emailfiltering.com[194.116.198.213]: 554 5.7.1 <hlug0901 > 0...@buzzhost.co.uk>: Sender address rejected: Access denied; > from=<hlug090...@buzzhost.co.uk> to=<cmar...@media-brokers.com> > proto=ESMTP helo > =<ixe-mta-18.emailfiltering.com> Notice your relayhost (which also acts as the MX for your domain) accepts the message from the sender and tries to deliver it to your mail store, at which point your Postfix installation REJECTs the message. This probably generates a bounce report (by emailfiltering.com) to the envelope sender. If so, that is backscatter. > Then about 42 minutes later, the flood of these 'ABUSE' messages (about > one per second until I removed the address from the blocked senders > list, after which they immediately stopped): > > May 6 16:04:19 myhost postfix/smtpd[5523]: connect from > ixe-mta-18-tx.emailfiltering.com[194.116.198.213] > May 6 16:04:20 myhost postfix/smtpd[5523]: 1F0844D45CD: > client=ixe-mta-18-tx.emailfiltering.com[194.116.198.213] > May 6 16:04:20 myhost postfix/cleanup[5541]: 1F0844D45CD: > message-id=<20090506200420.1f0844d4...@smtp.media-brokers.com> > May 6 16:04:20 myhost postfix/qmgr[919]: 1F0844D45CD: > from=<cmar...@media-brokers.com>, size=1809, nrcpt=1 (queue active) > May 6 16:04:20 myhost postfix/virtual[5608]: 1F0844D45CD: > to=<cmar...@media-brokers.com>, relay=virtual, delay=0.47, > delays=0.46/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir) > May 6 16:04:20 myhost postfix/qmgr[919]: 1F0844D45CD: removed Again, these messages hit your machine not from their source, but the emailfiltering.com machine that relays mail to and fro your Postfix box. You should troubleshoot this issue at the actual gateway MX that receives or generates the offending message. > Look, I certainly know Victor and Wietse don't need me to defend them > from impotent threats of violence from morons like Rik, and I should > have just kept my mouth shut, but it really irked me to see these > comments aimed at the people who provide such incredible help here, of > which I have been the recipient more than once. It's best to ignore such things and get on with your day. -- Sahil Tandon <sa...@tandon.net>
