Fri, 8 Feb 2013 09:45:07 -0600 skrev /dev/rob0 <r...@gmx.co.uk>: snip > > --- > > titanus@ntdata:/var/log$ grep "048341743609" mail.log.1 > > > > Feb 7 22:12:48 ntdata postfix/pickup[24843]: 048341743609: uid=5005 > > from=<SRS0=3u76=L7=gmail.com=jimmiedcu...@nt-data.dk> > > pickup(8) picks up mail which was sent via sendmail(1). This is a > local/system user's process (UID 5005, specifically) sending the > mail. Your misunderstanding this time seems to be that you think it > came from the network and could thus be rejected. > > If this seems to be some kind of abuse, it could be that something > you're running on the server has been compromised; web/php scripts > being the most common vector.
I'm sorry, UID 5005 is SpamAssassin. The grep-command didn't got all the lines, so here they are: --- Feb 7 22:12:46 ntdata postfix/smtpd[30171]: connect from c-50-151-186-224.hsd1.in.comcast.net[50.151.186.224] Feb 7 22:12:47 ntdata postfix/smtpd[30171]: 39E441743607: client=c-50-151-186-224.hsd1.in.comcast.net[50.151.186.224] Feb 7 22:12:47 ntdata postfix/cleanup[30176]: 39E441743607: message-id=<gi63z8-uskq93...@tdhhadcuneunhvooig.alumni.insead.edu> Feb 7 22:12:47 ntdata postfix/qmgr[20252]: 39E441743607: from=<SRS0=3u76=L7=gmail.com=jimmiedcu...@nt-data.dk>, size=2182, nrcpt=1 (queue active) Feb 7 22:12:47 ntdata spamd[6887]: spamd: connection from localhost.localdomain [127.0.0.1] at port 58896 Feb 7 22:12:47 ntdata spamd[6887]: spamd: processing message <gi63z8-uskq93...@tdhhadcuneunhvooig.alumni.insead.edu> for a...@ubuntudanmark.dk:5005 Feb 7 22:12:47 ntdata postfix/smtpd[30171]: disconnect from c-50-151-186-224.hsd1.in.comcast.net[50.151.186.224] Feb 7 22:12:48 ntdata spamd[6887]: spamd: identified spam (11.6/5.0) for a...@ubuntudanmark.dk:5005 in 0.4 seconds, 2200 bytes. Feb 7 22:12:48 ntdata spamd[6887]: spamd: result: Y 11 - FH_HELO_EQ_D_D_D_D,HELO_DYNAMIC_IPADDR,RCVD_IN_BRBL_LASTEXT,RCVD_IN_PBL,RCVD_IN_XBL,RDNS_DYNAMIC,SPF_FAIL scantime=0.4,size=2200,user=a...@ubuntudanmark.dk,uid=5005,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58896,mid=<gi63z8-uskq93...@tdhhadcuneunhvooig.alumni.insead.edu>,autolearn=no Feb 7 22:12:48 ntdata postfix/pickup[24843]: 048341743609: uid=5005 from=<SRS0=3u76=L7=gmail.com=jimmiedcu...@nt-data.dk> Feb 7 22:12:48 ntdata postfix/pipe[30177]: 39E441743607: to=<a...@ubuntudanmark.dk>, relay=spamassassin, delay=0.95, delays=0.53/0/0/0.41, dsn=2.0.0, status=sent (delivered via spamassassin service) Feb 7 22:12:48 ntdata postfix/qmgr[20252]: 39E441743607: removed Feb 7 22:12:48 ntdata postfix/cleanup[30176]: 048341743609: message-id=<gi63z8-uskq93...@tdhhadcuneunhvooig.alumni.insead.edu> Feb 7 22:12:48 ntdata postfix/qmgr[20252]: 048341743609: from=<SRS0=3u76=L7=gmail.com=jimmiedcu...@nt-data.dk>, size=5268, nrcpt=1 (queue active) Feb 7 22:12:48 ntdata spamd[6886]: prefork: child states: II Feb 7 22:12:48 ntdata postfix/smtp[30181]: certificate verification failed for mx01.ubuntudanmark.dk[31.192.231.5]:25: self-signed certificate Feb 7 22:12:48 ntdata postfix/smtp[30181]: 048341743609: to=<a...@ubuntudanmark.dk>, relay=mx01.ubuntudanmark.dk[31.192.231.5]:25, delay=0.71, delays=0/0.04/0.17/0.5, dsn=5.1.1, status=bounced (host mx01.ubuntudanmark.dk[31.192.231.5] said: 550 5.1.1 <a...@ubuntudanmark.dk>: Recipient address rejected: User unknown in virtual mailbox table (in reply to RCPT TO command)) Feb 7 22:12:48 ntdata postfix/cleanup[30176]: B201D1743608: message-id=<20130207211248.b201d1743...@ntdata.nt-data.dk> Feb 7 22:12:48 ntdata postfix/bounce[30182]: 048341743609: sender non-delivery notification: B201D1743608 Feb 7 22:12:48 ntdata postfix/qmgr[20252]: B201D1743608: from=<>, size=7699, nrcpt=1 (queue active) Feb 7 22:12:48 ntdata postfix/qmgr[20252]: 048341743609: removed Feb 7 22:12:49 ntdata postfix/smtp[30183]: certificate verification failed for gmail-smtp-in.l.google.com[173.194.71.26]:25: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority Feb 7 22:12:52 ntdata postfix/smtp[30183]: B201D1743608: to=<jimmiedcu...@gmail.com>, orig_to=<SRS0=3u76=L7=gmail.com=jimmiedcu...@nt-data.dk>, relay=gmail-smtp-in.l.google.com[173.194.71.26]:25, delay=3.4, delays=0.01/0.01/0.29/3, dsn=5.1.1, status=bounced (host gmail-smtp-in.l.google.com[173.194.71.26] said: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 bc7si9536557lbb.184 - gsmtp (in reply to RCPT TO command)) Feb 7 22:12:52 ntdata postfix/qmgr[20252]: B201D1743608: removed --- snip > > FWIW, generally a backup MX is a bad idea. Why did you want it? > > [snip] Yeah, I start to see why. nt-data is my (soon to be) hosting company, and when handling other peoples mail, I think it's wise to have some sort of a backup system in place. I've been searching high and low for alternatives, but short of setting something fancy up there don't seem to be any. Thank you for the reply.
