Hi Fernando,
Thanks for your response. This is exactly the case. I cleaned the mail queue last night and disabled one of the Drupal installations which seems vulnarable to me. Since last night there are no new emails sent. Which is good. Thank you for your help. Regards From: Fernando Maior [mailto:fernando.souto.ma...@gmail.com] Sent: Wednesday, April 03, 2013 2:39 AM To: Ceyhun Ganioglu Cc: postfix users Subject: Re: Too much traffic Ceyhun, It is not a problem with Postfix. Proceed looking for someone or some process that is forwarding those e-mails to your postfix server. Your postfix server is just receiving them from internal clients and putting them into the queue to send it out. Bye, --- Fernando Maciel Souto Maior On Tue, Apr 2, 2013 at 6:06 PM, Ceyhun Ganioglu <ceyhunganio...@gmail.com> wrote: Hi Fernando, Thanks for your reply. The problem is it is not a single mail sending problem. There were 756 email to be sent to za...@likya.com on the queue. I cleaned the queue. Then the emails appeared again. Something in my email server or maybe a content management system on my web server side has a vulnerability. I just need to make sure it is not from the Postfix side. Once I do this, I'll check the web sites on my server. Thanks for your help. Ceyhun From: Fernando Maior [mailto:fernando.souto.ma...@gmail.com] Sent: Tuesday, April 02, 2013 5:25 PM To: Ceyhun Ganioglu Cc: postfix users Subject: Re: Too much traffic Hi, I am not an specialist in Postfix, just a common admin. Yet, I can see two things from your message: 1. You sure have a DNS resolution problem. No external server should be resolved to 192.168.x.x, that is an internal network. Also, the last two octets (255.255) are almost allways used for broadcasting packets in the network. The IP address for mx1.likya.com should never be 192.168.255.255; 2. Because of the DNS resolution problem, postfix is just trying to connect to 192.168.255.255 to deliver the message to za...@likya.com, but could not, of course. I issued three commands: # dig likya.com ns # dig likya.com mx # host mx1.likya.com The first two seems that likya.com is configured correctly, instead the last command resolved to the IP address 192.168.255.255, that is wrong. So, problem with DNS resolution is with the admins of likya.com, not you. Best thing to do? I would just remove all entries in postfix queue that are for the wrong configured server (likya.com). Probably, someone at likya.com just made a wrong config. May be - in the interests of your users - you should try the likya.com site and look for a way to talk to them and tell them about the problem. Else you should keep an eye on the postfix queue and keep removing any messages for that domain, if they continue to pop. Cheers, --- Fernando Maciel Souto Maior On Mon, Apr 1, 2013 at 3:25 AM, Ceyhun Ganioglu <ceyhunganio...@gmail.com> wrote: Hi everybody, I was using Postfix without any problems but last two months time the traffic usage of the server is increased too much. When I checked the mail queue I see emails for an account za...@likya.com which does not exist on my server. Below is an example how the mail queue looks like. I checked for open relay both manually and some online sites. There's no open relay. Is this a kind of spam method? If yes, does anyone give me an idea how to fix it. Kindest Regards Ceyhun Email queue: AC5A615038A 635 Mon Apr 1 03:47:47 za...@likya.com (connect to mx1.likya.com[192.168.255.255]: Connection timed out) za...@likya.com A05E7150098 635 Sat Mar 30 13:33:46 za...@likya.com (delivery temporarily suspended: connect to mx1.likya.com[192.168.255.255]: Connection timed out) za...@likya.com ABDC81500CB 641 Sun Mar 31 05:28:05 za...@likya.com (delivery temporarily suspended: connect to mx1.likya.com[192.168.255.255]: Connection timed out) za...@likya.com A333F150086 2786 Sat Mar 30 09:55:01 MAILER-DAEMON (delivery temporarily suspended: connect to mx1.likya.com[192.168.255.255]: Connection timed out) za...@likya.com A594015008E 629 Sat Mar 30 12:03:53 za...@likya.com (delivery temporarily suspended: connect to mx1.likya.com[192.168.255.255]: Connection timed out) za...@likya.com A122F150381 631 Mon Apr 1 00:34:18 za...@likya.com (delivery temporarily suspended: connect to mx1.likya.com[192.168.255.255]: Connection timed out) za...@likya.com
