Andrea Cappelli: > Hello everybody, > from 2 days I had a strange bahaviour in one one Postfix installation > > I had thousand of mails in maildrop queue, and I can't figure who > generates it > > In the /var/log/mail.log I see a couple of line repeating > > Sep 17 14:13:04 helicon postfix/pickup[26802]: F4048C8CD1: uid=4100 > from=<$user> ... > where $user is the linux user with uid 4100 (it's one of the sysadmins)
This mail was submitted with the Postfix sendmail command by a local process that was executing as the named user with uid=4100. > Sep 17 14:13:05 helicon postfix/qmgr[19330]: F4048C8CD1: > from=<$user@$hostname>, size=317011, nrcpt=1 (queue active) > Sep 17 14:13:10 helicon postfix/smtp[26858]: F4048C8CD1: > to=<qqqqq...@qqqqqqqq.fsnet.co.uk>, > relay=mail-in.freeserve.com[193.252.22.141]:25, delay=5.2, > delays=0.05/0.03/5.1/0, dsn=4.0.0, status=deferred (host > mail-in.freeserve.com[193.252.22.141] refused to talk to me: 421 > mwinf5c34 ME Trop de connexions, veuillez verifier votre configuration. > Too many connections, slow down. OUK004_104 [104]) > > The remote server stop to talk to me because I sent too many mail, and > it's ok, what I can't figure out is from where these mail originates. In > the man pages I read that pickup get mail from maildrop queue, but how I > can understand which process put mail in maildrop? You can stop this with: # postconf -e 'authorized_submit_users = !username, static:all' Then, you can use "ps" to find out what processes are running with the privileges of that user. This may be a bad web application. Wietse