Thanks for the responses, and right on point, RDNS from my host has
been failing here and there the last 2 days, they tell me they are
fixing it, the ptr records exist but seem to be timing out at times,
so good to see that's one of the problems as it should be fixed soon.

cleers.dustypex.com. is not my host name, I just keep seeing the
warning from postfix saying it doesn't match the ip, which sorry I X'd
it out, thought it wasn't needed, it is: 23.231.27.148

About the bot, yes that is something I was concerned about, I was
getting a ton of failed ssh log in attempts, so I ip restricted ssh to
only my work and home ip, and imap failed log ins, I restricted port
143 too, but for smtp I can't restrict that with iptables. I added the
line you suggested, this is my setting:


smtpd_recipient_restrictions = permit_sasl_authenticated
permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining

So does it seem the errors are coming from these bots and not my own
internal mail (if possible to tell)?

And I'm not seeing any delivery codes, like 250 etc from any of that
cleers.dustypex.com connections, so maybe they aren't succeeding in
actually sending the mail out? From the logs it looks like they are
trying to relay but its not going out.

On Tue, Jun 3, 2014 at 3:45 PM, Wietse Venema <wie...@porcupine.org> wrote:
> Paul C:
>> Jun  3 14:22:41 PHX1-1831 postfix/smtpd[2092]: warning: hostname
>> cleers.dustypex.com does not resolve to address xx.xx.xx.xx: Temporary
>> failure in name resolution
>> Jun  3 14:22:41 PHX1-1831 postfix/smtpd[2092]: connect from 
>> unknown[xx.xx.xx.xx]
>
> The client IP address has no PTR record, or the PTR record name
> does not resolve to the client IP address. Postfix therefore logs
> the client as "unknown" instead of cleers.dustypex.com.
>
>> Jun  3 14:22:41 PHX1-1831 postfix/smtpd[2092]: improper command
>> pipelining after EHLO from unknown[xx.xx.xx.xx]: HELO
>> hostname.domain.net.net\r\n
>
> The client sends
>
>     EHLO some-host-name<CR><LF>HELO hostname.domain.net.net<CR><LF>
>
> This violates SMTP, and Postfix logs this. You can block mail from
> such clients by using reject_unauth_pipelining in smtpd_*_restrictions.
>
>> First is probably someone trying to relay to my server, the
>> cleers.dustypex.com hostname is not one of mine, but the ip I X'd out
>> is mine, so my guess is they try to connect on that ip and send mail,
>> and postfix is stopping it? I've gotten maybe 1000 of them in the last
>> 2-3 days.
>
> You have a bot on your network, and you need to clean up that
> machine. Unless Postfix is configured to block this, it will
> forward their mail.
>
>         Wietse

Reply via email to