Hi Robin,I once wrote a simple script that monitors network dump for outbound connections and coordinates them with responsible process (with command line) or HTTP access (with host and url) info. Maybe you will find it useful.
(Should be very much FreeBSD-dependent).
Best wishes Eugene-----Original Message----- From: Robin Rowe
Sent: Thursday, March 12, 2015 7:13 AM To: postfix-us...@cloud9.net Subject: Tracking down www-data email sender Wondering how to track down some emails being sent from WordPress. I have mail.log entries that show www-data, that is, WordPress, is trying to send emails from an invalid subdomain. The machine did have this subdomain at some point, by the way. I turned on phpmail.log, but it doesn't give any clues beyond pointing to wp-includes/class-phpmailer.php. Looking at the mail.log of the last www-data send, it says gmail has shut the recipient's email address off because they're being hammered. The log also shows there are 5 sends in the same second for job 12446, like below. Mar 9 02:21:04 goshtv postfix/qmgr[12446]: DCAF8461572: from=<www-d...@p2450473.pubip.goshtv.com>, size=683, nrcpt=1 (queue active) Why Postfix trying to send the same message five times in a row? Suggestions? How do I track it down? Thanks! Robin -- from mail.log... Mar 9 03:21:38 goshtv postfix/qmgr[12446]: E9E67460AE6: from=<ro...@screenplaylab.com>, size=1768, nrcpt=1 (queue active) Mar 9 03:21:38 goshtv postfix/qmgr[12446]: 366EF4610B9: from=<www-d...@p2450473.pubip.goshtv.com>, size=698, nrcpt=1 (queue active) Mar 9 03:21:38 goshtv postfix/smtp[20211]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400d:c0a::1b]:25: Network is unreachable Mar 9 03:21:38 goshtv postfix/smtp[20211]: 366EF4610B9: host gmail-smtp-in.l.google.com[173.194.208.26] said: 450-4.2.1 The user you are trying to contact is receiving mail at a rate that 450-4.2.1 prevents additional messages from being delivered. Please resend your 450-4.2.1 message at a later time. If the user is able to receive mail at that 450-4.2.1 time, your message will be delivered. For more information, please 450-4.2.1 visit 450 4.2.1 http://support.google.com/mail/bin/answer.py?answer=6592 f35si2786537qki.85 - gsmtp (in reply to RCPT TO command)
TrafWatch.pl
Description: Binary data
