This is probably more of a freebsd question, but it seems to me that Postfix should be hogging (bound) to the mail ports, so if something is sending email, it has to be using Postfix.
I ā€ˇsuppose modifying IPFW to log all mail port activity is also a good idea. Wouldn't a script need to be in the rc.d to get fired up when I boot? Original Message From: Matthew McGehrin Sent: Saturday, July 2, 2016 7:24 PM To: Postfix users Subject: Re: Spamrl.com RBL problem Hello. I would check your local system to see if you have any rogue perl processes running. These are generally the cause of being blacklisted for a dictionary attack, which implies that a script is running on your local server. Generally, you can spot them by the amount of CPU time, and they try to mask the process id. The end of DATA command is just the sequence at which it was denied. It's standard. -- Matthew li...@lazygranch.com wrote: > <i...@anotherdomain.com>: host smx1.web-hosting.com[209.188.21.38] said: 550 > The > sending IP (my dotted quad) is listed on https://spamrl.com as a source of > dictionary attacks. (in reply to end of DATA command) > ----------------- > > Is the "in reply to end of DATA command" significant? > >
