pon., 26 lis 2018 o 07:37 Poliman - Serwis <ser...@poliman.pl> napisał(a):
> > > pt., 23 lis 2018 o 22:16 Matus UHLAR - fantomas <uh...@fantomas.sk> > napisał(a): > >> On 23.11.18 17:33, Poliman - Serwis wrote: >> >I have a lot of line like below in log file: >> >2FEBF13C3F4 16366 Thu Nov 22 12:28:36 MAILER-DAEMON >> >(host in.hes.trendmicro.eu[52.58.62.239] said: 450 4.7.1 : Recipient >> >address rejected: Ratelimit (in reply to RCPT TO command)) >> >www-d...@allegro.pl >> >> you are sending too much mail to www-d...@allegro.pl and they refuse it. >> >> It's send from MAILER-DAEMON which means someone send mail from >> www-d...@allegro.pl >> to you. search for such mail. >> >> -- >> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ >> Warning: I wish NOT to receive e-mail advertising to this address. >> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. >> I drive way too fast to worry about cholesterol. >> > Thank you for answer but I honestly don't fully understand it. Does it > mean that MAILER-DAEMON sends too much mails to www-d...@allegro.pl and > someone (automatically?) sends to me mails with 450 4.7.1 reject status > from www-d...@allegro.pl? Could you tell me what should I check to stop > this sending? It's a mess. ;) > > PS > Mailer-daemon is related with default on the server root@server_hostname > "mail account"? > I have in mail.log only these lines, they appear repeatedly: > Nov 26 07:19:00 s1 postgrey[2030]: action=pass, reason=triplet found, > client_name=smtpfarm15.allegro.pl, client_address=194.0.251.103, sender= > www-d...@allegro.pl, recipient=alle...@bama24.pl > Nov 26 07:19:00 s1 postfix/qmgr[2371]: B5B7C13C3C2: from=< > www-d...@allegro.pl>, size=13135, nrcpt=1 (queue active) > Nov 26 07:19:01 s1 postfix/qmgr[2371]: 9560013C413: from=< > www-d...@allegro.pl>, size=13676, nrcpt=1 (queue active) > Nov 26 07:19:01 s1 amavis[21828]: (21828-11) Passed CLEAN > {RelayedInbound}, [194.0.251.103]:40984 [194.0.251.103] < > www-d...@allegro.pl> -> <alle...@bama24.pl>, Queue-ID: B5B7C13C3C2, > Message-ID: <20181126060358.ba7199c1...@allegro.pl>, mail_id: > dxv-J2c3n1u9, Hits: 0.718, size: 13121, queued_as: 9560013C413, > dkim_sd=dkim1024:allegro.pl, 775 ms > Nov 26 07:19:01 s1 postfix/pickup[19325]: A0ABC13CFC6: uid=5000 from=< > www-d...@allegro.pl> > Nov 26 07:19:01 s1 postfix/qmgr[2371]: A0ABC13CFC6: from=< > www-d...@allegro.pl>, size=13910, nrcpt=1 (queue active) > Nov 26 07:19:01 s1 postfix/qmgr[2371]: E25BA13C3C2: from=< > www-d...@allegro.pl>, size=14251, nrcpt=1 (queue active) > Nov 26 07:19:01 s1 amavis[20844]: (20844-15) Passed CLEAN > {RelayedOutbound}, LOCAL [127.0.0.1] [194.0.251.103] <www-d...@allegro.pl> > -> <baco...@interial.pl>, Message-ID: < > 20181126060358.ba7199c1...@allegro.pl>, mail_id: PrFsIhxDwQ_3, Hits: > 0.719, size: 13896, queued_as: E25BA13C3C2, dkim_sd=dkim1024:allegro.pl, > 281 ms > Nov 26 07:19:03 s1 postfix/smtp[24219]: 260C013CFC6: host > in.hes.trendmicro.eu[52.28.255.96] said: 450 4.7.1 <www-d...@allegro.pl>: > Recipient address rejected: Ratelimit (in reply to RCPT TO command) > Nov 26 07:19:03 s1 postfix/smtp[24219]: 260C013CFC6: to=< > www-d...@allegro.pl>, relay=in.hes.trendmicro.eu[52.58.62.239]:25, > delay=0.49, delays=0.01/0/0.44/0.03, dsn=4.7.1, status=deferred (host > in.hes.trendmicro.eu[52.58.62.239] said: 450 4.7.1 <www-d...@allegro.pl>: > Recipient address rejected: Ratelimit (in reply to RCPT TO command)) > Nov 26 07:23:42 s1 postfix/smtp[30244]: 5134B13C56C: host > in.hes.trendmicro.eu[52.28.255.96] said: 450 4.7.1 <www-d...@allegro.pl>: > Recipient address rejected: Ratelimit (in reply to RCPT TO command) > Nov 26 07:23:42 s1 postfix/smtp[30247]: D412713D4F7: host > in.hes.trendmicro.eu[52.58.62.239] said: 450 4.7.1 <www-d...@allegro.pl>: > Recipient address rejected: Ratelimit (in reply to RCPT TO command) > Nov 26 07:23:42 s1 postfix/smtp[30245]: 8238913D001: host > in.hes.trendmicro.eu[52.29.207.245] said: 450 4.7.1 <www-d...@allegro.pl>: > Recipient address rejected: Ratelimit (in reply to RCPT TO command) > Nov 26 07:23:42 s1 postfix/smtp[30248]: 001B213E8A9: host > in.hes.trendmicro.eu[52.29.207.245] said: 450 4.7.1 <www-d...@allegro.pl>: > Recipient address rejected: Ratelimit (in reply to RCPT TO command) > Nov 26 07:23:43 s1 postfix/smtp[30246]: 1766113E056: host > in.hes.trendmicro.eu[52.58.62.239] said: 450 4.7.1 <www-d...@allegro.pl>: > Recipient address rejected: Ratelimit (in reply to RCPT TO command) > Nov 26 07:23:43 s1 postfix/smtp[30244]: 5134B13C56C: to=< > www-d...@allegro.pl>, relay=in.hes.trendmicro.eu[52.29.207.245]:25, > delay=34077, delays=34076/0.05/0.53/0.03, dsn=4.7.1, status=deferred (host > in.hes.trendmicro.eu[52.29.207.245] said: 450 4.7.1 <www-d...@allegro.pl>: > Recipient address rejected: Ratelimit (in reply to RCPT TO command)) > > > -- > > *Pozdrawiam / Best Regards* > *Piotr Bracha* > I have found some useful commands: mailq postcat -q <ID> Using second one I examined one of suspicious messages and what I got: www-d...@allegro.pl sends email with information about some payment and this mail is probably redirected or something to another mailbox. Redirection to private mailbox set by user on my server. But - probably - there is some missing or wrong letter in mailbox name so all bounced emails stuck in queue with error: Diagnostic-Code: smtp; 511 sorry, no mailbox here by that name / skrzynka pocztowa odbiorcy nie istnieje (#5.1.1 - vuser) And these origins from my server, from mailer daemon. I am not 100% sure I understood properly whole log about specific message but if you would like to help I can paste headers. -- *Pozdrawiam / Best Regards* *Piotr Bracha*
