On Sun, 24 Aug 2003 14:00:08 -0700, Robin Lynn Frank wrote > On Sunday 24 August 2003 01:04 pm, Mike Vanecek wrote: > > [EMAIL PROTECTED] postfix]# grep reject /var/log/maillog > > Aug 24 04:37:31 www postfix/smtpd[2917]: EC710E0541: reject: RCPT from > > unknown[195.18.71.121]: 450 Client host rejected: cannot find your > > hostname, [195.18.71.121]; > > from=<[EMAIL PROTECTED]> to=<me> proto=ESMTP > > helo=<mail.readershouse.nl> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Do you think that has something to do with the problem? I checked > our logs and nothing from sourceforge.net produces anything similar. > > So I have to ask a dumb question and ask why is your mail coming > from a host other than lists.sourceforge.net?????
Good question. Normally, it does not. Note that I have one being rejected from the unknown host and another being accepted from the list. Aug 24 01:50:51 www postfix/smtpd[24091]: connect from unknown[195.18.71.121] Aug 24 01:50:51 www postfix/smtpd[24091]: 901D7E0541: client=unknown[195.18.71.121] Aug 24 01:50:56 www postfix/smtpd[24091]: 901D7E0541: reject: RCPT from unknown[195.18.71.121]: 450 Client host rejected: cannot find your hostname, [195.18.71.121]; from=<[EMAIL PROTECTED]> to=<me> proto=ESMTP helo=<mail.readershouse.nl> Aug 24 01:50:59 www postfix/smtpd[24091]: disconnect from unknown[195.18.71.121] Aug 24 01:54:04 www postfix/smtpd[24095]: connect from lists.sourceforge.net[66.35.250.206] Aug 24 01:54:04 www postfix/smtpd[24095]: 40293E0541: client=lists.sourceforge.net[66.35.250.206] Aug 24 01:54:13 www postfix/cleanup[24096]: 40293E0541: message-id=<[EMAIL PROTECTED]> Aug 24 01:54:13 www postfix/nqmgr[2286]: 40293E0541: from=<[EMAIL PROTECTED]>, size=5876, nrcpt=1 (queue active) Aug 24 01:54:13 www postfix/smtpd[24095]: disconnect from lists.sourceforge.net[66.35.250.206] My first thought was that it was the monthly subscription check. Evidently, that thought was wrong. Possibly the attempt is from a spammer with forged information? The "to=<me>" address is unique to this list. That means that whomever is sending the message got my address from this list or the list server. I am now getting three rejects at around the same time. I suspect that means the spammer has sent me additional copies of the spam. I think I will add a drop in my iptables on that ip address and save postfix from having to be concerned with the problem. ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
