From owner-freebsd-questions@freebsd.org Mon Jan 21 16:44:36 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3B45914AF1A4 for ; Mon, 21 Jan 2019 16:44:36 +0000 (UTC) (envelope-from kurt.buff@gmail.com) Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com [IPv6:2607:f8b0:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 252136ADE0 for ; Mon, 21 Jan 2019 16:44:35 +0000 (UTC) (envelope-from kurt.buff@gmail.com) Received: by mail-oi1-x22d.google.com with SMTP id c206so15075110oib.0 for ; Mon, 21 Jan 2019 08:44:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=p4KPS2QWTsqgm8Pfrht9qNgCIR3zLxOUv/xAKv9jrmc=; b=f/TVecoenkSFXjE4P3lo8mOATIDzv7UfckPGfeAV1RiaaqnmCzGPOzDGTJXdc8Xh65 kZQb2ZFcfP+UJv/2xsR9H/33Gy0V8WtO72iFWMIgUkMXGVBQxI9RBSmS9UWiuhkGp/M+ FPmozH6mp7lXddaEeY/6+aIzrre1Ph1CB0PpGNJKd8KXU8Lqqb6Z+dp9bZ7SJVYl9fPj D16yt4KNqqKy0CUvAuBfByVEQF5xAd+r4lRtehDER4W/AXjiUqkLQ1WELkxeNmzLf6gu qqnNssivSEzeQbWSu0qvDOXFjvmSyt+7tqW3HLT1oK8PoiWlpmSV7qlTZhWIvzXez9Wq slGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=p4KPS2QWTsqgm8Pfrht9qNgCIR3zLxOUv/xAKv9jrmc=; b=gqHlad6nCq6PSMXdoWvc6p2CarPSsuXDxxGFeZPOTtIpRAHLxN5sT32PkkNHXQYOGO UXnUubjKDd7ZgxqVQ3v5+oNUaB7DntCwN5RdUhKxSChwdfBMuQr4B6Pa0QCsC+xgxc3H FD9AdUHeeESrvZ6ROz4sZ5z7TGaVS3mIIykk6BtXB+MAd4OtCdJlt7sEXJxPD1tgMO1Q BKy2QBgHRRptXP1fv8S3rIDPf5Ng2oQJFI2VUpOS9mqYEeKnTZZino4/zNU8Xz8FJD7m +r7olocHeEOZhGxRjWSrtrGbfkQ28WFkyOYoTJXvtduav5DHRyvY3nRyDC/8UOCs/w1k hyVA== X-Gm-Message-State: AJcUukc0gMkcB3bVU6MrlZkC3bGTeO6kXmwuFk4jcuEOJlBXXJg8YDA/ fhAzSDrQ8jYM4rvDvetBLg4OTZddgWTbzdT5rFhYkg== X-Google-Smtp-Source: ALg8bN5vv7ELo2LwUI8U4AHxteO4IA9vHl3OfuDeiM2ydLuWvXvBa952iKpHDsyDOv1FXJWIy5oSttOZvdLMFHlYd40= X-Received: by 2002:aca:5bc3:: with SMTP id p186mr5925175oib.130.1548089074047; Mon, 21 Jan 2019 08:44:34 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: "Kurt Buff - GSEC, GCIH" Date: Mon, 21 Jan 2019 08:44:22 -0800 Message-ID: Subject: Re: Trying to understand some email issues To: "freebsd-questions@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 252136ADE0 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=f/TVecoe; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of kurtbuff@gmail.com designates 2607:f8b0:4864:20::22d as permitted sender) smtp.mailfrom=kurtbuff@gmail.com X-Spamd-Result: default: False [-6.57 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; NEURAL_HAM_SHORT(-0.90)[-0.904,0]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-2.66)[ip: (-8.93), ipnet: 2607:f8b0::/32(-2.41), asn: 15169(-1.86), country: US(-0.08)]; RCVD_IN_DNSWL_NONE(0.00)[d.2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; TO_DN_EQ_ADDR_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jan 2019 16:44:36 -0000 On Sun, Jan 20, 2019 at 10:34 PM Patrick Mahan wrote: > > All, > > FreeBSD 11.2 > > Running postfix 3.3.2_1,1 > > I'm getting hammered with thousands of emails from yahoo.com - > > Here is an example - > > Jan 20 22:09:01 ns postfix/smtp[1308]: 2DA97A2E2EF: to=, > relay=mx-aol.mail.gm0.yahoodns.net[98.137.157.43]:25, delay=13730, > delays=13728/0.31/1.1/0.06, dsn=4.7.0, status=deferred (host > mx-aol.mail.gm0.yahoodns.net[98.137.157.43] said: 421 4.7.0 [TSS04] > Messages from 23.24.207.145 temporarily deferred due to user complaints - > 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply > to MAIL FROM command)) > > I'm trying to determine if I am somehow relaying emails to yahoo.com, or is > this someone attacking me. > > I am pretty sure I have postfix to avoid acting like a relay for > unauthenticated connections. But this maybe something I have messed up. > This has been happening only since I upgraded to 11.2 (I was at 9.x). I > also just recently switch from sendmail to postfix as well. > > I can provide my postfix config on request if needed. > > Pointers to other mail-lists are welcomed. I decided to start here before > jumping on the postfix mailing list. > > Thanks in advance, > > Patrick I'd suggest, as a first measure, going to https://mxtoolbox.com, and looking at their reports for your domain name and your IP address. Understanding your config and your logs is good, but a quick review of how others see your domain can point you in the right direction if there's an error in your config. For instance, you might have inadvertently made your host an open relay, and mxtoolbox will understand that. (that just an example - it actually seems unlikely, as otherwise you'd be getting bounces from more than just yahoo) Kurt