From owner-freebsd-questions@freebsd.org Mon Jan 21 18:40:34 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BC72014B2F13 for ; Mon, 21 Jan 2019 18:40:33 +0000 (UTC) (envelope-from plmahan@gmail.com) Received: from mail-vs1-xe35.google.com (mail-vs1-xe35.google.com [IPv6:2607:f8b0:4864:20::e35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CD57870845 for ; Mon, 21 Jan 2019 18:40:32 +0000 (UTC) (envelope-from plmahan@gmail.com) Received: by mail-vs1-xe35.google.com with SMTP id x64so13179349vsa.5 for ; Mon, 21 Jan 2019 10:40:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HtxlGVU4G7kZGuJEsa87xPbM+HblyFR+/5BzpKFVoM4=; b=oa85rUG+whJ+Rgab2VJxjclj58O6U4lmKnCHDqw+lU+XLiIN0B7ydhfYY5cm30Ub6b OvHa5MTSTV4leADi5Ngnhisiy1UsqSS+boHCMzDzKXQ4etqYVaLp31S+im0KnzW/FwTb B/tMr6oJexzP7ArK29Nb8PQQpRHC0/wH/apc/VlM0t5b/IbLknc8NEfJG6LCT1O8qWlV ycvyBMB8Vh64M1JfBU+Gqer7lU+jm5ImmZSSj6xIwGTz7GcU0K39tzGZoXGO8v5wEW0v 9yagrQJvay4lTtu8Vyr+qRNVyKt7x9GzXXPlFbeMiRvcxl5LK0WOxX5Q/xxzeE3AYgwn POgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HtxlGVU4G7kZGuJEsa87xPbM+HblyFR+/5BzpKFVoM4=; b=Z4ztO4M11qw0hDgol1QmffPjT5246Ck0r2BLiel8xhmLGNu18OrUPiYPUHD3kTuvoB lH/SqB6z2ttXa4xPGL4RAn/EzpvSGoTjT1WP+T/f/8ykgMKhWdAMT2keNMXMUbcFy/2y huwIfiO3TqCqgpSG5M6J8YKIZFMkIkqVnhHbLOuK8XCSgKwZYZR7Snn8MemPJgXOye80 R4UBvcaGXd/N65fsrwNX3vIDgrObjAmkhYOtmDshkDi6rm21Wu4B+WiiAukl1BrwwR/K DUFCL0tCLqggcV3t4DjZspSD4ieGHsO5RTht8w6UfZl6TLgQkf6aGDPSzpsP4ewgj1fW vrzA== X-Gm-Message-State: AJcUukfvmhUNPXCRYpCq4qKluxQXQdNtdwSsDjmKPJc5++8Zyevhpqwx delDKLhlQY6juYffU1Qvw9VdWlSbXaNxDLQvXis5iUNU X-Google-Smtp-Source: ALg8bN6qawzkONJwfp+mHoX8j3Gg6hUH/DHcAfTzqC9ObZnRZnaKxYqSgmVNGhC9zWz1uncShsrVQFXX/P5T3ziumps= X-Received: by 2002:a67:3d54:: with SMTP id k81mr12664098vsa.57.1548096032150; Mon, 21 Jan 2019 10:40:32 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Patrick Mahan Date: Mon, 21 Jan 2019 10:40:21 -0800 Message-ID: Subject: Re: Trying to understand some email issues To: "Kurt Buff - GSEC, GCIH" Cc: "freebsd-questions@freebsd.org" X-Rspamd-Queue-Id: CD57870845 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=oa85rUG+; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of plmahan@gmail.com designates 2607:f8b0:4864:20::e35 as permitted sender) smtp.mailfrom=plmahan@gmail.com X-Spamd-Result: default: False [-6.83 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_SHORT(-0.99)[-0.992,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[5.3.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(-2.83)[ip: (-9.78), ipnet: 2607:f8b0::/32(-2.41), asn: 15169(-1.86), country: US(-0.08)]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jan 2019 18:40:34 -0000 Thanks, mxtoolbox shows that I am on 13 out of 95 blacklists, so it seems I was sending out spam. Patrick On Mon, Jan 21, 2019 at 8:47 AM Kurt Buff - GSEC, GCIH wrote: > On Sun, Jan 20, 2019 at 10:34 PM Patrick Mahan wrote: > > > > All, > > > > FreeBSD 11.2 > > > > Running postfix 3.3.2_1,1 > > > > I'm getting hammered with thousands of emails from yahoo.com - > > > > Here is an example - > > > > Jan 20 22:09:01 ns postfix/smtp[1308]: 2DA97A2E2EF: to= >, > > relay=mx-aol.mail.gm0.yahoodns.net[98.137.157.43]:25, delay=13730, > > delays=13728/0.31/1.1/0.06, dsn=4.7.0, status=deferred (host > > mx-aol.mail.gm0.yahoodns.net[98.137.157.43] said: 421 4.7.0 [TSS04] > > Messages from 23.24.207.145 temporarily deferred due to user complaints - > > 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in > reply > > to MAIL FROM command)) > > > > I'm trying to determine if I am somehow relaying emails to yahoo.com, > or is > > this someone attacking me. > > > > I am pretty sure I have postfix to avoid acting like a relay for > > unauthenticated connections. But this maybe something I have messed up. > > This has been happening only since I upgraded to 11.2 (I was at 9.x). I > > also just recently switch from sendmail to postfix as well. > > > > I can provide my postfix config on request if needed. > > > > Pointers to other mail-lists are welcomed. I decided to start here > before > > jumping on the postfix mailing list. > > > > Thanks in advance, > > > > Patrick > > I'd suggest, as a first measure, going to https://mxtoolbox.com, and > looking at their reports for your domain name and your IP address. > > Understanding your config and your logs is good, but a quick review of > how others see your domain can point you in the right direction if > there's an error in your config. > > For instance, you might have inadvertently made your host an open > relay, and mxtoolbox will understand that. (that just an example - it > actually seems unlikely, as otherwise you'd be getting bounces from > more than just yahoo) > > Kurt > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >