Date: Mon, 21 Jan 2019 11:04:54 -0800 From: Patrick Mahan <plmahan@gmail.com> To: Valeri Galtsev <galtsev@kicp.uchicago.edu> Cc: User Questions <freebsd-questions@freebsd.org> Subject: Re: Trying to understand some email issues Message-ID: <CAFDHx1%2B4gHE%2BGuuNfooE1PJWdK65UfnairD2L_2B7rwhgLV4=g@mail.gmail.com> In-Reply-To: <ee13fc68-3214-927f-274f-4b95544af061@kicp.uchicago.edu> References: <CAFDHx1JFWH8FAJ3nbvZC3m6CCpbjCqrG01PYNMOHJSKo2HnWWQ@mail.gmail.com> <ee13fc68-3214-927f-274f-4b95544af061@kicp.uchicago.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Valeri, It does not seem compromised. I have no unexpected processes running. I'm getting subscribe to the postfix mailing list and will seek help there. The Yahoo URL only was singularly unhelpful, only stating that I might be sending spam. Which is when I decided to seek help. Thanks, Patrick On Mon, Jan 21, 2019 at 6:33 AM Valeri Galtsev <galtsev@kicp.uchicago.edu> wrote: > > > On 1/21/19 12:33 AM, Patrick Mahan wrote: > > All, > > > > FreeBSD 11.2 > > > > Running postfix 3.3.2_1,1 > > > > I'm getting hammered with thousands of emails from yahoo.com - > > > > Here is an example - > > > > Jan 20 22:09:01 ns postfix/smtp[1308]: 2DA97A2E2EF: to=<pwascak@aol.com > >, > > relay=mx-aol.mail.gm0.yahoodns.net[98.137.157.43]:25, delay=13730, > > delays=13728/0.31/1.1/0.06, dsn=4.7.0, status=deferred (host > > mx-aol.mail.gm0.yahoodns.net[98.137.157.43] said: 421 4.7.0 [TSS04] > > Messages from 23.24.207.145 temporarily deferred due to user complaints - > > 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in > reply > > to MAIL FROM command)) > > > > I'm trying to determine if I am somehow relaying emails to yahoo.com, > or is > > this someone attacking me. > > > > I am pretty sure I have postfix to avoid acting like a relay for > > unauthenticated connections. But this maybe something I have messed up. > > This has been happening only since I upgraded to 11.2 (I was at 9.x). I > > also just recently switch from sendmail to postfix as well. > > > > I can provide my postfix config on request if needed. > > > > Pointers to other mail-lists are welcomed. I decided to start here > before > > jumping on the postfix mailing list. > > Do you users have shell access to your mail server? If yes, then I would > check if nothing happens from one of user accounts (stolen password, bad > guys got shell as that user). They can set process that loads addresses > from remote place and sends spam message to them all. Most often they > would do it through your postfix locally. Then postfix queue will be big > time to time. And you will see this in maillog. In less likely scenario > (of it really originating from you) when scrips sends directly itself > you may increase verbosity of firewall log. One more thing to check is > that there are no unexplained processes on the machine. > > If the machine is simultaneously a web server, that would be next > suspect. They may be some form that sends email to address provided by > web visitor. But this will be one of the possibilities which most likely > will be visible in your mail logs. > > After you investigated all on your side (or maybe even before that), do > as Odhiambo suggested: go to yahoo URL provided and read what they say > there. > > Good luck. > > Valeri > > > > > Thanks in advance, > > > > Patrick > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > > > > -- > ++++++++++++++++++++++++++++++++++++++++ > Valeri Galtsev > Sr System Administrator > Department of Astronomy and Astrophysics > Kavli Institute for Cosmological Physics > University of Chicago > Phone: 773-702-4247 > ++++++++++++++++++++++++++++++++++++++++ > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFDHx1%2B4gHE%2BGuuNfooE1PJWdK65UfnairD2L_2B7rwhgLV4=g>