From owner-freebsd-questions@freebsd.org Tue Jan 22 03:25:48 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C874214AA2AA for ; Tue, 22 Jan 2019 03:25:47 +0000 (UTC) (envelope-from plmahan@gmail.com) Received: from mail-vs1-xe2b.google.com (mail-vs1-xe2b.google.com [IPv6:2607:f8b0:4864:20::e2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7CDF86E2F7 for ; Tue, 22 Jan 2019 03:25:46 +0000 (UTC) (envelope-from plmahan@gmail.com) Received: by mail-vs1-xe2b.google.com with SMTP id e7so13882557vsc.2 for ; Mon, 21 Jan 2019 19:25:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0wLQdoQM6fzg6Cl18vv9HMo9vjzxTCZtea9iZ9rYAHA=; b=YW4Qb2b8CcqZsvQA8XSwLL4pcRFhJ4p9BN1RcWY17RfhIylqCfiNfJKGYBPPg7qIKd KJsAEux37XmCLCbpurrXx+p1IoutZ2YleGkwwzE7A3L/YkQ3iZDBLWzaNDPY5BUdWqSQ zVYPXWCFsuCTV0NzFRZ85WTqk3vv12w7XPrjFJ7Urpt9BuXbsx1fLvhmX63NGvTC1q3x t4PzhqUBUlYbE0LzCsuBTXz3u2XG/Vb/MQ0M79KZFKOaoA5QC6zSACkTepOa7SLAyQjG k3vKfkdw/737H9HNseURilHbus7vvAd355kNFluvjiuGptmA3iBVeUN1Nk33UeTCaL8P WLxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0wLQdoQM6fzg6Cl18vv9HMo9vjzxTCZtea9iZ9rYAHA=; b=QHtikHkbzcN5c61iNhHi50HxLJnbnLeUtolgGqkoSbIMMyxqSsG/vYxCWo34V6x62m y3ZVPj8lvfYYhs+yczfKoiQDnGJBt4cnOFPdPzUCcmUEdwMUTHtEIVuKMB0ZNhmFqxtX ZOV+EafZkWOcD2IANPEUeP3cBV7oHRKkSRe17PqpoiBB6mSvwRjFOHgnAlXIA20g49Xx 67Ik0yYHGwniBzWQqpIW7pkl3ep6OtDtTOuSOIKrt4fdruGNMiV0P8OQ/rDpk7eOcvm8 r2+33qLyKUJuFnfmL8uR0A5FlY99EHjTjVWQUqHO5v3faE32Li+KUaEQ8GTFcIBpOhty rPMw== X-Gm-Message-State: AJcUukftdUREPjelTWzV3/6W6gaF6/F/V1aQnSqYWdl4gBnZUIW2vEFB 8puX2O8V4lZSBYuqyRwSM6n7fiLrXeg3LjPo83w= X-Google-Smtp-Source: ALg8bN7LJHUok2z+UYOc9oicROA9TiA/sLmYy5w+y5PQh+neVADOz5YHbq+yjufbnAD+4y2t20aaLlNskmvNQ9a0jjs= X-Received: by 2002:a67:c86:: with SMTP id 128mr14088202vsm.221.1548127545744; Mon, 21 Jan 2019 19:25:45 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Patrick Mahan Date: Mon, 21 Jan 2019 19:25:34 -0800 Message-ID: Subject: Re: Trying to understand some email issues To: Noel Cc: User Questions X-Rspamd-Queue-Id: 7CDF86E2F7 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=YW4Qb2b8; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of plmahan@gmail.com designates 2607:f8b0:4864:20::e2b as permitted sender) smtp.mailfrom=plmahan@gmail.com X-Spamd-Result: default: False [-6.55 / 15.00]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_SHORT(-0.74)[-0.745,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[b.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(-2.79)[ip: (-9.59), ipnet: 2607:f8b0::/32(-2.43), asn: 15169(-1.87), country: US(-0.08)]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jan 2019 03:25:48 -0000 Problem solved, some how I had allow some spams through sometime yesterday morning which was when I was initially configuring postfix. So I must of allowed it through. postqueue -p showed a number of deferred messages. postcat -vq showed that they had come through around 4:30 pm PST yesterday. There were about 6 messages in the queue. I used 'postsuper -d' to remove them and those messages have gone away. I have not seen any new messages of that type. My maillog shows multiple drops of unverified users attempting to relay through. So my next goal is to get my site off of some of those blacklists. Thanks, Patrick Thanks for the help On Mon, Jan 21, 2019 at 1:33 PM Noel wrote: > The log messages show you are *sending* mail, not receiving. > > Jan 20 22:09:01 ns postfix/smtp[1308]: 2DA97A2E2EF: to= , > relay=mx-aol.mail.gm0.yahoodns.net[98.137.157.43]:25, delay=13730, > delays=13728/0.31/1.1/0.06, dsn=4.7.0, status=deferred (host > mx-aol.mail.gm0.yahoodns.net[98.137.157.43] said: 421 4.7.0 [TSS04] > Messages from 23.24.207.145 temporarily deferred due to user complaints - > 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in > > > Search earlier logs for the first mention of the QUEUEID for this > message, 2DA97A2E2EF, to see where this particular mail originated. > > You running a web server on this host? Insecure web forms are often > used to send spam. A new server install might have forms you didn't > have before, or didn't intend to install. > > > > -- Noel Jones > > On 1/21/2019 12:40 PM, Patrick Mahan wrote: > > Thanks, > > > > mxtoolbox shows that I am on 13 out of 95 blacklists, so it seems I was > > sending out spam. > > > > Patrick > > > > On Mon, Jan 21, 2019 at 8:47 AM Kurt Buff - GSEC, GCIH < > kurt.buff@gmail.com> > > wrote: > > > >> On Sun, Jan 20, 2019 at 10:34 PM Patrick Mahan > wrote: > >>> All, > >>> > >>> FreeBSD 11.2 > >>> > >>> Running postfix 3.3.2_1,1 > >>> > >>> I'm getting hammered with thousands of emails from yahoo.com - > >>> > >>> Here is an example - > >>> > >>> Jan 20 22:09:01 ns postfix/smtp[1308]: 2DA97A2E2EF: to=< > pwascak@aol.com > >>> , > >>> relay=mx-aol.mail.gm0.yahoodns.net[98.137.157.43]:25, delay=13730, > >>> delays=13728/0.31/1.1/0.06, dsn=4.7.0, status=deferred (host > >>> mx-aol.mail.gm0.yahoodns.net[98.137.157.43] said: 421 4.7.0 [TSS04] > >>> Messages from 23.24.207.145 temporarily deferred due to user > complaints - > >>> 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in > >> reply > >>> to MAIL FROM command)) > >>> > >>> I'm trying to determine if I am somehow relaying emails to yahoo.com, > >> or is > >>> this someone attacking me. > >>> > >>> I am pretty sure I have postfix to avoid acting like a relay for > >>> unauthenticated connections. But this maybe something I have messed > up. > >>> This has been happening only since I upgraded to 11.2 (I was at 9.x). > I > >>> also just recently switch from sendmail to postfix as well. > >>> > >>> I can provide my postfix config on request if needed. > >>> > >>> Pointers to other mail-lists are welcomed. I decided to start here > >> before > >>> jumping on the postfix mailing list. > >>> > >>> Thanks in advance, > >>> > >>> Patrick > >> I'd suggest, as a first measure, going to https://mxtoolbox.com, and > >> looking at their reports for your domain name and your IP address. > >> > >> Understanding your config and your logs is good, but a quick review of > >> how others see your domain can point you in the right direction if > >> there's an error in your config. > >> > >> For instance, you might have inadvertently made your host an open > >> relay, and mxtoolbox will understand that. (that just an example - it > >> actually seems unlikely, as otherwise you'd be getting bounces from > >> more than just yahoo) > >> > >> Kurt > >> _______________________________________________ > >> freebsd-questions@freebsd.org mailing list > >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions > >> To unsubscribe, send any mail to " > >> freebsd-questions-unsubscribe@freebsd.org" > >> > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >