Date: Mon, 21 Jan 2019 15:31:14 -0600 From: Noel <noeldude@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Trying to understand some email issues Message-ID: <e2224174-7fbc-240c-4ee3-273cdc84bdbb@gmail.com> In-Reply-To: <CAFDHx1J9Mx6gV-yaC4Pgh57SSbtkV1=-m8-qvDVswgG2L0a5ng@mail.gmail.com> References: <CAFDHx1JFWH8FAJ3nbvZC3m6CCpbjCqrG01PYNMOHJSKo2HnWWQ@mail.gmail.com> <CADy1Ce6-yVcMtZmZW6diGu_3WADNqTFsGEcceSvgp8R0d%2B_vfA@mail.gmail.com> <CAFDHx1J9Mx6gV-yaC4Pgh57SSbtkV1=-m8-qvDVswgG2L0a5ng@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The log messages show you are *sending* mail, not receiving. Jan 20 22:09:01 ns postfix/smtp[1308]: 2DA97A2E2EF: to=<pwascak@aol.com , relay=mx-aol.mail.gm0.yahoodns.net[98.137.157.43]:25, delay=13730, delays=13728/0.31/1.1/0.06, dsn=4.7.0, status=deferred (host mx-aol.mail.gm0.yahoodns.net[98.137.157.43] said: 421 4.7.0 [TSS04] Messages from 23.24.207.145 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in Search earlier logs for the first mention of the QUEUEID for this message, 2DA97A2E2EF, to see where this particular mail originated. You running a web server on this host? Insecure web forms are often used to send spam. A new server install might have forms you didn't have before, or didn't intend to install. -- Noel Jones On 1/21/2019 12:40 PM, Patrick Mahan wrote: > Thanks, > > mxtoolbox shows that I am on 13 out of 95 blacklists, so it seems I was > sending out spam. > > Patrick > > On Mon, Jan 21, 2019 at 8:47 AM Kurt Buff - GSEC, GCIH <kurt.buff@gmail.com> > wrote: > >> On Sun, Jan 20, 2019 at 10:34 PM Patrick Mahan <plmahan@gmail.com> wrote: >>> All, >>> >>> FreeBSD 11.2 >>> >>> Running postfix 3.3.2_1,1 >>> >>> I'm getting hammered with thousands of emails from yahoo.com - >>> >>> Here is an example - >>> >>> Jan 20 22:09:01 ns postfix/smtp[1308]: 2DA97A2E2EF: to=<pwascak@aol.com >>> , >>> relay=mx-aol.mail.gm0.yahoodns.net[98.137.157.43]:25, delay=13730, >>> delays=13728/0.31/1.1/0.06, dsn=4.7.0, status=deferred (host >>> mx-aol.mail.gm0.yahoodns.net[98.137.157.43] said: 421 4.7.0 [TSS04] >>> Messages from 23.24.207.145 temporarily deferred due to user complaints - >>> 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in >> reply >>> to MAIL FROM command)) >>> >>> I'm trying to determine if I am somehow relaying emails to yahoo.com, >> or is >>> this someone attacking me. >>> >>> I am pretty sure I have postfix to avoid acting like a relay for >>> unauthenticated connections. But this maybe something I have messed up. >>> This has been happening only since I upgraded to 11.2 (I was at 9.x). I >>> also just recently switch from sendmail to postfix as well. >>> >>> I can provide my postfix config on request if needed. >>> >>> Pointers to other mail-lists are welcomed. I decided to start here >> before >>> jumping on the postfix mailing list. >>> >>> Thanks in advance, >>> >>> Patrick >> I'd suggest, as a first measure, going to https://mxtoolbox.com, and >> looking at their reports for your domain name and your IP address. >> >> Understanding your config and your logs is good, but a quick review of >> how others see your domain can point you in the right direction if >> there's an error in your config. >> >> For instance, you might have inadvertently made your host an open >> relay, and mxtoolbox will understand that. (that just an example - it >> actually seems unlikely, as otherwise you'd be getting bounces from >> more than just yahoo) >> >> Kurt >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e2224174-7fbc-240c-4ee3-273cdc84bdbb>