Loading ...
Sorry, an error occurred while loading the content.

Am I being a relay for spam?

Expand Messages
  • Doug
    I m running postfix on SuSE Linux 10.2. I have set relay_domains = $mynetworks. I am concerned because when I go into Webmin and look at the Mail Queue for
    Message 1 of 7 , Aug 1, 2007
    • 0 Attachment
      I'm running postfix on SuSE Linux 10.2. I have set relay_domains =
      $mynetworks.

      I am concerned because when I go into Webmin and look at the Mail Queue for
      Postfix, I see entries like this:

      merrowydfip@... postmaster@... 20.08 kB connect to
      com.com[216.239.113.101]: Connection timed out

      This could not have come from any of my users. Right now I have 4 messages to
      postmaster@..., and one to root@.... The status on one of them
      is "Connection Timed Out"

      I do get lots of spam, which I have managed to cut in half with postfix and
      spamassassin.

      Doug
    • Brett Dikeman
      ... com.com is the domain used by CNET and company to enable cross-site popups, cookie sharing, and such. Brett
      Message 2 of 7 , Aug 1, 2007
      • 0 Attachment
        On 8/1/07, Doug <doug@...> wrote:

        > This could not have come from any of my users. Right now I have 4 messages to
        > postmaster@..., and one to root@.... The status on one of them
        > is "Connection Timed Out"

        com.com is the domain used by CNET and company to enable cross-site
        popups, cookie sharing, and such.

        Brett
      • Barry Irwin
        ... Hi Doug What these look to possibly be is bounce messages? Although without seeing a full snippet of your mailq and particularly the mail logs its
        Message 3 of 7 , Aug 1, 2007
        • 0 Attachment
          Doug wrote:
          > I'm running postfix on SuSE Linux 10.2. I have set relay_domains =
          > $mynetworks.
          >
          > I am concerned because when I go into Webmin and look at the Mail Queue for
          > Postfix, I see entries like this:
          >
          > merrowydfip@... postmaster@... 20.08 kB connect to
          > com.com[216.239.113.101]: Connection timed out
          >
          > This could not have come from any of my users. Right now I have 4 messages to
          > postmaster@..., and one to root@.... The status on one of them
          > is "Connection Timed Out"
          >
          > I do get lots of spam, which I have managed to cut in half with postfix and
          > spamassassin.
          >
          > Doug

          Hi Doug

          What these look to possibly be is bounce messages? Although without
          seeing a full snippet of your mailq and particularly the mail logs its
          difficult to say.

          If you trace these addresses in your maillogs form which hosts were they
          received ? What is your domain? without all the pieces its a little
          hard for people to assist you. PLease revisit the welcome message you
          got when you joined the list for details on what kind of information to
          provide to aid in debugging.

          Barry
        • Doug
          Well, I didn t want to take up too much time here. My main concern is that I m not being a relay for spam. Here s a grep of /var/logs/mail. customosas.com,
          Message 4 of 7 , Aug 1, 2007
          • 0 Attachment
            Well, I didn't want to take up too much time here. My main concern is that I'm
            not being a relay for spam.

            Here's a grep of /var/logs/mail. customosas.com, mentioned near the end, is
            one of my mail domains, the other being dougnc.com

            Thanks!


            venture:/var/log # grep com.com mail | grep "Aug 1" | more
            Aug 1 01:09:15 venture postfix/smtp[23700]: connect to
            com.com[216.239.122.102]: Connection timed ou
            t (port 25)
            Aug 1 01:09:45 venture postfix/smtp[23700]: connect to
            com.com[216.239.113.101]: Connection timed ou
            t (port 25)
            Aug 1 01:09:45 venture postfix/smtp[23700]: 616B76CBD9:
            to=<postmaster@...>, orig_to=<mail@custo
            mosas.com>, relay=none, delay=60, delays=0.08/0.02/60/0, dsn=4.4.1,
            status=deferred (connect to com.c
            om[216.239.113.101]: Connection timed out)
            Aug 1 01:18:05 venture postfix/qmgr[4402]: A7BFC6C9E9: from=<root@...>,
            size=501, nrcpt=1 (queue
            active)
            Aug 1 01:18:35 venture postfix/smtp[23766]: connect to
            com.com[216.239.113.101]: Connection timed ou
            t (port 25)
            Aug 1 01:18:35 venture postfix/smtp[23765]: connect to
            com.com[216.239.113.101]: Connection timed ou
            t (port 25)
            Aug 1 01:18:35 venture postfix/smtp[23768]: connect to
            com.com[216.239.122.102]: Connection timed ou
            t (port 25)
            Aug 1 01:18:35 venture postfix/smtp[23767]: connect to
            com.com[216.239.113.101]: Connection timed ou
            t (port 25)
            Aug 1 01:19:05 venture postfix/smtp[23766]: connect to
            com.com[216.239.122.102]: Connection timed ou
            t (port 25)
            Aug 1 01:19:05 venture postfix/smtp[23765]: connect to
            com.com[216.239.122.102]: Connection timed ou
            t (port 25)
            Aug 1 01:19:05 venture postfix/smtp[23767]: connect to
            com.com[216.239.122.102]: Connection timed ou
            t (port 25)
            Aug 1 01:19:05 venture postfix/smtp[23768]: connect to
            com.com[216.239.113.101]: Connection timed ou
            t (port 25)
            Aug 1 01:19:06 venture postfix/smtp[23768]: 5F2C96CBDA:
            to=<postmaster@...>, orig_to=<mail@custo
            mosas.com>, relay=none, delay=70102, delays=70042/0.14/60/0, dsn=4.4.1,
            status=deferred (connect to c
            om.com[216.239.113.101]: Connection timed out)
            Aug 1 01:19:06 venture postfix/smtp[23766]: 1D3F36CBD6:
            to=<postmaster@...>, orig_to=<mail@custo
            mosas.com>, relay=none, delay=404546, delays=404485/0.03/60/0, dsn=4.4.1,
            status=deferred (connect to

            Doug


            On Wednesday 01 August 2007 10:22, Barry Irwin wrote:
            > Doug wrote:
            > > I'm running postfix on SuSE Linux 10.2. I have set relay_domains =
            > > $mynetworks.
            > >
            > > I am concerned because when I go into Webmin and look at the Mail Queue
            > > for Postfix, I see entries like this:
            > >
            > > merrowydfip@... postmaster@... 20.08 kB connect to
            > > com.com[216.239.113.101]: Connection timed out
            > >
            > > This could not have come from any of my users. Right now I have 4
            > > messages to postmaster@..., and one to root@.... The status on
            > > one of them is "Connection Timed Out"
            > >
            > > I do get lots of spam, which I have managed to cut in half with postfix
            > > and spamassassin.
            > >
            > > Doug
            >
            > Hi Doug
            >
            > What these look to possibly be is bounce messages? Although without
            > seeing a full snippet of your mailq and particularly the mail logs its
            > difficult to say.
            >
            > If you trace these addresses in your maillogs form which hosts were they
            > received ? What is your domain? without all the pieces its a little
            > hard for people to assist you. PLease revisit the welcome message you
            > got when you joined the list for details on what kind of information to
            > provide to aid in debugging.
            >
            > Barry
          • Jeremie Le Hen
            Hi, Martin, ... Indeed, after studying the example greylist.pl, it appeared the only difference was the lack of $| = 1. Thank you for your help! Best regards,
            Message 5 of 7 , Aug 1, 2007
            • 0 Attachment
              Hi, Martin,

              On Wed, Aug 01, 2007 at 03:18:25PM +0200, Martin Schmitt wrote:
              > Jeremie Le Hen schrieb:
              >
              > > % #!/usr/bin/perl
              >
              > $| = 1; # to disable Perl's buffering of output.
              >
              > > % open LOG, '>> /tmp/policystub.log';
              > > % while (<STDIN>) {
              > > % print LOG $_;
              > > % print LOG "HEX: ".(unpack "H*", $_)."\n";
              > > % chomp;
              > > % print "action=DUNNO\n\n" if ($_ eq '');
              > > % }
              > > % close LOG;
              > >
              > > Testing it manually, it seems to work as expected:
              > > % postfix1# printf 'attribute=value\n\n' | /root/policystub.pl
              > > % action=DUNNO
              >
              > This works because policystub.pl terminates after EOF. Under master's
              > control, the smtpd remains connected to the policy service, which
              > buffers output and therefore doesn't answer immediately.

              Indeed, after studying the example greylist.pl, it appeared the only
              difference was the lack of $| = 1. Thank you for your help!

              Best regards,
              --
              Jeremie Le Hen
              < jeremie at le-hen dot org >< ttz at chchile dot org >
            Your message has been successfully submitted and would be delivered to recipients shortly.