Loading ...
Sorry, an error occurred while loading the content.

Re: Am I being a relay for spam?

Expand Messages
  • Brett Dikeman
    ... com.com is the domain used by CNET and company to enable cross-site popups, cookie sharing, and such. Brett
    Message 1 of 7 , Aug 1, 2007
    View Source
    • 0 Attachment
      On 8/1/07, Doug <doug@...> wrote:

      > This could not have come from any of my users. Right now I have 4 messages to
      > postmaster@..., and one to root@.... The status on one of them
      > is "Connection Timed Out"

      com.com is the domain used by CNET and company to enable cross-site
      popups, cookie sharing, and such.

      Brett
    • Barry Irwin
      ... Hi Doug What these look to possibly be is bounce messages? Although without seeing a full snippet of your mailq and particularly the mail logs its
      Message 2 of 7 , Aug 1, 2007
      View Source
      • 0 Attachment
        Doug wrote:
        > I'm running postfix on SuSE Linux 10.2. I have set relay_domains =
        > $mynetworks.
        >
        > I am concerned because when I go into Webmin and look at the Mail Queue for
        > Postfix, I see entries like this:
        >
        > merrowydfip@... postmaster@... 20.08 kB connect to
        > com.com[216.239.113.101]: Connection timed out
        >
        > This could not have come from any of my users. Right now I have 4 messages to
        > postmaster@..., and one to root@.... The status on one of them
        > is "Connection Timed Out"
        >
        > I do get lots of spam, which I have managed to cut in half with postfix and
        > spamassassin.
        >
        > Doug

        Hi Doug

        What these look to possibly be is bounce messages? Although without
        seeing a full snippet of your mailq and particularly the mail logs its
        difficult to say.

        If you trace these addresses in your maillogs form which hosts were they
        received ? What is your domain? without all the pieces its a little
        hard for people to assist you. PLease revisit the welcome message you
        got when you joined the list for details on what kind of information to
        provide to aid in debugging.

        Barry
      • Doug
        Well, I didn t want to take up too much time here. My main concern is that I m not being a relay for spam. Here s a grep of /var/logs/mail. customosas.com,
        Message 3 of 7 , Aug 1, 2007
        View Source
        • 0 Attachment
          Well, I didn't want to take up too much time here. My main concern is that I'm
          not being a relay for spam.

          Here's a grep of /var/logs/mail. customosas.com, mentioned near the end, is
          one of my mail domains, the other being dougnc.com

          Thanks!


          venture:/var/log # grep com.com mail | grep "Aug 1" | more
          Aug 1 01:09:15 venture postfix/smtp[23700]: connect to
          com.com[216.239.122.102]: Connection timed ou
          t (port 25)
          Aug 1 01:09:45 venture postfix/smtp[23700]: connect to
          com.com[216.239.113.101]: Connection timed ou
          t (port 25)
          Aug 1 01:09:45 venture postfix/smtp[23700]: 616B76CBD9:
          to=<postmaster@...>, orig_to=<mail@custo
          mosas.com>, relay=none, delay=60, delays=0.08/0.02/60/0, dsn=4.4.1,
          status=deferred (connect to com.c
          om[216.239.113.101]: Connection timed out)
          Aug 1 01:18:05 venture postfix/qmgr[4402]: A7BFC6C9E9: from=<root@...>,
          size=501, nrcpt=1 (queue
          active)
          Aug 1 01:18:35 venture postfix/smtp[23766]: connect to
          com.com[216.239.113.101]: Connection timed ou
          t (port 25)
          Aug 1 01:18:35 venture postfix/smtp[23765]: connect to
          com.com[216.239.113.101]: Connection timed ou
          t (port 25)
          Aug 1 01:18:35 venture postfix/smtp[23768]: connect to
          com.com[216.239.122.102]: Connection timed ou
          t (port 25)
          Aug 1 01:18:35 venture postfix/smtp[23767]: connect to
          com.com[216.239.113.101]: Connection timed ou
          t (port 25)
          Aug 1 01:19:05 venture postfix/smtp[23766]: connect to
          com.com[216.239.122.102]: Connection timed ou
          t (port 25)
          Aug 1 01:19:05 venture postfix/smtp[23765]: connect to
          com.com[216.239.122.102]: Connection timed ou
          t (port 25)
          Aug 1 01:19:05 venture postfix/smtp[23767]: connect to
          com.com[216.239.122.102]: Connection timed ou
          t (port 25)
          Aug 1 01:19:05 venture postfix/smtp[23768]: connect to
          com.com[216.239.113.101]: Connection timed ou
          t (port 25)
          Aug 1 01:19:06 venture postfix/smtp[23768]: 5F2C96CBDA:
          to=<postmaster@...>, orig_to=<mail@custo
          mosas.com>, relay=none, delay=70102, delays=70042/0.14/60/0, dsn=4.4.1,
          status=deferred (connect to c
          om.com[216.239.113.101]: Connection timed out)
          Aug 1 01:19:06 venture postfix/smtp[23766]: 1D3F36CBD6:
          to=<postmaster@...>, orig_to=<mail@custo
          mosas.com>, relay=none, delay=404546, delays=404485/0.03/60/0, dsn=4.4.1,
          status=deferred (connect to

          Doug


          On Wednesday 01 August 2007 10:22, Barry Irwin wrote:
          > Doug wrote:
          > > I'm running postfix on SuSE Linux 10.2. I have set relay_domains =
          > > $mynetworks.
          > >
          > > I am concerned because when I go into Webmin and look at the Mail Queue
          > > for Postfix, I see entries like this:
          > >
          > > merrowydfip@... postmaster@... 20.08 kB connect to
          > > com.com[216.239.113.101]: Connection timed out
          > >
          > > This could not have come from any of my users. Right now I have 4
          > > messages to postmaster@..., and one to root@.... The status on
          > > one of them is "Connection Timed Out"
          > >
          > > I do get lots of spam, which I have managed to cut in half with postfix
          > > and spamassassin.
          > >
          > > Doug
          >
          > Hi Doug
          >
          > What these look to possibly be is bounce messages? Although without
          > seeing a full snippet of your mailq and particularly the mail logs its
          > difficult to say.
          >
          > If you trace these addresses in your maillogs form which hosts were they
          > received ? What is your domain? without all the pieces its a little
          > hard for people to assist you. PLease revisit the welcome message you
          > got when you joined the list for details on what kind of information to
          > provide to aid in debugging.
          >
          > Barry
        • Jeremie Le Hen
          Hi, Martin, ... Indeed, after studying the example greylist.pl, it appeared the only difference was the lack of $| = 1. Thank you for your help! Best regards,
          Message 4 of 7 , Aug 1, 2007
          View Source
          • 0 Attachment
            Hi, Martin,

            On Wed, Aug 01, 2007 at 03:18:25PM +0200, Martin Schmitt wrote:
            > Jeremie Le Hen schrieb:
            >
            > > % #!/usr/bin/perl
            >
            > $| = 1; # to disable Perl's buffering of output.
            >
            > > % open LOG, '>> /tmp/policystub.log';
            > > % while (<STDIN>) {
            > > % print LOG $_;
            > > % print LOG "HEX: ".(unpack "H*", $_)."\n";
            > > % chomp;
            > > % print "action=DUNNO\n\n" if ($_ eq '');
            > > % }
            > > % close LOG;
            > >
            > > Testing it manually, it seems to work as expected:
            > > % postfix1# printf 'attribute=value\n\n' | /root/policystub.pl
            > > % action=DUNNO
            >
            > This works because policystub.pl terminates after EOF. Under master's
            > control, the smtpd remains connected to the policy service, which
            > buffers output and therefore doesn't answer immediately.

            Indeed, after studying the example greylist.pl, it appeared the only
            difference was the lack of $| = 1. Thank you for your help!

            Best regards,
            --
            Jeremie Le Hen
            < jeremie at le-hen dot org >< ttz at chchile dot org >
          Your message has been successfully submitted and would be delivered to recipients shortly.