Loading ...
Sorry, an error occurred while loading the content.

Re: Too much traffic

Expand Messages
  • KSB
    ... Probably they are NDR, so look inside of one of the messages with pfqueue to see original sender, ip, contents and so on... -- KSB
    Message 1 of 8 , Apr 2 10:39 PM
    • 0 Attachment
      On 2013.04.03. 2:38, Fernando Maior wrote:
      > Ceyhun,
      >
      > It is not a problem with Postfix. Proceed looking for someone or some
      > process that is forwarding those e-mails to your postfix server. Your
      > postfix server is just receiving them from internal clients and putting
      > them into the queue to send it out.
      >
      > Bye,
      > ---
      > Fernando Maciel Souto Maior
      >
      Probably they are NDR, so look inside of one of the messages with
      pfqueue to see original sender, ip, contents and so on...

      --
      KSB
    • Ceyhun Ganioglu
      Hi Fernando, Thanks for your response. This is exactly the case. I cleaned the mail queue last night and disabled one of the Drupal installations which seems
      Message 2 of 8 , Apr 2 11:58 PM
      • 0 Attachment

        Hi Fernando,

         

        Thanks for your response. This is exactly the case. I cleaned the mail queue last night and disabled one of the Drupal installations which seems vulnarable to me. Since last night there are no new emails sent. Which is good. Thank you for your help.

         

        Regards

         

        From: Fernando Maior [mailto:fernando.souto.maior@...]
        Sent: Wednesday, April 03, 2013 2:39 AM
        To: Ceyhun Ganioglu
        Cc: postfix users
        Subject: Re: Too much traffic

         

        Ceyhun,

         

        It is not a problem with Postfix. Proceed looking for someone or some process that is forwarding those e-mails to your postfix server. Your postfix server is just receiving them from internal clients and putting them into the queue to send it out.

         

        Bye,

        ---

        Fernando Maciel Souto Maior

         

        On Tue, Apr 2, 2013 at 6:06 PM, Ceyhun Ganioglu <ceyhunganioglu@...> wrote:

        Hi Fernando,

         

        Thanks for your reply. The problem is it is not a single mail sending problem. There were 756 email to be sent to zafer@... on the queue. I cleaned the queue. Then the emails appeared again. Something in my email server or maybe a content management system on my web server side has a vulnerability. I just need to make sure it is not from the Postfix side. Once I do this, I’ll check the web sites on my server.

         

        Thanks for your help.

         

        Ceyhun

         

        From: Fernando Maior [mailto:fernando.souto.maior@...]
        Sent: Tuesday, April 02, 2013 5:25 PM
        To: Ceyhun Ganioglu
        Cc: postfix users
        Subject: Re: Too much traffic

         

        Hi,

         

        I am not an specialist in Postfix, just a common admin. Yet, I can see two things from your message:

        1. You sure have a DNS resolution problem. No external server should be resolved to 192.168.x.x, that is an internal network. Also, the last two octets (255.255) are almost allways used for broadcasting packets in the network. The IP address for mx1.likya.com should never be 192.168.255.255;
        2. Because of the DNS resolution problem, postfix is just trying to connect to 192.168.255.255 to deliver the message to zafer@..., but could not, of course.

        I issued three commands:

        # dig likya.com ns

        # dig likya.com mx

         

        The first two seems that likya.com is configured correctly, instead the last command resolved to the IP address 192.168.255.255, that is wrong. So, problem with DNS resolution is with the admins of likya.com, not you. Best thing to do? I would just remove all entries in postfix queue that are for the wrong configured server (likya.com).

         

        Probably, someone at likya.com just made a wrong config. May be - in the interests of your users - you should try the likya.com site and look for a way to talk to them and tell them about the problem. Else you should keep an eye on the postfix queue and keep removing any messages for that domain, if they continue to pop.

         

        Cheers,

        ---

        Fernando Maciel Souto Maior

         

        On Mon, Apr 1, 2013 at 3:25 AM, Ceyhun Ganioglu <ceyhunganioglu@...> wrote:

        Hi everybody,

         

        I was using Postfix without any problems but last two months time the traffic usage of the server is increased too much. When I checked the mail queue I see emails for an account zafer@... which does not exist on my server. Below is an example how the mail queue looks like. I checked for open relay both manually and some online sites. There’s no open relay. Is this a kind of spam method? If yes, does anyone give me an idea how to fix it.

         

        Kindest Regards

        Ceyhun

         

         

        Email queue:

         

        AC5A615038A      635 Mon Apr  1 03:47:47  zafer@...

                     (connect to mx1.likya.com[192.168.255.255]: Connection timed out)

                                                 zafer@...

         

        A05E7150098      635 Sat Mar 30 13:33:46  zafer@...

        (delivery temporarily suspended: connect to mx1.likya.com[192.168.255.255]: Connection timed out)

                                                 zafer@...

         

        ABDC81500CB      641 Sun Mar 31 05:28:05  zafer@...

        (delivery temporarily suspended: connect to mx1.likya.com[192.168.255.255]: Connection timed out)

                                                 zafer@...

         

        A333F150086     2786 Sat Mar 30 09:55:01  MAILER-DAEMON

        (delivery temporarily suspended: connect to mx1.likya.com[192.168.255.255]: Connection timed out)

                                                 zafer@...

         

        A594015008E      629 Sat Mar 30 12:03:53  zafer@...

        (delivery temporarily suspended: connect to mx1.likya.com[192.168.255.255]: Connection timed out)

                                                 zafer@...

         

        A122F150381      631 Mon Apr  1 00:34:18  zafer@...

        (delivery temporarily suspended: connect to mx1.likya.com[192.168.255.255]: Connection timed out)

                                                 zafer@...

         

         

      Your message has been successfully submitted and would be delivered to recipients shortly.