Trying to understand some email issues

Noel noeldude at gmail.com
Mon Jan 21 21:31:18 UTC 2019


The log messages show you are *sending* mail, not receiving.

Jan 20 22:09:01 ns postfix/smtp[1308]: 2DA97A2E2EF: to=<pwascak at aol.com
,
relay=mx-aol.mail.gm0.yahoodns.net[98.137.157.43]:25, delay=13730,
delays=13728/0.31/1.1/0.06, dsn=4.7.0, status=deferred (host
mx-aol.mail.gm0.yahoodns.net[98.137.157.43] said: 421 4.7.0 [TSS04]
Messages from 23.24.207.145 temporarily deferred due to user complaints -
4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in


Search earlier logs for the first mention of the QUEUEID for this
message,  2DA97A2E2EF,  to see where this particular mail originated.

You running a web server on this host?  Insecure web forms are often
used to send spam.  A new server install might have forms you didn't
have before, or didn't intend to install.



  -- Noel Jones

On 1/21/2019 12:40 PM, Patrick Mahan wrote:
> Thanks,
>
> mxtoolbox shows that I am on 13 out of 95 blacklists, so it seems I was
> sending out spam.
>
> Patrick
>
> On Mon, Jan 21, 2019 at 8:47 AM Kurt Buff - GSEC, GCIH <kurt.buff at gmail.com>
> wrote:
>
>> On Sun, Jan 20, 2019 at 10:34 PM Patrick Mahan <plmahan at gmail.com> wrote:
>>> All,
>>>
>>> FreeBSD 11.2
>>>
>>> Running postfix 3.3.2_1,1
>>>
>>> I'm getting hammered with thousands of emails from yahoo.com -
>>>
>>> Here is an example -
>>>
>>> Jan 20 22:09:01 ns postfix/smtp[1308]: 2DA97A2E2EF: to=<pwascak at aol.com
>>> ,
>>> relay=mx-aol.mail.gm0.yahoodns.net[98.137.157.43]:25, delay=13730,
>>> delays=13728/0.31/1.1/0.06, dsn=4.7.0, status=deferred (host
>>> mx-aol.mail.gm0.yahoodns.net[98.137.157.43] said: 421 4.7.0 [TSS04]
>>> Messages from 23.24.207.145 temporarily deferred due to user complaints -
>>> 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in
>> reply
>>> to MAIL FROM command))
>>>
>>> I'm trying to determine if I am somehow relaying emails to yahoo.com,
>> or is
>>> this someone attacking me.
>>>
>>> I am pretty sure I have postfix to avoid acting like a relay for
>>> unauthenticated connections.  But this maybe something I have messed up.
>>> This has been happening only since I upgraded to 11.2 (I was at 9.x).  I
>>> also just recently switch from sendmail to postfix as well.
>>>
>>> I can provide my postfix config on request if needed.
>>>
>>> Pointers to other mail-lists are welcomed.  I decided to start here
>> before
>>> jumping on the postfix mailing list.
>>>
>>> Thanks in advance,
>>>
>>> Patrick
>> I'd suggest, as a first measure, going to https://mxtoolbox.com, and
>> looking at their reports for your domain name and your IP address.
>>
>> Understanding your config and your logs is good, but a quick review of
>> how others see your domain can point you in the right direction if
>> there's an error in your config.
>>
>> For instance, you might have inadvertently made your host an open
>> relay, and mxtoolbox will understand that. (that just an example - it
>> actually seems unlikely, as otherwise you'd be getting bounces from
>> more than just yahoo)
>>
>> Kurt
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe at freebsd.org"
>>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"




More information about the freebsd-questions mailing list