Mail Server Help
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationMail Server Help
Reload this Page

postfix help - Log interpretation

Discuss postfix help - Log interpretation in the Mail Server Help forum on Dev Shed.
postfix help - Log interpretation Mail Server Help forum discussing tips, tricks, techniques and Spam containment solutions. Topics include mail servers such as Sendmail and Qmail, webmail interfaces such as Squirrelmail and Horde and spam solutions such as SpamAssassin and Bayesian

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old December 16th, 2004, 07:29 AM
msc msc is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Nov 2004
Posts: 39 msc User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 7 h 13 m 6 sec
Reputation Power: 4
postfix help - Log interpretation
New to mail server. I have been testing postfix and sendmail to see which would suite my needs better. I have postfix up and running. My log files are logging activity which I am concerned about

"Dec 16 08:16:10 postfix/smtpd[15906]: connect from unknown[61.84.118.136]
Dec 16 08:16:11 postfix/smtpd[15906]: NOQUEUE: reject: RCPT from unknown[61.84.118.136]: 450 Client host rejected: cannot find your hostname, [61.84.118.136]; from=<love@yahoo.com.au> to=<shl918@daum.net> proto=SMTP helo=<XX.XXX.XXX>
Dec 16 08:16:13 postfix/smtpd[15906]: NOQUEUE: reject: RCPT from unknown[61.84.118.136]: 450 Client host rejected: cannot find your hostname, [61.84.118.136]; from=<money@yahoo.com.au> to=<skin00@daum.net> proto=SMTP helo=<XX.XXX.XX>
Dec 16 08:16:14 postfix/smtpd[15906]: NOQUEUE: reject: RCPT from unknown[61.84.118.136]: 450 Client host rejected: cannot find your hostname, [61.84.118.136]; from=<tvz@yahoo.com.au> to=<soonang6@daum.net> proto=SMTP helo=<XX.XXX.XXX>
Dec 16 08:16:16 postfix/smtpd[15906]: NOQUEUE: reject: RCPT from unknown[61.84.118.136]: 450 Client host rejected: cannot find your hostname, [61.84.118.136]; from=<tvz@yahoo.com.au> to=<sip2ya-1004@daum.net> proto=SMTP helo=<XX.XXX.XXX>
Dec 16 08:16:18 postfix/smtpd[15906]: disconnect from unknown[61.84.118.136]

Is my server a open relay??
If so how can I stop this spammer?
If the host is rejected, why does he keep trying non stop ??
Can I totally block all access from these ip ranges?, if so how?

Any help would be appriciated, Thanks
Reply With Quote
  #2  
Old December 16th, 2004, 07:57 AM
dba_frog's Avatar
dba_frog dba_frog is offline
cave painting, the 1st Opn Src
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jun 2003
Posts: 394 dba_frog User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 18 h 55 m 5 sec
Reputation Power: 6
Quote:
Originally Posted by msc
Dec 16 08:16:11 postfix/smtpd[15906]: NOQUEUE: reject: RCPT from unknown[61.84.118.136]: 450 Client host rejected: cannot find your hostname, [61.84.118.136]; from=<love@yahoo.com.au> to=<shl918@daum.net> proto=SMTP helo=<XX.XXX.XXX>


Quote:
Is my server a open relay??
No, you are not allowing this user to access your SMTP and send this mail.

[QUOTE]If so how can I stop this spammer?
This is what I do:
I add them to my /etc/tcp.smtp file. That effectively stops them from connecting to my email server.
The entry syntax is:
xxx.xxx.xxx.:deny ( this in a outright deny, clip IP back per octet as needed, don't forget ending . )
or
xxx.xxx.xxx.:allow,RBLSMTPD="-IP Blocked :: Listed as SPAMMER" ( This will send them a msg that they are a spammer, but I stopped using this when I realized that being nice to spammers left me feeling dirty )
Quote:
If the host is rejected, why does he keep trying non stop ??
Probably a zombie system is routing to your email server. You may even have a number of them trying you.

Quote:
Can I totally block all access from these ip ranges?, if so how?
I believe you can with IPTables, I'm trying to learn more about them myself, so maybe someone has a good link or tutorial for blocking Spammers with IPTables they could share.

Any help would be appriciated, Thanks
__________________
Curious by Nature,
Linux by Choice
Reply With Quote
  #3  
Old December 16th, 2004, 01:32 PM
msc msc is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Nov 2004
Posts: 39 msc User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 7 h 13 m 6 sec
Reputation Power: 4
[QUOTE=dba_frog]
Quote:
Is my server a open relay??
No, you are not allowing this user to access your SMTP and send this mail.

This is what I do:
I add them to my /etc/tcp.smtp file. That effectively stops them from connecting to my email server.
The entry syntax is:
xxx.xxx.xxx.:deny ( this in a outright deny, clip IP back per octet as needed, don't forget ending . )
or
xxx.xxx.xxx.:allow,RBLSMTPD="-IP Blocked :: Listed as SPAMMER" ( This will send them a msg that they are a spammer, but I stopped using this when I realized that being nice to spammers left me feeling dirty )
Probably a zombie system is routing to your email server. You may even have a number of them trying you.

I believe you can with IPTables, I'm trying to learn more about them myself, so maybe someone has a good link or tutorial for blocking Spammers with IPTables they could share.

Any help would be appriciated, Thanks


I will try these suggestions. Thankyou again, I am most greatful
for the help.
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationMail Server Help > postfix help - Log interpretation

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 2 hosted by Hostway