Prev: Postfix not processing .forward files
Next: TLS smtp_tls_CApath and /etc/ssl/certs
From: Josh Cason on 7 Jun 2010 19:13
So did I setup mailscanner wrong or is this just one of those horrible
designs. I was thining at one time that mailscanner was messing with
e-mail and I temporary disabled it. But didn't change anything. Just
got more spam. Also I sent that guy a e-mail asking if he mutiple
listed. But I find this portion strange. to me that looks like a route.

Jun 7 08:57:22 primary MailScanner[31851]: Virus and Content
Scanning: Starting
Jun 7 08:57:26 primary MailScanner[31851]: Requeue:
8A42710D8005.354D5 to 3378410D8139
Jun 7 08:57:26 primary MailScanner[31851]: Uninfected: Delivered 1 messages
Jun 7 08:57:26 primary postfix/qmgr[23472]: 3378410D8139:
from=<fk0431(a)gmail.com>, size=1172, nrcpt=20 (queue active)
Jun 7 08:57:27 primary postfix/smtp[32286]: 3378410D8139: host
mx2.mail.eu.yahoo.com[77.238.184.241] refused to talk to me:$
Jun 7 08:57:27 primary postfix/smtp[32283]: connect to
mx5.hushmail.com[65.39.178.164]: No route to host (port 25)

Why would a "from fk0431(a)gmail.com" be in there. This address comes up
alot more and as you seen in my previous posts. That is the spamming
address. At least this time around. All other proper e-mails have just
a from/to correctly. But not this run and related to this message
number. Is this just a horrible type of boucing or msg sending?

Josh


--
This message has been scanned for viruses and
dangerous content by Mychoice, and is
believed to be clean.

From: Noel Jones on 7 Jun 2010 22:17
On 6/7/2010 6:13 PM, Josh Cason wrote:
> So did I setup mailscanner wrong or is this just one of those horrible
> designs. I was thining at one time that mailscanner was messing with
> e-mail and I temporary disabled it. But didn't change anything. Just got
> more spam.

Mailscanner is not recommended with postfix due to it's
mangling of queue files in unsupported ways.

But it's unlikely that mailscanner is related to your reported
problem.


> Also I sent that guy a e-mail asking if he mutiple listed.
> But I find this portion strange. to me that looks like a route.
>
> Jun 7 08:57:22 primary MailScanner[31851]: Virus and Content Scanning:
> Starting
> Jun 7 08:57:26 primary MailScanner[31851]: Requeue: 8A42710D8005.354D5
> to 3378410D8139
> Jun 7 08:57:26 primary MailScanner[31851]: Uninfected: Delivered 1 messages
> Jun 7 08:57:26 primary postfix/qmgr[23472]: 3378410D8139:
> from=<fk0431(a)gmail.com>, size=1172, nrcpt=20 (queue active)
> Jun 7 08:57:27 primary postfix/smtp[32286]: 3378410D8139: host
> mx2.mail.eu.yahoo.com[77.238.184.241] refused to talk to me:$
> Jun 7 08:57:27 primary postfix/smtp[32283]: connect to
> mx5.hushmail.com[65.39.178.164]: No route to host (port 25)
>
> Why would a "from fk0431(a)gmail.com" be in there. This address comes up
> alot more and as you seen in my previous posts. That is the spamming
> address. At least this time around. All other proper e-mails have just a
> from/to correctly. But not this run and related to this message number.
> Is this just a horrible type of boucing or msg sending?
>

That sender address is what was specified in the MAIL FROM
command. Maybe that's your clients real mail address, or
maybe it's a spammer. Or maybe your client is a spammer.

You need to examine your logs more closely. See if most -- or
all -- of the suspect mail originates from the client's IP.

See if that IP seems to be the source of an unreasonable
amount of mail. "unreasonable" is site-specific, you get to
decide for yourself what is unreasonable.

You need to examine the content of some of these messages.

Fix your clock and stop changing the subject line of your
messages.

-- Noel Jones

 | 
Pages: 1
Prev: Postfix not processing .forward files
Next: TLS smtp_tls_CApath and /etc/ssl/certs