View Single Post
  #1  
Old 27th July 2010, 03:50
bluegrass bluegrass is offline
Member
 
Join Date: Jan 2006
Location: Pinas
Posts: 51
Thanks: 0
Thanked 1 Time in 1 Post
Send a message via Yahoo to bluegrass
Question Postfix Problem (Possible Trojan/Spam)

Hi,

I have installed Virtual Users And Domains With Postfix, Courier And MySQL (+
SMTP-AUTH, Quota, SpamAssassin, ClamAV) in Debian Lenny for my mail server. At first, I had no problems, I can actually send and receive emails to/from the server.

Yesterday, one of my users reported that his friend did not receive his email, and that said email was sent 3 weeks ago. So I made a test email from my server, sending it to my yahoo, gmail and hotmail accounts. For more than 24 hours already, I never received the said email.

I checked the mail logs and this is what I saw:

Code:
Jul 27 09:15:23 mail postfix/qmgr[5210]: 9020E4502DF: from=<rtjuarez@cpu.edu.ph>, size=1097, nrcpt=1 (queue active)
Jul 27 09:15:23 mail amavis[4964]: (04964-08) Passed CLEAN, LOCAL [192.168.101.2] [192.168.101.2] <rtjuarez@cpu.edu.ph> -> <royski_it2004@yahoo.com>, Message-ID: <4C4E3326.5000605@cpu.edu.ph>, mail_id: 9It6Tl2pxI1C, Hits: -2.846, size: 639, queued_as: 9020E4502DF, 6175 ms
Jul 27 09:19:51 mail postfix/qmgr[5210]: CF7224502E6: from=<rtjuarez@cpu.edu.ph>, size=1165, nrcpt=3 (queue active)
Jul 27 09:19:52 mail postfix/qmgr[5210]: 7650D4502E5: from=<rtjuarez@cpu.edu.ph>, size=868, nrcpt=1 (queue active)
Jul 27 09:19:54 mail postfix/qmgr[5210]: BE2EA4502DA: from=<rtjuarez@cpu.edu.ph>, size=1144, nrcpt=2 (queue active)
Jul 27 09:24:54 mail postfix/qmgr[5210]: 536494502EA: from=<rtjuarez@cpu.edu.ph>, size=1097, nrcpt=1 (queue active)
Jul 27 09:25:04 mail postfix/smtp[5415]: BE2EA4502DA: to=<rtjuarez@gmail.com>, relay=none, delay=14587, delays=14278/190/120/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[209.85.229.27]:25: Connection timed out)
Jul 27 09:25:21 mail postfix/smtp[5243]: CF7224502E6: to=<rtjuarez@gmail.com>, relay=none, delay=3398, delays=3068/297/33/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[209.85.229.27]:25: No route to host)
Jul 27 09:29:18 mail imapd: LOGIN, user=rtjuarez@cpu.edu.ph, ip=[::ffff:192.168.101.2], port=[2262], protocol=IMAP
Jul 27 09:29:53 mail postfix/qmgr[5210]: 9020E4502DF: from=<rtjuarez@cpu.edu.ph>, size=1097, nrcpt=1 (queue active)
Jul 27 09:35:26 mail postfix/qmgr[5210]: 70EA04502EE: from=<rtjuarez@cpu.edu.ph>, size=534, nrcpt=1 (queue active)
Jul 27 09:35:46 mail amavis[8248]: (08248-07) Blocked SPAM, [189.6.206.136] [189.6.206.136] <rtjuarez@cpu.edu.ph> -> <rtjuarez@cpu.edu.ph>, quarantine: V/spam-VQnNS8RP9KZX.gz, Message-ID: <20100727013525.70EA04502EE@mail.cpu.edu.ph>, mail_id: VQnNS8RP9KZX, Hits: 8.26, size: 534, 20011 ms
Jul 27 09:35:46 mail postfix/smtp[8177]: 70EA04502EE: to=<rtjuarez@cpu.edu.ph>, relay=127.0.0.1[127.0.0.1]:10024, delay=21, delays=1.2/0/0/20, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=08248-07, BOUNCE)
Jul 27 09:35:46 mail postfix/virtual[8321]: 341814502F4: to=<rtjuarez@cpu.edu.ph>, relay=virtual, delay=0.26, delays=0.07/0.04/0/0.15, dsn=2.0.0, status=sent (delivered to maildir)
Jul 27 09:39:53 mail postfix/qmgr[5210]: 536494502EA: from=<rtjuarez@cpu.edu.ph>, size=1097, nrcpt=1 (queue active)
Jul 27 09:39:53 mail postfix/qmgr[5210]: 9115B4502E8: from=<rtjuarez@cpu.edu.ph>, size=1108, nrcpt=1 (queue active)
The given samples were log records from my own email only.

My other problem is, it seems that my server is sending emails that are not valid:
Code:
Jul 27 09:42:19 mail postfix/smtp[5412]: 6ADDC4504E4: to=<blascakb@cpva.saic.com>, relay=none, delay=351009, delays=348780/2118/111/0, dsn=4.4.1, status=deferred (connect to mx2.west.saic.com[198.151.12.25]:25: Connection timed out)
Jul 27 09:42:19 mail postfix/smtp[5303]: E0C20450386: to=<ahram@ahram.org.eg>, relay=none, delay=353014, delays=351066/1887/60/0, dsn=4.4.1, status=deferred (connect to 1273128082.mail.outlook.com[65.54.188.109]:25: Connection timed out)
Jul 27 09:42:19 mail postfix/smtp[5380]: 50A46440183: to=<lllinares@arcadis-fr.com>, relay=none, delay=338899, delays=338155/683/61/0, dsn=4.4.1, status=deferred (connect to mail2.fcinternational.net[194.3.174.46]:25: Connection timed out)
Jul 27 09:42:19 mail postfix/smtp[5425]: connect to mail-mx4.its.unimelb.edu.au[128.250.118.136]:25: No route to host
Jul 27 09:42:19 mail postfix/smtp[5419]: connect to onemain-mx.earthlink.net[209.86.93.121]:25: Connection timed out
Jul 27 09:42:19 mail postfix/smtp[5313]: D761245042A: to=<archive@israelipalestinianpeace.org>, relay=none, delay=351750, delays=349523/2166/61/0, dsn=4.4.1, status=deferred (connect to mx2.main.nc.us[74.207.237.203]:25: Connection timed out)
Jul 27 09:42:19 mail postfix/smtp[5327]: EB3DD440088: to=<ot@ark-mortensen.dk>, relay=none, delay=349549, delays=347603/1915/30/0, dsn=4.4.1, status=deferred (connect to mail.ark-mortensen.dk[62.243.229.238]:25: Connection timed out)
Jul 27 09:42:19 mail postfix/smtp[5337]: E523F450461: to=<ole@limal.dk>, relay=none, delay=351580, delays=349632/1944/3.4/0, dsn=4.4.1, status=deferred (connect to mail.limal.dk[195.128.174.71]:25: No route to host)
Jul 27 09:42:19 mail postfix/smtp[5399]: 21CE4440178: to=<l.lindelauf@prettel.nl>, relay=none, delay=338969, delays=336738/2149/82/0, dsn=4.4.1, status=deferred (connect to fallback2.csnet.nl[194.69.30.7]:25: Connection timed out)
Jul 27 09:42:19 mail postfix/smtp[5324]: connect to mail20.ixwebhosting.com[76.162.254.117]:25: Connection timed out
Jul 27 09:42:19 mail postfix/smtp[5343]: connect to continuumct.com[168.143.18.237]:25: No route to host
Jul 27 09:42:19 mail postfix/smtp[5449]: connect to bmail.go.com.jo[196.27.0.114]:25: Connection timed out
Jul 27 09:42:20 mail postfix/smtp[5303]: E0C20450386: to=<ahramdaily@ahram.org.eg>, relay=none, delay=353014, delays=351066/1887/60/0, dsn=4.4.1, status=deferred (connect to 1273128082.mail.outlook.com[65.54.188.109]:25: Connection timed out)
Jul 27 09:42:20 mail postfix/smtp[5419]: E9D9144012C: to=<lkozrk@usmo.com>, relay=none, delay=339709, delays=337759/1910/40/0, dsn=4.4.1, status=deferred (connect to onemain-mx.earthlink.net[209.86.93.121]:25: Connection timed out)
Jul 27 09:42:20 mail postfix/smtp[5445]: connect to aspmx2.googlemail.com[74.125.43.27]:25: Connection timed out
Jul 27 09:42:20 mail postfix/smtp[5270]: connect to thesunnews.com.s8b1.psmtp.com[64.18.7.13]:25: Connection timed out
Jul 27 09:42:20 mail postfix/smtp[5270]: connect to thesunnews.com.s8b2.psmtp.com[64.18.7.14]:25: No route to host
Jul 27 09:42:20 mail postfix/smtp[5303]: connect to front-lvs.scannet.dk[195.69.129.85]:25: No route to host
Jul 27 09:42:20 mail postfix/smtp[5413]: D761245042A: to=<arezoo@icciran.com>, relay=none, delay=351748, delays=349523/2165/61/0, dsn=4.4.1, status=deferred (connect to mail.icciran.com[216.12.205.115]:25: Connection timed out)
Jul 27 09:42:20 mail postfix/smtp[5343]: EC909440143: to=<llandry@continuumct.com>, relay=none, delay=339546, delays=337597/1927/21/0, dsn=4.4.1, status=deferred (connect to continuumct.com[168.143.18.237]:25: No route to host)
Jul 27 09:42:20 mail postfix/smtp[5329]: EB3DD440088: to=<otbeju@gladsaxe.dk>, relay=none, delay=349551, delays=347603/1920/27/0, dsn=4.4.1, status=deferred (connect to dkcphmx62.softcom.dk[213.150.52.217]:25: No route to host)
Jul 27 09:42:20 mail postfix/smtp[5442]: connect to ASPMX.L.GOOGLE.com[72.14.213.27]:25: Connection timed out
Jul 27 09:42:21 mail postfix/smtp[5448]: connect to mx-adinet.adinet.com.uy[200.40.30.218]:25: Connection timed out
Jul 27 09:42:21 mail postfix/smtp[5445]: 6ADDC4504E4: to=<blazer@blazeruae.com>, relay=none, delay=351012, delays=348780/2111/121/0, dsn=4.4.1, status=deferred (connect to aspmx2.googlemail.com[74.125.43.27]:25: Connection timed out)
Jul 27 09:42:21 mail postfix/smtp[5270]: 2D3C5450375: to=<ads@thesunnews.com>, relay=none, delay=353285, delays=351053/2140/92/0, dsn=4.4.1, status=deferred (connect to thesunnews.com.s8b2.psmtp.com[64.18.7.14]:25: No route to host)
Jul 27 09:42:21 mail postfix/smtp[5303]: E523F450461: to=<ole@lunding.dk>, relay=none, delay=351582, delays=349632/1949/0.73/0, dsn=4.4.1, status=deferred (connect to front-lvs.scannet.dk[195.69.129.85]:25: No route to host)
Jul 27 09:42:21 mail postfix/smtp[5270]: connect to mailgate.cybercity.dk[212.242.43.248]:25: No route to host
Jul 27 09:42:21 mail postfix/smtp[5323]: connect to mx.club-internet.fr[93.17.128.7]:25: Connection timed out
Jul 27 09:42:21 mail postfix/smtp[5449]: E0C20450386: to=<aiccom@aic.nuqul.com.jo>, relay=none, delay=353016, delays=351066/1890/60/0, dsn=4.4.1, status=deferred (connect to bmail.go.com.jo[196.27.0.114]:25: Connection timed out)
Jul 27 09:42:21 mail postfix/smtp[5362]: EB3DD440088: to=<otb@bib.sdu.dk>, relay=none, delay=349550, delays=347603/1917/30/0, dsn=4.4.1, status=deferred (connect to msec.sdu.dk[130.225.156.16]:25: Connection timed out)
I don't think that in just 1 second, there are several emails that are being sent. I have also discovered that even on an unholy hours in my local time, there are a lot of emails being sent also.

Can somebody help me on how to fix this problem?
Reply With Quote
Sponsored Links