Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 27th July 2010, 04:50
bluegrass bluegrass is offline
Member
 
Join Date: Jan 2006
Location: Pinas
Posts: 51
Thanks: 0
Thanked 1 Time in 1 Post
Send a message via Yahoo to bluegrass
Question Postfix Problem (Possible Trojan/Spam)

Hi,

I have installed Virtual Users And Domains With Postfix, Courier And MySQL (+
SMTP-AUTH, Quota, SpamAssassin, ClamAV) in Debian Lenny for my mail server. At first, I had no problems, I can actually send and receive emails to/from the server.

Yesterday, one of my users reported that his friend did not receive his email, and that said email was sent 3 weeks ago. So I made a test email from my server, sending it to my yahoo, gmail and hotmail accounts. For more than 24 hours already, I never received the said email.

I checked the mail logs and this is what I saw:

Code:
Jul 27 09:15:23 mail postfix/qmgr[5210]: 9020E4502DF: from=<rtjuarez@cpu.edu.ph>, size=1097, nrcpt=1 (queue active)
Jul 27 09:15:23 mail amavis[4964]: (04964-08) Passed CLEAN, LOCAL [192.168.101.2] [192.168.101.2] <rtjuarez@cpu.edu.ph> -> <royski_it2004@yahoo.com>, Message-ID: <4C4E3326.5000605@cpu.edu.ph>, mail_id: 9It6Tl2pxI1C, Hits: -2.846, size: 639, queued_as: 9020E4502DF, 6175 ms
Jul 27 09:19:51 mail postfix/qmgr[5210]: CF7224502E6: from=<rtjuarez@cpu.edu.ph>, size=1165, nrcpt=3 (queue active)
Jul 27 09:19:52 mail postfix/qmgr[5210]: 7650D4502E5: from=<rtjuarez@cpu.edu.ph>, size=868, nrcpt=1 (queue active)
Jul 27 09:19:54 mail postfix/qmgr[5210]: BE2EA4502DA: from=<rtjuarez@cpu.edu.ph>, size=1144, nrcpt=2 (queue active)
Jul 27 09:24:54 mail postfix/qmgr[5210]: 536494502EA: from=<rtjuarez@cpu.edu.ph>, size=1097, nrcpt=1 (queue active)
Jul 27 09:25:04 mail postfix/smtp[5415]: BE2EA4502DA: to=<rtjuarez@gmail.com>, relay=none, delay=14587, delays=14278/190/120/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[209.85.229.27]:25: Connection timed out)
Jul 27 09:25:21 mail postfix/smtp[5243]: CF7224502E6: to=<rtjuarez@gmail.com>, relay=none, delay=3398, delays=3068/297/33/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[209.85.229.27]:25: No route to host)
Jul 27 09:29:18 mail imapd: LOGIN, user=rtjuarez@cpu.edu.ph, ip=[::ffff:192.168.101.2], port=[2262], protocol=IMAP
Jul 27 09:29:53 mail postfix/qmgr[5210]: 9020E4502DF: from=<rtjuarez@cpu.edu.ph>, size=1097, nrcpt=1 (queue active)
Jul 27 09:35:26 mail postfix/qmgr[5210]: 70EA04502EE: from=<rtjuarez@cpu.edu.ph>, size=534, nrcpt=1 (queue active)
Jul 27 09:35:46 mail amavis[8248]: (08248-07) Blocked SPAM, [189.6.206.136] [189.6.206.136] <rtjuarez@cpu.edu.ph> -> <rtjuarez@cpu.edu.ph>, quarantine: V/spam-VQnNS8RP9KZX.gz, Message-ID: <20100727013525.70EA04502EE@mail.cpu.edu.ph>, mail_id: VQnNS8RP9KZX, Hits: 8.26, size: 534, 20011 ms
Jul 27 09:35:46 mail postfix/smtp[8177]: 70EA04502EE: to=<rtjuarez@cpu.edu.ph>, relay=127.0.0.1[127.0.0.1]:10024, delay=21, delays=1.2/0/0/20, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=08248-07, BOUNCE)
Jul 27 09:35:46 mail postfix/virtual[8321]: 341814502F4: to=<rtjuarez@cpu.edu.ph>, relay=virtual, delay=0.26, delays=0.07/0.04/0/0.15, dsn=2.0.0, status=sent (delivered to maildir)
Jul 27 09:39:53 mail postfix/qmgr[5210]: 536494502EA: from=<rtjuarez@cpu.edu.ph>, size=1097, nrcpt=1 (queue active)
Jul 27 09:39:53 mail postfix/qmgr[5210]: 9115B4502E8: from=<rtjuarez@cpu.edu.ph>, size=1108, nrcpt=1 (queue active)
The given samples were log records from my own email only.

My other problem is, it seems that my server is sending emails that are not valid:
Code:
Jul 27 09:42:19 mail postfix/smtp[5412]: 6ADDC4504E4: to=<blascakb@cpva.saic.com>, relay=none, delay=351009, delays=348780/2118/111/0, dsn=4.4.1, status=deferred (connect to mx2.west.saic.com[198.151.12.25]:25: Connection timed out)
Jul 27 09:42:19 mail postfix/smtp[5303]: E0C20450386: to=<ahram@ahram.org.eg>, relay=none, delay=353014, delays=351066/1887/60/0, dsn=4.4.1, status=deferred (connect to 1273128082.mail.outlook.com[65.54.188.109]:25: Connection timed out)
Jul 27 09:42:19 mail postfix/smtp[5380]: 50A46440183: to=<lllinares@arcadis-fr.com>, relay=none, delay=338899, delays=338155/683/61/0, dsn=4.4.1, status=deferred (connect to mail2.fcinternational.net[194.3.174.46]:25: Connection timed out)
Jul 27 09:42:19 mail postfix/smtp[5425]: connect to mail-mx4.its.unimelb.edu.au[128.250.118.136]:25: No route to host
Jul 27 09:42:19 mail postfix/smtp[5419]: connect to onemain-mx.earthlink.net[209.86.93.121]:25: Connection timed out
Jul 27 09:42:19 mail postfix/smtp[5313]: D761245042A: to=<archive@israelipalestinianpeace.org>, relay=none, delay=351750, delays=349523/2166/61/0, dsn=4.4.1, status=deferred (connect to mx2.main.nc.us[74.207.237.203]:25: Connection timed out)
Jul 27 09:42:19 mail postfix/smtp[5327]: EB3DD440088: to=<ot@ark-mortensen.dk>, relay=none, delay=349549, delays=347603/1915/30/0, dsn=4.4.1, status=deferred (connect to mail.ark-mortensen.dk[62.243.229.238]:25: Connection timed out)
Jul 27 09:42:19 mail postfix/smtp[5337]: E523F450461: to=<ole@limal.dk>, relay=none, delay=351580, delays=349632/1944/3.4/0, dsn=4.4.1, status=deferred (connect to mail.limal.dk[195.128.174.71]:25: No route to host)
Jul 27 09:42:19 mail postfix/smtp[5399]: 21CE4440178: to=<l.lindelauf@prettel.nl>, relay=none, delay=338969, delays=336738/2149/82/0, dsn=4.4.1, status=deferred (connect to fallback2.csnet.nl[194.69.30.7]:25: Connection timed out)
Jul 27 09:42:19 mail postfix/smtp[5324]: connect to mail20.ixwebhosting.com[76.162.254.117]:25: Connection timed out
Jul 27 09:42:19 mail postfix/smtp[5343]: connect to continuumct.com[168.143.18.237]:25: No route to host
Jul 27 09:42:19 mail postfix/smtp[5449]: connect to bmail.go.com.jo[196.27.0.114]:25: Connection timed out
Jul 27 09:42:20 mail postfix/smtp[5303]: E0C20450386: to=<ahramdaily@ahram.org.eg>, relay=none, delay=353014, delays=351066/1887/60/0, dsn=4.4.1, status=deferred (connect to 1273128082.mail.outlook.com[65.54.188.109]:25: Connection timed out)
Jul 27 09:42:20 mail postfix/smtp[5419]: E9D9144012C: to=<lkozrk@usmo.com>, relay=none, delay=339709, delays=337759/1910/40/0, dsn=4.4.1, status=deferred (connect to onemain-mx.earthlink.net[209.86.93.121]:25: Connection timed out)
Jul 27 09:42:20 mail postfix/smtp[5445]: connect to aspmx2.googlemail.com[74.125.43.27]:25: Connection timed out
Jul 27 09:42:20 mail postfix/smtp[5270]: connect to thesunnews.com.s8b1.psmtp.com[64.18.7.13]:25: Connection timed out
Jul 27 09:42:20 mail postfix/smtp[5270]: connect to thesunnews.com.s8b2.psmtp.com[64.18.7.14]:25: No route to host
Jul 27 09:42:20 mail postfix/smtp[5303]: connect to front-lvs.scannet.dk[195.69.129.85]:25: No route to host
Jul 27 09:42:20 mail postfix/smtp[5413]: D761245042A: to=<arezoo@icciran.com>, relay=none, delay=351748, delays=349523/2165/61/0, dsn=4.4.1, status=deferred (connect to mail.icciran.com[216.12.205.115]:25: Connection timed out)
Jul 27 09:42:20 mail postfix/smtp[5343]: EC909440143: to=<llandry@continuumct.com>, relay=none, delay=339546, delays=337597/1927/21/0, dsn=4.4.1, status=deferred (connect to continuumct.com[168.143.18.237]:25: No route to host)
Jul 27 09:42:20 mail postfix/smtp[5329]: EB3DD440088: to=<otbeju@gladsaxe.dk>, relay=none, delay=349551, delays=347603/1920/27/0, dsn=4.4.1, status=deferred (connect to dkcphmx62.softcom.dk[213.150.52.217]:25: No route to host)
Jul 27 09:42:20 mail postfix/smtp[5442]: connect to ASPMX.L.GOOGLE.com[72.14.213.27]:25: Connection timed out
Jul 27 09:42:21 mail postfix/smtp[5448]: connect to mx-adinet.adinet.com.uy[200.40.30.218]:25: Connection timed out
Jul 27 09:42:21 mail postfix/smtp[5445]: 6ADDC4504E4: to=<blazer@blazeruae.com>, relay=none, delay=351012, delays=348780/2111/121/0, dsn=4.4.1, status=deferred (connect to aspmx2.googlemail.com[74.125.43.27]:25: Connection timed out)
Jul 27 09:42:21 mail postfix/smtp[5270]: 2D3C5450375: to=<ads@thesunnews.com>, relay=none, delay=353285, delays=351053/2140/92/0, dsn=4.4.1, status=deferred (connect to thesunnews.com.s8b2.psmtp.com[64.18.7.14]:25: No route to host)
Jul 27 09:42:21 mail postfix/smtp[5303]: E523F450461: to=<ole@lunding.dk>, relay=none, delay=351582, delays=349632/1949/0.73/0, dsn=4.4.1, status=deferred (connect to front-lvs.scannet.dk[195.69.129.85]:25: No route to host)
Jul 27 09:42:21 mail postfix/smtp[5270]: connect to mailgate.cybercity.dk[212.242.43.248]:25: No route to host
Jul 27 09:42:21 mail postfix/smtp[5323]: connect to mx.club-internet.fr[93.17.128.7]:25: Connection timed out
Jul 27 09:42:21 mail postfix/smtp[5449]: E0C20450386: to=<aiccom@aic.nuqul.com.jo>, relay=none, delay=353016, delays=351066/1890/60/0, dsn=4.4.1, status=deferred (connect to bmail.go.com.jo[196.27.0.114]:25: Connection timed out)
Jul 27 09:42:21 mail postfix/smtp[5362]: EB3DD440088: to=<otb@bib.sdu.dk>, relay=none, delay=349550, delays=347603/1917/30/0, dsn=4.4.1, status=deferred (connect to msec.sdu.dk[130.225.156.16]:25: Connection timed out)
I don't think that in just 1 second, there are several emails that are being sent. I have also discovered that even on an unholy hours in my local time, there are a lot of emails being sent also.

Can somebody help me on how to fix this problem?
Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How cai remove amavis from postfix ? gabrix Server Operation 16 2nd October 2012 10:58
Email Could not send and receive piseth Installation/Configuration 16 17th July 2010 19:27
ERROR: Connection dropped by IMAP server. [Centos 5.4, courier imap,squirrel, etc] darevil HOWTO-Related Questions 7 9th June 2010 15:49
postfix multi bongo Installation/Configuration 2 28th October 2009 01:57
421 Unexpected failure Lizard King Installation/Configuration 20 7th July 2009 21:43


All times are GMT +2. The time now is 23:56.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.