Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 4th April 2013, 14:46
arraken arraken is offline
Member
 
Join Date: Mar 2010
Posts: 93
Thanks: 14
Thanked 3 Times in 3 Posts
Default Lots of deferred mails - backscatter?

Hi,

I recently had an SMTP AUTH relay attack, on my mail-server, which i solved as described in this thread: http://www.howtoforge.com/forums/sho...331#post295331

I am however still getting a high amount of deferred e-mails, but it's not a spam-flood anymore. They are rather just "trickling" in - a few mails per minute. The reason seems to be different from before, maybe it's backscatter? (someone sends spam mail with a faked sender with a domain that is hosted on my server -> my server get's the deferred messages).

when i type "qshape deferred" i get the following output:



Code:
T  5 10 20 40 80 160 320 640 1280 1280+
TOTAL 2443  0  0 36 18 38 136 287 460 1468     0
DomainOnMyServer 2424  0  0 36 17 38 136 284 455 1458     0
usamail.com   15  0  0  0  1  0   0   3   4    7     0
example.com    2  0  0  0  0  0   0   0   1    1     0
aol.com    1  0  0  0  0  0   0   0   0    1     0
duck-calls.net    1  0  0  0  0  0   0   0   0    1     0
when i grep my mail.log for "deferred" i get lots of lines like this:

Code:
Apr  4 12:07:02 server1 postfix/pipe[30294]: 181E12134114: to=<homesteadspeered@DomainOnMyServer.at>, orig_to=<homesteadspeered@OtherDomainOnMyServer.at>, relay=maildrop, delay=25686, delays=25684/1.5/0/1.1, dsn=4.3.0, status=deferred (temporary failure. Command output: ERR: authdaemon: s_connect() failed: Permission denied /usr/bin/maildrop: Unable to create a dot-lock at /var/vmail/DomainOnMyServer.at/homesteadspeered/31248.0.server1.  )
Apr  4 12:07:02 server1 postfix/pipe[30755]: D82401FBE607: to=<bernhard.tucek@DomainOnMyServer.at>, orig_to=<bernhard.tucek@OtherDomainOnMyServer.at>, relay=maildrop, delay=38377, delays=38374/0.54/0/2.2, dsn=4.3.0, status=deferred (temporary failure. Command output: ERR: authdaemon: s_connect() failed: Permission denied /usr/bin/maildrop: Unable to create a dot-lock at /var/vmail/DomainOnMyServer.at/bernhard.tucek/30995.0.server1.  )
Apr  4 12:07:03 server1 postfix/pipe[30308]: 2286A1FBE380: to=<muscovyjanna@DomainOnMyServer.at>, orig_to=<muscovyjanna@OtherDomainOnMyServer.at>, relay=maildrop, delay=50730, delays=50726/0.12/0/3.4, dsn=4.3.0, status=deferred (temporary failure. Command output: ERR: authdaemon: s_connect() failed: Permission denied /usr/bin/maildrop: Unable to create a dot-lock at /var/vmail/DomainOnMyServer.at/muscovyjanna/30578.0.server1.  )
Apr  4 12:07:03 server1 postfix/pipe[30478]: 02A421FBE362: to=<muscovyjanna@DomainOnMyServer.at>, orig_to=<muscovyjanna@OtherDomainOnMyServer.at>, relay=maildrop, delay=50921, delays=50918/3.4/0/0.01, dsn=4.3.0, status=deferred (temporary failure. Command output: ERR: authdaemon: s_connect() failed: Permission denied /usr/bin/maildrop: Unable to create a dot-lock at /var/vmail/DomainOnMyServer.at/muscovyjanna/31394.0.server1.  )
Apr  4 12:07:03 server1 postfix/pipe[30012]: 2286A1FBE380: to=<n.steixner@DomainOnMyServer.at>, orig_to=<n.steixner@OtherDomainOnMyServer.at>, relay=maildrop, delay=50730, delays=50726/1.1/0/2.8, dsn=4.3.0, status=deferred (temporary failure. Command output: ERR: authdaemon: s_connect() failed: Permission denied /usr/bin/maildrop: Unable to create a dot-lock at /var/vmail/DomainOnMyServer.at/n.steixner/31132.0.server1.  )
Apr  4 12:07:03 server1 postfix/pipe[30159]: 2286A1FBE380: to=<n.kurz@DomainOnMyServer.at>, orig_to=<n.kurz@OtherDomainOnMyServer.at>, relay=maildrop, delay=50731, delays=50726/0.13/0/4.2, dsn=4.3.0, status=deferred (temporary failure. Command output: ERR: authdaemon: s_connect() failed: Permission denied /usr/bin/maildrop: Unable to create a dot-lock at /var/vmail/DomainOnMyServer.at/n.kurz/30594.0.server1.  )
The mailboxes to which the deferred mails are addressed do not exist on my server - but the domains are hosted on it. I obviously have no problem with the mails being deferred, but i wanted to know if this is standard behaviour for postfix, or should i be worried?

My deferred queue is getting filled up by this, so isn't there a possibility to just bounce those mails?
Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
dovecot start problem veneficus Installation/Configuration 3 10th April 2012 17:39
Need help with ISPConfig Mail and Squirrelmail m.xander Installation/Configuration 109 3rd February 2012 00:15
My Server Is Sending Spam. How Do I Block This? LordJ Server Operation 1 7th July 2011 19:34
postfix -- rerouting deferred mail? craig baker Server Operation 0 21st February 2009 14:27
postqueue -p show lots of spam mails sent to system users tom Installation/Configuration 6 29th April 2008 13:18


All times are GMT +2. The time now is 14:18.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.