Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 8th May 2009, 06:50
bzzik bzzik is offline
Member
 
Join Date: Aug 2008
Posts: 67
Thanks: 1
Thanked 2 Times in 2 Posts
Exclamation Is my postfix hacked?

Hi guys! I really need help in my matter!

Yesterday I analyzed mail logs and noticed something really strange. I think my postfix is hacked. We do not use our mail server too much, but maillog is full of unrecognized records. Here is the part of it:

Quote:
May 8 07:32:55 s2 postfix/qmgr[10256]: 7FDF11049C6: to=<hemingway@ctv.es>, relay=none, delay=75981, delays=75981/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host inw.wanadoo.es
[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:55 s2 postfix/qmgr[10256]: 71C79104A43: from=<info@banesnet.es>, size=2453, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 71C79104A43: to=<davidmorg@mixmail.com>, relay=none, delay=73514, delays=73514/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host ing.wanad
oo.es[62.36.20.73] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:55 s2 postfix/qmgr[10256]: 71C79104A43: to=<davidsuescunm@wanadoo.es>, relay=none, delay=73514, delays=73514/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host inw.wa
nadoo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:55 s2 postfix/qmgr[10256]: 7C1C210479C: from=<info@bancaja.es>, size=2421, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 72A04104B17: from=<>, size=5258, nrcpt=1 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 980FF10483E: from=<info@bancaja.es>, size=2395, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 93DE41049B6: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 93DE41049B6: to=<asoto4@bellsouth.net>, relay=none, delay=76076, delays=76076/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host gateway-f1
.isp.att.net[204.127.217.16] refused to talk to me: 550-87.226.13.245 blocked by ldapu=rblmx,dc=att,dc=net 550 Error - Blocked for abuse. See http://att.net/blocks)
May 8 07:32:55 s2 postfix/qmgr[10256]: 9CEC21049E1: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 9CEC21049E1: to=<reyamartinez@bellsouth.net>, relay=none, delay=75833, delays=75833/0.01/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host g
ateway-f1.isp.att.net[204.127.217.16] refused to talk to me: 550-87.226.13.245 blocked by ldapu=rblmx,dc=att,dc=net 550 Error - Blocked for abuse. See http://att.net/blocks)
May 8 07:32:55 s2 postfix/qmgr[10256]: 9CEC21049E1: to=<reyangel117@comcast.net>, relay=none, delay=75833, delays=75833/0.01/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx1b
.comcast.net[76.96.62.116] refused to talk to me: 554 IMTA22.westchester.pa.mail.comcast.net comcast 87.226.13.245 Comcast requires that all mail servers must have a PTR record with a valid Reverse DN
S entry. Currently your mail server does not fill that requirement. For more information, refer to: http://help.comcast.net/content/faq/PTR)
May 8 07:32:55 s2 postfix/qmgr[10256]: 9CEC21049E1: to=<reyalice@juno.com>, relay=none, delay=75833, delays=75833/0.02/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx.dca.unt
d.com[64.136.44.37] refused to talk to me: 550 Access denied...4f513585c185a9a9616014d901bdb901804d3d59f 0658d50a9b4f050e990904495cdad1090ad6420e100...)
May 8 07:32:55 s2 postfix/qmgr[10256]: 95BDD1049BC: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 9750E1047F7: from=<info@bancaja.es>, size=2395, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 6F4F8104704: from=<oficina@banestnet.es>, size=2466, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 6AA8C1047BD: from=<info@bancaja.es>, size=2421, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 6A0111046F2: from=<oficina@banestnet.es>, size=2466, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 6C3D210492F: from=<info@bancaja.es>, size=2395, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 6C3D210492F: to=<jesussv@wanadoo.es>, relay=none, delay=213500, delays=213500/0.01/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host inw.wan
adoo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:55 s2 postfix/qmgr[10256]: 634571047A1: from=<info@bancaja.es>, size=2421, nrcpt=50 (queue active)
May 8 07:32:55 s2 postfix/qmgr[10256]: 634571047A1: to=<keliichang@comcast.net>, relay=none, delay=327123, delays=327123/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx1b.c
omcast.net[76.96.62.116] refused to talk to me: 554 IMTA22.westchester.pa.mail.comcast.net comcast 87.226.13.245 Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS
entry. Currently your mail server does not fill that requirement. For more information, refer to: http://help.comcast.net/content/faq/PTR)
May 8 07:32:55 s2 postfix/qmgr[10256]: 634571047A1: to=<keithevan@cox.net>, relay=none, delay=327123, delays=327123/0/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx.west.cox
May 8 07:32:56 s2 postfix/qmgr[10256]: 303C410494A: to=<mha@eresmas.com>, relay=none, delay=213333, delays=213332/0.82/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host ine.wanado
o.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:56 s2 postfix/qmgr[10256]: E3BD71048A3: to=<harppo_nene@eresmas.com>, relay=none, delay=248015, delays=248014/0.69/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host in
e.wanadoo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:56 s2 postfix/qmgr[10256]: E1B1310480D: to=<ishtarkmm@eresmas.com>, relay=none, delay=214804, delays=214804/0.67/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host ine.
wanadoo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:56 s2 postfix/qmgr[10256]: 08B9E10479B: to=<agfg@eresmas.com>, relay=none, delay=326939, delays=326939/0.64/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host ine.wanad
oo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:56 s2 postfix/qmgr[10256]: 08B9E10479B: to=<agnogales@eresmas.com>, relay=none, delay=326939, delays=326939/0.64/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host ine.
wanadoo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es: num=19:self signed certificate in certificate chain
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es: num=24:invalid CA certificate
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es: num=26:unsupported certificate purpose
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21724]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es: num=19:self signed certificate in certificate chain
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es: num=24:invalid CA certificate
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es: num=26:unsupported certificate purpose
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21725]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21709]: certificate verification failed for mail.aselegal.com: num=18:self signed certificate
May 8 07:32:56 s2 postfix/smtp[21659]: 1B3CD1048F0: to=<jrsamada@ramonsamada.es>, relay=none, delay=245073, delays=245072/0.12/1/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name ser
vice error for name=ramonsamada.es type=MX: Host not found, try again)
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net: num=19:self signed certificate in certificate chain
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net: num=24:invalid CA certificate
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net: num=26:unsupported certificate purpose
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21740]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21696]: certificate verification failed for mail.envalladolid.com: num=18:self signed certificate
May 8 07:32:56 s2 postfix/smtp[21696]: certificate verification failed for mail.envalladolid.com: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21696]: certificate verification failed for mail.envalladolid.com:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21696]: certificate verification failed for mail.envalladolid.com:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21691]: 738FC1049C2: host mailin-02.mx.aol.com[205.188.249.91] said: 421 SERVICE NOT AVAILABLE, TEMPORARY DNS FAILURE (in reply to MAIL FROM command)
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es: num=19:self signed certificate in certificate chain
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es: num=24:invalid CA certificate
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es: num=26:unsupported certificate purpose
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21741]: certificate verification failed for mx.terra.es:certificate has expired
May 8 07:32:56 s2 postfix/smtp[21747]: 980FF10483E: to=<m.marsan@tiscali.it>, relay=imp-1.mail.tiscali.it[213.205.33.248]:25, delay=214747, delays=214746/0.74/0.42/0, dsn=4.0.0, status=deferred (host
imp-1.mail.tiscali.it[213.205.33.248] refused to talk to me: 554 imp-1.mail.tiscali.it ESMTP server not available if you do not have a reverse dns mapping)
May 8 07:32:56 s2 postfix/smtp[21673]: 1FFFF104B60: to=<maite@todoyoga.es>, relay=none, delay=58192, delays=58190/0.24/0.99/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service
error for name=todoyoga.es type=MX: Host not found, try again)
May 8 07:32:56 s2 postfix/smtp[21731]: connect to mail.q8online.com[195.39.142.2]: Connection refused (port 25)
May 8 07:32:56 s2 postfix/smtp[21731]: 7FDF11049C6: to=<helpdesk@q8online.com>, relay=none, delay=75982, delays=75981/0.68/0.5/0, dsn=4.4.1, status=deferred (connect to mail.q8online.com[195.39.142.2
]: Connection refused)
May 8 07:32:56 s2 postfix/smtp[21708]: 754B810452E: to=<pilarm.hoces.sspa@deandalucia.es>, relay=none, delay=246705, delays=246704/0.55/0.65/0, dsn=4.4.3, status=deferred (Host or domain name not fou
nd. Name service error for name=deandalucia.es type=MX: Host not found, try again)
May 8 07:32:56 s2 postfix/smtp[21726]: certificate verification failed for relay.unizar.es: num=19:self signed certificate in certificate chain
May 8 07:32:56 s2 postfix/smtp[21707]: 771BB1047A8: host mailin-02.mx.aol.com[205.188.249.91] said: 421 SERVICE NOT AVAILABLE, TEMPORARY DNS FAILURE (in reply to MAIL FROM command)
Many .es domain names, but our mail server is in .lv zone! And we do not have so much users, to send SO MANY emails!!!

What steps should I take now? Is it trojan horse on my server or something???

P.S.
I am using CentoOS 5.2 (Perfect server install)

Last edited by bzzik; 8th May 2009 at 12:51.
Reply With Quote
Sponsored Links
  #2  
Old 8th May 2009, 10:36
maikcat maikcat is offline
Junior Member
 
Join Date: May 2009
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

have you checked that your relay is not open?

please post main.cf so that we can help you.


cheers,

maik
Reply With Quote
  #3  
Old 8th May 2009, 10:59
bzzik bzzik is offline
Member
 
Join Date: Aug 2008
Posts: 67
Thanks: 1
Thanked 2 Times in 2 Posts
Default

Thanks for you answer!

Sry, I am new to mail server. How do I check this?

P.S.
I can post configs only in the evening - I am at work now.
Reply With Quote
  #4  
Old 8th May 2009, 11:26
maikcat maikcat is offline
Junior Member
 
Join Date: May 2009
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

you must have something inside main.cf like this:

mynetworks = 192.168.1.0/24 <--your local net
fallback_relay =
mydestination = test.gr
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated-header = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination

the above are for authanticating users to enable to relay mail through
your server.

try this to check your mail server
telnet ip 25

you will get smtp banner like

220 Esmtp service

then type

ehlo localhost.localdomain

you should get something like

250-PIPELINING
250-SIZE 15000000
250-ETRN
250-AUTH PLAIN LOGIN <--this means that your sever can authenticate clients to allow them to relay
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

if there is not the above line ,means that your server allows relay based
on ip address origin only.
check main.cf... (my networks setting..)

have a nice day

michael

ps: if you want to enable auth to work you MUST start saslauthd service as well..
Reply With Quote
  #5  
Old 8th May 2009, 12:48
bzzik bzzik is offline
Member
 
Join Date: Aug 2008
Posts: 67
Thanks: 1
Thanked 2 Times in 2 Posts
Default

maikcat I really appreciate your help.

I will look in the evening and will post what I found there I did not even thought, that something like this is possible (real newbie I am in mails servers)...

P.S.
Btw, when I was analyzing logs, I noticed taht this started in April 25th. Till that time, everything was fine.
Reply With Quote
  #6  
Old 8th May 2009, 21:52
bzzik bzzik is offline
Member
 
Join Date: Aug 2008
Posts: 67
Thanks: 1
Thanked 2 Times in 2 Posts
Default

Here is main.cf options:

Quote:
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
mynetworks = 127.0.0.0/8
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
And more from telnet:

Quote:
250-PIPELINING
250-SIZE 40960000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
So as I understand I have relay opened. Should I simply make smtpd_sasl_auth_enable = yes to NO ? And what I will loose after that? I do not so good in all this... I hope you will help me to understand.

Thank you!

P.S.
I made all setting to postfix using this article:
http://www.howtoforge.com/perfect-server-centos-5.2-p5

P.P.S.
I have tested my server for OPEN Relay here http://www.myiptest.com/staticpages/...pen-relay-test and got the answer:
>Unable to relay: Invalid response code received from server
> This server is NOT Open Relay

Last edited by bzzik; 8th May 2009 at 23:07.
Reply With Quote
  #7  
Old 9th May 2009, 13:29
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Quote:
Originally Posted by bzzik View Post
P.P.S.
I have tested my server for OPEN Relay here http://www.myiptest.com/staticpages/...pen-relay-test and got the answer:
>Unable to relay: Invalid response code received from server
> This server is NOT Open Relay
That's a good thing.
But it is still possible that spammers abuse web applications on your server (like contact forms, gustbooks, etc.).
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 10th May 2009, 18:18
bzzik bzzik is offline
Member
 
Join Date: Aug 2008
Posts: 67
Thanks: 1
Thanked 2 Times in 2 Posts
Default

Ok!

But what I think, that I am a victim of Backscatter mails. Can you advice me something regarding it?

Quote:
Originally Posted by falko View Post
That's a good thing.
But it is still possible that spammers abuse web applications on your server (like contact forms, gustbooks, etc.).
How do I check this?
Reply With Quote
  #9  
Old 11th May 2009, 13:25
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

That's difficult to check. You can have a look at Apache's access logs to see if there's a contact form/guestbook/whatever that is accessed again and again from the same IP.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 11th May 2009, 18:35
bzzik bzzik is offline
Member
 
Join Date: Aug 2008
Posts: 67
Thanks: 1
Thanked 2 Times in 2 Posts
 
Default

I do not think that it is from guestbooks/forms. What I have done: I stopped postfix for about 3 hours. Then I started it again and look into logs. Immediately after start I got tons of mails in queue (I am not posting all of them):

Quote:
May 10 20:33:18 s2 postfix/postfix-script: stopping the Postfix mail system
May 10 20:33:18 s2 postfix/master[9501]: terminating on signal 15
May 10 21:36:21 s2 dovecot: pop3-login: Login: user=<llimejib>, method=PLAIN, rip=::ffff:78.84.91.197, lip=::ffff:87.226.13.245
May 10 21:36:21 s2 dovecot: POP3(llimejib): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
May 10 23:29:10 s2 sendmail[24894]: alias database /etc/aliases rebuilt by root
May 10 23:29:10 s2 sendmail[24894]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total
May 10 23:29:10 s2 postfix/postfix-script: starting the Postfix mail system
May 10 23:29:10 s2 postfix/master[24940]: daemon started -- version 2.3.3, configuration /etc/postfix
May 10 23:29:10 s2 postfix/qmgr[24943]: EF8FB104715: from=<oficina@banestnet.es>, size=2466, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 12BB110476C: from=<info@bancaja.es>, size=2411, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: DD321104AA3: from=<info@banesnet.es>, size=2453, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1F1C31049C8: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: B4256104A91: from=<info@banesnet.es>, size=2453, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 16087104ABA: from=<info@banesnet.es>, size=2453, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7C140104A30: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1DBF8104763: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 3EF34104A94: from=<info@banesnet.es>, size=2453, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 10524104B1D: from=<>, size=4283, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: D7476104739: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1B061104A63: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 20B4A1049BF: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1AE4F104A3E: from=<info@santandersupernet.es>, size=3322, nrcpt=49 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: E83FD1048F8: from=<info@bancaja.es>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1F6591046ED: from=<oficina@banestnet.es>, size=2466, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: B2B1910470C: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1190610463F: from=<info@bancaja.es>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7FDF11049C6: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 150BB104940: from=<info@bancaja.es>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 6C9B3104A3B: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1E5E210470F: from=<oficina@banestnet.es>, size=2466, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 18B78104A20: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 19F8F104913: from=<info@bancaja.es>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: EA5E21048A8: from=<info@bancaja.es>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1EC44104978: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 37BD41046F1: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1849B1048E5: from=<>, size=8177, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 87D4B1049E9: from=<info@banesnet.es>, size=2453, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1AD35104B0A: from=<>, size=11424, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 863FA104ACF: from=<info@banesnet.es>, size=2453, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 11766104B27: from=<>, size=5173, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 53AF210478E: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 18F8D10482E: from=<>, size=7066, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1098C104A85: from=<info@banesnet.es>, size=2453, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1A565104971: from=<info@bancaja.es>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 14EAE1047B1: from=<>, size=10543, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 16CCE104B24: from=<>, size=5388, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1C4411048D8: from=<info@bancaja.es>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 17C83104791: from=<info@bancaja.es>, size=2411, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 14407104A0A: from=<>, size=8067, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 154FD10478F: from=<info@bancaja.es>, size=2411, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 11328104A44: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1686C104A03: from=<>, size=10161, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 164DC104757: from=<info@bancaja.es>, size=2411, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 17EF5104A8B: from=<info@banesnet.es>, size=2453, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 11E691049A5: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 12D171048E4: from=<info@bancaja.es>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 10D321046CE: from=<>, size=8321, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 197FE1047E9: from=<info@bancaja.es>, size=2411, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1C48D104AA0: from=<info@banesnet.es>, size=2453, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1BB5C1047DA: from=<info@bancaja.es>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 16C15104784: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1FFFF104B60: from=<oficina@banestnet.es>, size=2488, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 1EFD3104AE8: from=<>, size=8352, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7F386104A0E: from=<>, size=5229, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 73BD9104A1F: from=<>, size=8178, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 74669104923: from=<info@bancaja.es>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 75C431049ED: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7EDEF1049DA: from=<>, size=8358, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7281610477F: from=<info@bancaja.es>, size=2411, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 789D410460E: from=<>, size=8246, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7DE241046F6: from=<oficina@banestnet.es>, size=2466, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 726C8104A67: from=<>, size=10565, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 75E9D104A29: from=<>, size=7685, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7127B10493A: from=<info@bancaja.es>, size=2395, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7AA23104A50: from=<>, size=11375, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7CAA9104993: from=<>, size=8730, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7083D104B0D: from=<>, size=8723, nrcpt=1 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 738FC1049C2: from=<info@santandersupernet.es>, size=3322, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 7E04C10478C: from=<info@bancaja.es>, size=2411, nrcpt=50 (queue active)
May 10 23:29:10 s2 postfix/qmgr[24943]: 771BB1047A8:
And then activity started again:

Quote:
May 10 23:29:11 s2 postfix/qmgr[24943]: 0817B104877: from=<info@bancaja.es>, size=2395, nrcpt=49 (queue active)
May 10 23:29:11 s2 postfix/qmgr[24943]: 0C0C7104A14: from=<>, size=5170, nrcpt=1 (queue active)
May 10 23:29:11 s2 postfix/qmgr[24943]: 052E9104717: from=<>, size=5478, nrcpt=1 (queue active)
May 10 23:29:11 s2 postfix/smtp[24960]: connect to primera.net.uniovi.es[156.35.11.21]: Connection refused (port 25)
May 10 23:29:11 s2 postfix/smtp[24952]: 12BB110476C: host mxav2.loschatosdelturia.com[62.193.206.40] refused to talk to me: 554 av3.amenworld.com AMEN AMEN requires that all mail servers must have a P
TR record with a valid Reverse DNS entry. Currently your mail server does not fill that requirement.
May 10 23:29:11 s2 postfix/smtp[24965]: connect to correo0.uma.es[150.214.40.111]: Connection refused (port 25)
May 10 23:29:11 s2 postfix/smtp[24961]: connect to mailhost.inves.es[62.97.103.145]: Connection refused (port 25)
May 10 23:29:11 s2 postfix/smtp[24961]: DD321104AA3: to=<juandi@inves.es>, relay=none, delay=303490, delays=303490/0.14/0.2/0, dsn=4.4.1, status=deferred (connect to mailhost.inves.es[62.97.103.145]:
Connection refused)
May 10 23:29:11 s2 postfix/smtp[24952]: 12BB110476C: to=<loschatosdelturia@loschatosdelturia.com>, relay=mxav1.loschatosdelturia.com[62.193.206.39]:25, delay=393754, delays=393754/0.07/0.29/0, dsn=4.0
.0, status=deferred (host mxav1.loschatosdelturia.com[62.193.206.39] refused to talk to me: 554 av3.amenworld.com AMEN AMEN requires that all mail servers must have a PTR record with a valid Reverse D
NS entry. Currently your mail server does not fill that requirement.)
May 10 23:29:11 s2 postfix/smtp[25011]: connect to correo0.uma.es[150.214.40.111]: Connection refused (port 25)
May 10 23:29:11 s2 postfix/smtp[24951]: 12BB110476C: host mx.dca.untd.com[64.136.44.37] refused to talk to me: 550 Access denied...4df38e2b4e03c3c373833e4b5a3b5ae3cf83779a6 3c78a5bc39e635b5ef7f7bb132ad
3bef7d3afabdfdb...
May 10 23:29:11 s2 postfix/smtp[24953]: 12BB110476C: host mxav2.loscorleone.com[62.193.206.42] refused to talk to me: 554 av4.amenworld.com AMEN AMEN requires that all mail servers must have a PTR rec
ord with a valid Reverse DNS entry. Currently your mail server does not fill that requirement.
May 10 23:29:11 s2 postfix/smtp[25032]: connect to mailhost-antispam.ttd.net[213.0.184.65]: Connection refused (port 25)
May 10 23:29:11 s2 postfix/smtp[25032]: 1DBF8104763: to=<danidaniel@jumpy.es>, relay=none, delay=307199, delays=307199/0.45/0.09/0, dsn=4.4.1, status=deferred (connect to mailhost-antispam.ttd.net[213
.0.184.65]: Connection refused)
May 10 23:29:11 s2 postfix/smtp[24986]: connect to mail-av.celbio.it[217.194.7.78]: Connection refused (port 25)
May 10 23:29:11 s2 postfix/smtp[24963]: certificate verification failed for mx.terra.es: num=19:self signed certificate in certificate chain
May 10 23:29:11 s2 postfix/smtp[24963]: certificate verification failed for mx.terra.es: num=24:invalid CA certificate
May 10 23:29:11 s2 postfix/smtp[24963]: certificate verification failed for mx.terra.es: num=26:unsupported certificate purpose
May 10 23:29:11 s2 postfix/smtp[24963]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24963]: certificate verification failed for mx.terra.es:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24963]: certificate verification failed for mx.terra.es:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24963]: certificate verification failed for mx.terra.es: num=10:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24963]: certificate verification failed for mx.terra.es:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24963]: certificate verification failed for mx.terra.es:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24948]: EF8FB104715: to=<oportunidade.vaga@terra.com.br>, relay=vip-us-br-mx.terra.com[208.84.244.133]:25, delay=368659, delays=368658/0.06/0.53/0, dsn=4.7.1, status=de
ferred (host vip-us-br-mx.terra.com[208.84.244.133] refused to talk to me: 450 4.7.1 Client host rejected: cannot find your hostname, [87.226.13.245])
May 10 23:29:11 s2 postfix/smtp[25002]: 16087104ABA: to=<mirandajose@mixmail.com>, relay=ing.wanadoo.es[62.36.20.73]:25, delay=303410, delays=303409/0.32/0.28/0, dsn=4.0.0, status=deferred (host ing.w
anadoo.es[62.36.20.73] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 10 23:29:11 s2 postfix/smtp[24962]: DD321104AA3: to=<juanfernandez1973@orangemail.es>, relay=inc.wanadoo.es[62.36.20.20]:25, delay=303491, delays=303490/0.14/0.47/0, dsn=4.0.0, status=deferred (ho
st inc.wanadoo.es[62.36.20.20] refused to talk to me: 550 Reverse DNS lookup failed for host 87.226.13.245.)
May 10 23:29:11 s2 postfix/smtp[24979]: certificate verification failed for tnetmx.telefonica.net: num=19:self signed certificate in certificate chain
May 10 23:29:11 s2 postfix/smtp[24979]: certificate verification failed for tnetmx.telefonica.net: num=24:invalid CA certificate
May 10 23:29:11 s2 postfix/smtp[24979]: certificate verification failed for tnetmx.telefonica.net: num=26:unsupported certificate purpose
May 10 23:29:11 s2 postfix/smtp[24979]: certificate verification failed for tnetmx.telefonica.net: num=10:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24979]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24979]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24979]: certificate verification failed for tnetmx.telefonica.net: num=10:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24979]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
May 10 23:29:11 s2 postfix/smtp[24979]: certificate verification failed for tnetmx.telefonica.net:certificate has expired
These .es domains - can I simply somehow ban them? What I am suffering from?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix not responding to telnet CarbonCopy Server Operation 6 8th May 2009 05:39
Undelivered Mail Returned to Sender Error202 General 5 7th May 2009 11:14
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 17:39
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
Verify email setup meekish Installation/Configuration 28 27th October 2006 15:36


All times are GMT +2. The time now is 05:15.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.