#1  
Old 29th October 2006, 16:13
nvn nvn is offline
Member
 
Join Date: Apr 2006
Posts: 46
Thanks: 0
Thanked 0 Times in 0 Posts
Default mail log

Hi

I have about 22 mb of logfile for my mailserver. for today...

What is this :

Code:
Oct 29 15:06:11 web1 postfix/smtp[28274]: connect to orngca-02.mgw.rr.com[24.28.204.56]: server refused to talk to me: 550-hrndva-mx-20.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:11 web1 postfix/smtp[28287]: connect to hrndva-01.mgw.rr.com[24.28.204.22]: server refused to talk to me: 550-hrndva-mx-03.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:11 web1 postfix/smtp[28292]: connect to clmboh-02.mgw.rr.com[65.24.7.15]: server refused to talk to me: 550-clmboh-mx-14.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:11 web1 postfix/smtp[28274]: connect to clmboh-01.mgw.rr.com[65.24.7.12]: server refused to talk to me: 550-clmboh-mx-03.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:11 web1 postfix/smtp[28287]: connect to clmboh-01.mgw.rr.com[65.24.7.20]: server refused to talk to me: 550-clmboh-mx-06.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:11 web1 postfix/smtp[28274]: connect to hrndva-01.mgw.rr.com[24.28.204.23]: server refused to talk to me: 550-hrndva-mx-04.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28274]: connect to hrndva-02.mgw.rr.com[24.28.204.29]: server refused to talk to me: 550-hrndva-mx-10.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28287]: connect to orngca-01.mgw.rr.com[66.75.160.128]: server refused to talk to me: 550-orngca-mx-01.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28274]: connect to hrndva-01.mgw.rr.com[24.28.204.22]: server refused to talk to me: 550-hrndva-mx-03.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28287]: connect to hrndva-02.mgw.rr.com[24.28.204.27]: server refused to talk to me: 550-hrndva-mx-08.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28276]: connect to hrndva-01.mgw.rr.com[24.28.204.21]: server refused to talk to me: 550-hrndva-mx-02.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28287]: connect to hrndva-02.mgw.rr.com[24.28.204.28]: server refused to talk to me: 550-hrndva-mx-09.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28292]: connect to orngca-02.mgw.rr.com[66.75.160.144]: server refused to talk to me: 550-orngca-mx-10.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28274]: connect to hrndva-02.mgw.rr.com[24.28.204.37]: server refused to talk to me: 550-hrndva-mx-14.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28276]: connect to orngca-01.mgw.rr.com[24.28.204.55]: server refused to talk to me: 550-hrndva-mx-19.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28276]: 9CA3C6F467C: to=<dfisher@twcny.rr.com>, relay=none, delay=27372, status=deferred (connect to orngca-01.mgw.rr.com[24.28.204.55]: server refused to talk to me: 550-hrndva-mx-19.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54  )
Reply With Quote
Sponsored Links
  #2  
Old 30th October 2006, 10:43
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Your IP address is listed in CBL as psam sender:

http://cbl.abuseat.org/lookup.cgi?ip=85.82.7.54

Thats why the server refuses your emails. Please check that your server is not a open relay and check that you do not have PHP or perl formmail scripts installed on your server that allow mail relaying.

With the command postqueue -p you can check how many mails are stored in your mailqueue.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 30th October 2006, 11:03
nvn nvn is offline
Member
 
Join Date: Apr 2006
Posts: 46
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Shit...

i have 816 in queue... I have stopped my smtp server...

How can i make it possible on to use SMTP from localhost ?
Reply With Quote
  #4  
Old 30th October 2006, 11:10
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

You can set:

inet_interfaces = 127.0.0.1

in your postfix main.cf. But if the origin of the spam is a formmail script, this solution wont help.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 30th October 2006, 11:14
nvn nvn is offline
Member
 
Join Date: Apr 2006
Posts: 46
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi..

I have set that now.

How do i delete the queue ?

And how can i see if there is a script they are using ?

This sucks


I througt i had a safe system.. But nothing is safe in this world
Reply With Quote
  #6  
Old 30th October 2006, 11:29
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

To empty the que, run this command:

postsuper -d ALL

Before you empty the queue, you can try to find out which script has send the mails by inpecting the mail content with the command:

postcat -q /path/to/the/mailspol/file

To find the path of the mailfile, you may run:

updatedb

and then search the file with:

locate [MAILID]

where [MAILID] is the ID of a spool item in the postqueue -p listing.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 30th October 2006, 11:45
nvn nvn is offline
Member
 
Join Date: Apr 2006
Posts: 46
Thanks: 0
Thanked 0 Times in 0 Posts
Default

After updatedb

locate 5D7846F4519

5D7846F4519 is that the ID i should search for ?

It can't locate anything ?
Reply With Quote
  #8  
Old 30th October 2006, 11:55
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

This looks like a correct mail ID:

if your run:

postqueue -p | grep 5D7846F4519

Do you get the line with the mail? Maybe the email has been delivered already. You might have to stop postfix for a while to analyse the mails.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 30th October 2006, 11:57
nvn nvn is offline
Member
 
Join Date: Apr 2006
Posts: 46
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I get this:

postqueue: warning: Mail system is down -- accessing queue directly
5D7846F4519 60590 Thu Oct 26 18:01:07 Patricecoma@vesterlund-nielsen.dk


The mailserver is down... I did not dare not to..
Reply With Quote
  #10  
Old 30th October 2006, 12:59
nvn nvn is offline
Member
 
Join Date: Apr 2006
Posts: 46
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Hi..

I found the files:
Attached Files
File Type: zip 02E486F4594.zip (38.1 KB, 339 views)
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Not receiving any incoming mail. Jcorrea920 General 11 3rd April 2010 14:08
Filtering emails using Spamassassin and Clamav for Exchange 2000 Server Rocky Server Operation 19 11th March 2008 09:27
strange mail log cutting at 16:45 daily, incomplete mail logs st2xo Installation/Configuration 5 21st September 2006 15:43
Core 4: Error Messages on Fresh Install re CTX/SSL jjw Installation/Configuration 30 6th September 2006 13:16
Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAs mholownych HOWTO-Related Questions 10 29th May 2006 04:39


All times are GMT +2. The time now is 12:07.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.