mail log

[nvn]

Hi

I have about 22 mb of logfile for my mailserver. for today...

What is this :

Code:

Oct 29 15:06:11 web1 postfix/smtp[28274]: connect to orngca-02.mgw.rr.com[24.28.204.56]: server refused to talk to me: 550-hrndva-mx-20.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:11 web1 postfix/smtp[28287]: connect to hrndva-01.mgw.rr.com[24.28.204.22]: server refused to talk to me: 550-hrndva-mx-03.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:11 web1 postfix/smtp[28292]: connect to clmboh-02.mgw.rr.com[65.24.7.15]: server refused to talk to me: 550-clmboh-mx-14.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:11 web1 postfix/smtp[28274]: connect to clmboh-01.mgw.rr.com[65.24.7.12]: server refused to talk to me: 550-clmboh-mx-03.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:11 web1 postfix/smtp[28287]: connect to clmboh-01.mgw.rr.com[65.24.7.20]: server refused to talk to me: 550-clmboh-mx-06.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:11 web1 postfix/smtp[28274]: connect to hrndva-01.mgw.rr.com[24.28.204.23]: server refused to talk to me: 550-hrndva-mx-04.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28274]: connect to hrndva-02.mgw.rr.com[24.28.204.29]: server refused to talk to me: 550-hrndva-mx-10.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28287]: connect to orngca-01.mgw.rr.com[66.75.160.128]: server refused to talk to me: 550-orngca-mx-01.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28274]: connect to hrndva-01.mgw.rr.com[24.28.204.22]: server refused to talk to me: 550-hrndva-mx-03.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28287]: connect to hrndva-02.mgw.rr.com[24.28.204.27]: server refused to talk to me: 550-hrndva-mx-08.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28276]: connect to hrndva-01.mgw.rr.com[24.28.204.21]: server refused to talk to me: 550-hrndva-mx-02.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28287]: connect to hrndva-02.mgw.rr.com[24.28.204.28]: server refused to talk to me: 550-hrndva-mx-09.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28292]: connect to orngca-02.mgw.rr.com[66.75.160.144]: server refused to talk to me: 550-orngca-mx-10.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28274]: connect to hrndva-02.mgw.rr.com[24.28.204.37]: server refused to talk to me: 550-hrndva-mx-14.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28276]: connect to orngca-01.mgw.rr.com[24.28.204.55]: server refused to talk to me: 550-hrndva-mx-19.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54   (port 25)
Oct 29 15:06:12 web1 postfix/smtp[28276]: 9CA3C6F467C: to=<dfisher@twcny.rr.com>, relay=none, delay=27372, status=deferred (connect to orngca-01.mgw.rr.com[24.28.204.55]: server refused to talk to me: 550-hrndva-mx-19.mgw.rr.com  550 ERROR: Mail Refused - 85.82.7.54 - See http://www.spamhaus.org/query/bl?ip=85.82.7.54  )

[till]

Your IP address is listed in CBL as psam sender:

http://cbl.abuseat.org/lookup.cgi?ip=85.82.7.54

Thats why the server refuses your emails. Please check that your server is not a open relay and check that you do not have PHP or perl formmail scripts installed on your server that allow mail relaying.

With the command postqueue -p you can check how many mails are stored in your mailqueue.

[nvn]

Shit...

i have 816 in queue... I have stopped my smtp server...

How can i make it possible on to use SMTP from localhost ?

[till]

You can set:

inet_interfaces = 127.0.0.1

in your postfix main.cf. But if the origin of the spam is a formmail script, this solution wont help.

[nvn]

Hi..

I have set that now.

How do i delete the queue ?

And how can i see if there is a script they are using ?

This sucks


I througt i had a safe system.. But nothing is safe in this world

[till]

To empty the que, run this command:

postsuper -d ALL

Before you empty the queue, you can try to find out which script has send the mails by inpecting the mail content with the command:

postcat -q /path/to/the/mailspol/file

To find the path of the mailfile, you may run:

updatedb

and then search the file with:

locate [MAILID]

where [MAILID] is the ID of a spool item in the postqueue -p listing.

[nvn]

After updatedb

locate 5D7846F4519

5D7846F4519 is that the ID i should search for ?

It can't locate anything ?

[till]

This looks like a correct mail ID:

if your run:

postqueue -p | grep 5D7846F4519

Do you get the line with the mail? Maybe the email has been delivered already. You might have to stop postfix for a while to analyse the mails.

[nvn]

I get this:

postqueue: warning: Mail system is down -- accessing queue directly
5D7846F4519 60590 Thu Oct 26 18:01:07 Patricecoma@vesterlund-nielsen.dk


The mailserver is down... I did not dare not to..

[nvn]

Hi..

I found the files: