Email log can't make out how mail is being sent from server

Discussion in 'Installation/Configuration' started by pawan, Jun 21, 2017.

  1. pawan

    pawan Member HowtoForge Supporter

    This is the extract of mail.log from my server.
    Cannot make out from where and how this mail is being sent.

    Code:
    Jun 21 20:03:00 server1 postfix/smtpd[30205]: connect from localhost.localdomain[127.0.0.1]
    Jun 21 20:03:01 server1 postfix/smtpd[30205]: NOQUEUE: filter: RCPT from localhost.localdomain[127.0.0.1]: <cslozin@mvtvwireless.com>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<cslozin@mvtvwireless.com> to=<oroob@uae.us> proto=SMTP helo=<server1.mywebsolutions.co.in>
    Jun 21 20:03:01 server1 postfix/smtpd[30205]: 0E40F604FC3: client=localhost.localdomain[127.0.0.1]
    Jun 21 20:03:01 server1 postfix/cleanup[30529]: 0E40F604FC3: warning: header From: "order-update@amazon.com" <order-update@amazonpresented.com> from localhost.localdomain[127.0.0.1]; from=<cslozin@mvtvwireless.com> to=<oroob@uae.us> proto=SMTP helo=<server1.mywebsolutions.co.in>
    Jun 21 20:03:01 server1 postfix/cleanup[30529]: 0E40F604FC3: warning: header To: "oroob@uae.us" <oroob@uae.us> from localhost.localdomain[127.0.0.1]; from=<cslozin@mvtvwireless.com> to=<oroob@uae.us> proto=SMTP helo=<server1.mywebsolutions.co.in>
    Jun 21 20:03:01 server1 postfix/cleanup[30529]: 0E40F604FC3: warning: header Subject: Your order 135-192-65423 has been successfully canceled from localhost.localdomain[127.0.0.1]; from=<cslozin@mvtvwireless.com> to=<oroob@uae.us> proto=SMTP helo=<server1.mywebsolutions.co.in>
    Jun 21 20:03:01 server1 postfix/cleanup[30529]: 0E40F604FC3: message-id=<urn.correios.msg.0e164b0d16042c7a964d5d8bf97b0b38d4bdfcdd4c@1998273656403.rte-svc-na-i-382223ea.us-east-6.amazonpresented.com>
    Jun 21 20:03:01 server1 postfix/qmgr[5263]: 0E40F604FC3: from=<cslozin@mvtvwireless.com>, size=2287, nrcpt=1 (queue active)
    Jun 21 20:03:01 server1 postfix/smtpd[30205]: disconnect from localhost.localdomain[127.0.0.1]
    Jun 21 20:03:01 server1 postfix/smtpd[29788]: connect from localhost.localdomain[127.0.0.1]
    Jun 21 20:03:01 server1 postfix/smtpd[29788]: NOQUEUE: filter: RCPT from localhost.localdomain[127.0.0.1]: <eowyndent@dalcoathletic.com>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<eowyndent@dalcoathletic.com> to=<bigj8980@umailme.com> proto=SMTP helo=<server1.mywebsolutions.co.in>
    Jun 21 20:03:01 server1 postfix/smtpd[29788]: D03EF604FE4: client=localhost.localdomain[127.0.0.1]
    Jun 21 20:03:01 server1 postfix/cleanup[30262]: D03EF604FE4: warning: header From: "order-update@amazon.com" <order-update@amazonpresented.com> from localhost.localdomain[127.0.0.1]; from=<eowyndent@dalcoathletic.com> to=<bigj8980@umailme.com> proto=SMTP helo=<server1.mywebsolutions.co.in>
    Jun 21 20:03:01 server1 postfix/cleanup[30262]: D03EF604FE4: warning: header To: "bigj8980@umailme.com" <bigj8980@umailme.com> from localhost.localdomain[127.0.0.1]; from=<eowyndent@dalcoathletic.com> to=<bigj8980@umailme.com> proto=SMTP helo=<server1.mywebsolutions.co.in>
    Jun 21 20:03:01 server1 postfix/cleanup[30262]: D03EF604FE4: warning: header Subject: Your order 129-8117-4743 has been successfully canceled from localhost.localdomain[127.0.0.1]; from=<eowyndent@dalcoathletic.com> to=<bigj8980@umailme.com> proto=SMTP helo=<server1.mywebsolutions.co.in>
    Jun 21 20:03:01 server1 postfix/cleanup[30262]: D03EF604FE4: message-id=<urn.correios.msg.9cd80ffb07ba22a96f23bd8f7a80bde13f2c1e20f99c709@1451934528984.rte-svc-na-i-966050ea.us-east-4.amazonpresented.com>
    Jun 21 20:03:01 server1 postfix/qmgr[5263]: D03EF604FE4: from=<eowyndent@dalcoathletic.com>, size=2285, nrcpt=1 (queue active)
    Jun 21 20:03:01 server1 postfix/smtpd[29788]: disconnect from localhost.localdomain[127.0.0.1]
    Jun 21 20:03:02 server1 postfix/smtpd[23414]: connect from localhost.localdomain[127.0.0.1]
    Jun 21 20:03:02 server1 postfix/smtpd[23414]: C0B29605029: client=localhost.localdomain[127.0.0.1]
    Jun 21 20:03:02 server1 postfix/cleanup[30078]: C0B29605029: message-id=<urn.correios.msg.9cd80ffb07ba22a96f23bd8f7a80bde13f2c1e20f99c709@1451934528984.rte-svc-na-i-966050ea.us-east-4.amazonpresented.com>
    Jun 21 20:03:02 server1 postfix/qmgr[5263]: C0B29605029: from=<eowyndent@dalcoathletic.com>, size=2794, nrcpt=1 (queue active)
    Jun 21 20:03:02 server1 postfix/smtpd[23414]: disconnect from localhost.localdomain[127.0.0.1]
    Jun 21 20:03:02 server1 amavis[30523]: (30523-03) Passed CLEAN, ORIGINATING LOCAL [127.0.0.1] [127.0.0.1] <eowyndent@dalcoathletic.com> -> <bigj8980@umailme.com>, Message-ID: <urn.correios.msg.9cd80ffb07ba22a96f23bd8f7a80bde13f2c1e20f99c709@1451934528984.rte-svc-na-i-966050ea.us-east-4.amazonpresented.com>, mail_id: hfYbFqF9aF+Z, Hits: 8.046, size: 2282, queued_as: C0B29605029, 916 ms
    Jun 21 20:03:02 server1 postfix/smtp[29295]: D03EF604FE4: to=<bigj8980@umailme.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.1, delays=0.14/0/0/0.92, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10027): 250 2.0.0 Ok: queued as C0B29605029)
     
  2. Jesse Norell

    Jesse Norell Well-Known Member

    looks like smtp from localhost, I think

    as for how, probably try to check the actual contents of the message and examine headers for indications, and if you can catch the smtp connection while it's ongoing, you can see what process has that port open; also try just looking at your processes and see what's running at that time.
     

Share This Page