postfix maillog: does this look suspicious?

Discussion in 'Server Operation' started by vcha, May 31, 2014.

  1. vcha

    vcha New Member

    Hi, all. I went though the Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail and everything seems to work fine. My setup should be exactly the same as the howto. It's a great howto.

    Even though everthing is working fine, email sending and recieving, I took a look at /var/log/maillog and found some suspecious lines.

    I checked with the Open Relay Checker at MxToolbox ( and came back negative. Also, checked if my IP has been blacklisted, it's not.

    Here's a sample. Please let me know what you think. FYI, I slightly modified the urls, IPs, and time stamps.

    May 29 12:00:00 myserver postfix/smtp[9761]: 8DFDXXXXD5: to=<[email protected]>, relay=none, delay=65764, delays=65734/0.02/30/0, dsn=4.4.1, status=deferred (connect to[]:25: Connection timed out)
    May 29 12:00:00 myserver postfix/smtp[9790]: 6EBXXXX7D7: to=<[email protected]>,[]:25, delay=3.8, delays=0.01/0.01/3.7/0.08, dsn=5.1.0, status=bounced (host[] said: 550 5.1.0 <> Blank From: addresses are not allowed. Please provide a valid From: IB501  <> (in reply to MAIL FROM command))
    May 29 12:00:00 myserver postfix/smtp[9726]: F0AXXXX078A: to=<[email protected]>, relay=none, delay=172707, delays=172677/0.02/30/0, dsn=4.4.1, status=deferred (connect to[]:25: Connection timed out
    May 29 12:00:00 myserver postfix/smtp[9726]: connect to[]:25: Connection timed out
    May 29 12:00:00 myserver postfix/smtp[9721]: 044XXXX07D7: to=<[email protected]>,[]:25, delay=1.7, delays=0.01/0.01/0.85/0.84, dsn=5.0.0, status=bounced (host[] said: 550 [email protected]:user not exist (in reply to RCPT TO command))
    The urls are related and can be within a couple seconds of eachother.

    A couple hundred, similar to the sample, over the last few days.

Share This Page