Dear List, I am finding a large numbers of mails in the output of postqueue -p where neither the sender nor the recipient of the mail is my user. Apparently these mails are reaching postfix from the loop back address. I am giving the entries for one such message from the maillog:
Feb 14 04:08:32 mail postfix/smtpd[18165]: 2F97218A856: client=localhost[127.0.0.1] Feb 14 04:08:32 mail postfix/cleanup[18072]: 2F97218A856: message-id=<46929.81.199.40.34.1234564712.squir...@mail.rpg.in> Feb 14 04:08:32 mail postfix/smtp[18164]: 1996118A851: to=<bobbycle...@yahoo.com>, relay=localhost[127.0.0.1], delay=0, status=sent (250 Ok: queued as 2F97218A856) Feb 14 04:08:32 mail postfix/qmgr[4249]: 2F97218A856: from=<che...@hangsengbank.org>, size=1203, nrcpt=1 (queue active) Feb 14 04:08:41 mail postfix/smtp[19212]: 2F97218A856: to=<bobbycle...@yahoo.com>, relay=none, delay=9, status=deferred (connect to f.mx.mail.yahoo.com[68.142.202.247]: server refused to talk to me: 421 4.7.0 [TS01] Messages from 210.212.1.111 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html ) Feb 14 04:30:11 mail postfix/qmgr[4249]: 2F97218A856: from=<che...@hangsengbank.org>, size=1203, nrcpt=1 (queue active) Feb 14 04:46:06 mail postfix/qmgr[4249]: 2F97218A856: to=<bobbycle...@yahoo.com>, relay=none, delay=2254, status=deferred (delivery temporarily suspended: connect to f.mx.mail.yahoo.com[68.142.202.247]: server refused to talk to me: 421 4.7.0 [TS01] Messages from 210.212.1.111 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html ) Feb 14 05:36:50 mail postfix/qmgr[4249]: 2F97218A856: from=<che...@hangsengbank.org>, size=1203, nrcpt=1 (queue active) Feb 14 05:42:07 mail postfix/qmgr[4249]: 2F97218A856: to=<bobbycle...@yahoo.com>, relay=none, delay=5615, status=deferred (delivery temporarily suspended: connect to d.mx.mail.yahoo.com[66.196.82.7]: server refused to talk to me: 421 4.7.0 [TS01] Messages from 210.212.1.111 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html ) Feb 14 07:00:15 mail postfix/qmgr[4249]: 2F97218A856: from=<che...@hangsengbank.org>, size=1203, nrcpt=1 (queue active) Feb 14 07:10:43 mail postfix/qmgr[4249]: 2F97218A856: to=<bobbycle...@yahoo.com>, relay=none, delay=10931, status=deferred (delivery temporarily suspended: connect to e.mx.mail.yahoo.com[216.39.53.1]: server refused to talk to me: 421 4.7.0 [TS01] Messages from 210.212.1.111 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html ) Feb 14 08:23:36 mail postfix/qmgr[4249]: 2F97218A856: from=<che...@hangsengbank.org>, size=1203, nrcpt=1 (queue active) The server is also running apache and squirrel mail for providing web access to the users. The output of postconf -n is as follows: alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = imss:localhost:10025 daemon_directory = /usr/libexec/postfix debug_peer_level = 2 default_destination_recipient_limit = 200 default_process_limit = 105 disable_vrfy_command = yes fallback_transport = virtual home_mailbox = Maildir/ inet_interfaces = all ipc_timeout = 5000s local_transport = maildrop mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 25728640 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, rpgnet.com mydomain = rpg.in myhostname = mail.rpg.in mynetworks = 127.0.0.0/8, 10.50.0.0/16 mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix rbl_reply_maps = hash:/etc/postfix/imss_rbl_reply relay_recipient_maps = ldap:/etc/postfix/virtual-mailbox.ldap sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_client_restrictions = check_sender_access hash:/etc/postfix/rbl_sender_exception,reject_rbl_client ASNQWAVAPX7S683TZDZFBFUVXP56QLC.r.mail-abuse.com,reject_rbl_client ASNQWAVAPX7S683TZDZFBFUVXP56QLC.q.mail-abuse.com smtpd_helo_required = yes smtpd_recipient_limit = 250 smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain, permit_sasl_authenticated smtpd_tls_auth_only = no soft_bounce = no transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = ldap:forward virtual_gid_maps = ldap:/etc/postfix/virtual-gid.ldap virtual_mailbox_base = /home/vmail virtual_mailbox_maps = ldap:/etc/postfix/virtual-mailbox.ldap virtual_minimum_uid = 5000 virtual_uid_maps = ldap:/etc/postfix/virtual-uid.ldap We are using Trend Micro products for controlling spam and virus. At the moment I am trying to stop these mails from entering the queue by adding the sender address in the check_sender_access map. But as because the sender address is changing frequently it is becoming ineffective. I think somehow I have configured the server in a wrong way and that is why these mails are getting access to the system. May I request you to kindly point me to the right direction? With regards, Goutam Baul
