On 5/7/2009 9:05 AM, Noel Jones wrote:
> I see no obvious problems in your config.
>
> Unless I'm missing something:
Yes, I think you are missing something (see below)... ;)
> - you can't control what other people send, or how often they send it.
> - rejecting messages is a relatively low-overhead process. Unless your
> system is already on the edge of failure, one extra reject per second is
> barely noticeable load.
The first two log excerpts I provided were the only two rejects in the
logs... and you're right, if it was only rejects, I wouldn't care.
The problem is the , 42 minutes later (after those 2 rejects), I started
receiving actual messages with a subject of 'UCE AND ABUSE IDENTIFIED'
(again, example with full headers attached), to the tune of 1-2 per
second, delivered to my Inbox. In less than 3 minutes, I had 351 of
them, all with identical log entries (except the date/time of course) of
the last log example I provided, namely:
May 6 16:04:19 myhost postfix/smtpd[5523]: connect from
ixe-mta-18-tx.emailfiltering.com[194.116.198.213]
May 6 16:04:20 myhost postfix/smtpd[5523]: 1F0844D45CD:
client=ixe-mta-18-tx.emailfiltering.com[194.116.198.213]
May 6 16:04:20 myhost postfix/cleanup[5541]: 1F0844D45CD:
message-id=<20090506200420.1f0844d4...@smtp.media-brokers.com>
May 6 16:04:20 myhost postfix/qmgr[919]: 1F0844D45CD:
from=<cmar...@media-brokers.com>, size=1809, nrcpt=1 (queue active)
May 6 16:04:20 myhost postfix/virtual[5608]: 1F0844D45CD:
to=<cmar...@media-brokers.com>, relay=virtual, delay=0.47,
delays=0.46/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
May 6 16:04:20 myhost postfix/qmgr[919]: 1F0844D45CD: removed
> - If some server doesn't respond well to a REJECT, maybe DISCARD is a
> better answer for their unwanted mail.
Actually, I had already considered this... thanks for the confirmation...
But I'd still like to understand the mechanism involved, and what this
guy did to trigger this flood of messages...
> - Some posts aren't worth responding to. The best way to ignore a post
> is to, well, ignore it. Just press the delete key and move on.
> (although I admit to sometimes writing a really smoking response and
> then delete before sending. I'm still learning, too.)
;) I know, I know...
Thanks for the response...
--
Best regards,
Charles
--- Begin Message ---
SMTP Server <70.43.81.99> rejected recipient <cmar...@media-brokers.com> (Error
following RCPT command). It responded as follows: [554 5.7.1
<cmar...@media-brokers.com>: Sender address rejected: Access denied]
emailheaders.txt
Description: application/txt
--- End Message ---
