On 5/7/2009 9:05 AM, Noel Jones wrote: > I see no obvious problems in your config. > > Unless I'm missing something:
Yes, I think you are missing something (see below)... ;) > - you can't control what other people send, or how often they send it. > - rejecting messages is a relatively low-overhead process. Unless your > system is already on the edge of failure, one extra reject per second is > barely noticeable load. The first two log excerpts I provided were the only two rejects in the logs... and you're right, if it was only rejects, I wouldn't care. The problem is the , 42 minutes later (after those 2 rejects), I started receiving actual messages with a subject of 'UCE AND ABUSE IDENTIFIED' (again, example with full headers attached), to the tune of 1-2 per second, delivered to my Inbox. In less than 3 minutes, I had 351 of them, all with identical log entries (except the date/time of course) of the last log example I provided, namely: May 6 16:04:19 myhost postfix/smtpd[5523]: connect from ixe-mta-18-tx.emailfiltering.com[194.116.198.213] May 6 16:04:20 myhost postfix/smtpd[5523]: 1F0844D45CD: client=ixe-mta-18-tx.emailfiltering.com[194.116.198.213] May 6 16:04:20 myhost postfix/cleanup[5541]: 1F0844D45CD: message-id=<20090506200420.1f0844d4...@smtp.media-brokers.com> May 6 16:04:20 myhost postfix/qmgr[919]: 1F0844D45CD: from=<cmar...@media-brokers.com>, size=1809, nrcpt=1 (queue active) May 6 16:04:20 myhost postfix/virtual[5608]: 1F0844D45CD: to=<cmar...@media-brokers.com>, relay=virtual, delay=0.47, delays=0.46/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir) May 6 16:04:20 myhost postfix/qmgr[919]: 1F0844D45CD: removed > - If some server doesn't respond well to a REJECT, maybe DISCARD is a > better answer for their unwanted mail. Actually, I had already considered this... thanks for the confirmation... But I'd still like to understand the mechanism involved, and what this guy did to trigger this flood of messages... > - Some posts aren't worth responding to. The best way to ignore a post > is to, well, ignore it. Just press the delete key and move on. > (although I admit to sometimes writing a really smoking response and > then delete before sending. I'm still learning, too.) ;) I know, I know... Thanks for the response... -- Best regards, Charles
--- Begin Message ---SMTP Server <70.43.81.99> rejected recipient <cmar...@media-brokers.com> (Error following RCPT command). It responded as follows: [554 5.7.1 <cmar...@media-brokers.com>: Sender address rejected: Access denied]
emailheaders.txt
Description: application/txt
--- End Message ---