On 5/7/2009 7:30 PM, Sahil Tandon wrote: >> relayhost = [post18.emailfiltering.com]
> Interesting. >> May 6 15:22:06 myhost postfix/smtpd[4799]: connect from >> ixe-mta-18-tx.emailfiltering.com[194.116.198.213] >> May 6 15:22:06 myhost postfix/smtpd[4799]: NOQUEUE: reject: RCPT from >> ixe-mta-18-tx.emailfiltering.com[194.116.198.213]: 554 5.7.1 <hlug0901 >> 0...@buzzhost.co.uk>: Sender address rejected: Access denied; >> from=<hlug090...@buzzhost.co.uk> to=<cmar...@media-brokers.com> >> proto=ESMTP helo >> =<ixe-mta-18.emailfiltering.com> > Notice your relayhost (which also acts as the MX for your domain) accepts the > message from the sender and tries to deliver it to your mail store, at which > point your Postfix installation REJECTs the message. This probably generates > a bounce report (by emailfiltering.com) to the envelope sender. If so, that > is backscatter. Webroots service simply proxies the recipient validation... so normally, no, this would not be a problem... but, I opened a ticket with them yesterday morning in case Rik used some kind of malformed message to trigger a bug in their system... >> Then about 42 minutes later, the flood of these 'ABUSE' messages (about >> one per second until I removed the address from the blocked senders >> list, after which they immediately stopped): >> >> May 6 16:04:19 myhost postfix/smtpd[5523]: connect from >> ixe-mta-18-tx.emailfiltering.com[194.116.198.213] >> May 6 16:04:20 myhost postfix/smtpd[5523]: 1F0844D45CD: >> client=ixe-mta-18-tx.emailfiltering.com[194.116.198.213] >> May 6 16:04:20 myhost postfix/cleanup[5541]: 1F0844D45CD: >> message-id=<20090506200420.1f0844d4...@smtp.media-brokers.com> >> May 6 16:04:20 myhost postfix/qmgr[919]: 1F0844D45CD: >> from=<cmar...@media-brokers.com>, size=1809, nrcpt=1 (queue active) >> May 6 16:04:20 myhost postfix/virtual[5608]: 1F0844D45CD: >> to=<cmar...@media-brokers.com>, relay=virtual, delay=0.47, >> delays=0.46/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir) >> May 6 16:04:20 myhost postfix/qmgr[919]: 1F0844D45CD: removed > Again, these messages hit your machine not from their source, but the > emailfiltering.com machine that relays mail to and fro your Postfix box. You > should troubleshoot this issue at the actual gateway MX that receives or > generates the offending message. In the process now, thanks... I was trying to figure out how/why my hostname was showing in the bounced messages I was getting, and this makes sense now. Thanks Sahil for taking the time to respond. -- Best regards, Charles
