On 2/10/2010 12:51 PM, Dimitar Penev wrote:
Hello All,
I am not sure if this mailing list is the best place to ask this question.
If not please point me to the better one.
I am running postfix based mailserver.
Few days ago however I have noticed that some of the emails I am
sending fall in the recipient spam filters.
I have discovered that my ISP IP range is in uceprotect-level3 list,
in addition I have found that my IP is listed in ips.backscatterer.org
I don't have control of the ISP machines so I can not do much for the
first problem,
but at least I want to fix the backscatter issue.
I have attached part of my mail log at the time suggested by backscatterer.org
I indeed find the place where we see few "from=<>".
I see also short below that that the recipient (I guess) mailservers
reject my mailserver with reason
"rejected due to spam or virus content" or "Your PROVIDER is
BLACKLISTED at UCEPROTECT-LEVEL 3"
I don't understand however who/how is sending those messages with "from=<>".
Search the mail log for the QUEUEID listed in the log for one
particular message that looks like a bounce. That will help
you trace one particular message. Some of these messages have
been in your log for several days, so the original entry might
be in a different log file.
You can also search for log entries with "status=bounced".
I have setup
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
So I should get local recipient reject if the recipient name is not in
my alias_map or not and unix user
Unless you have wildcards in virtual_alias_maps or
*canonical_maps. Wildcards defeat recipient validation.
Can someone help me interpreting the log below. Or can I make the log
more detailed?
Any suggestions will be appreciated!
Not much interesting in the snippit below -- the good stuff is
elsewhere in the file, or maybe in an older log file. Don't
make the log more verbose, everything you need is logged already.
Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: 6BBD885C2BA:
from=<apa...@mail.bioidentic.com>, size=1237, nrcpt=1 (queue active)
Maybe you have an abused web form on your web server.
Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: C69BF85BF81: from=<>,
size=10970, nrcpt=1 (queue active)
This is probably a bounced message. Search the logs for prior
occurences of the QUEUEID, C69BF85BF81, to see where that
message came from.
Feb 7 21:23:29 uCpbx postfix/smtpd[14183]: warning: support for
restriction "check_relay_domains" will be removed from Postfix; use
"reject_unauth_destination" instead
That message seems pretty self-explanatory.
Feb 7 21:23:31 uCpbx postfix/smtp[14192]: 4A1FD85BA11:
to=<buckskinyf...@northscottsdalesoccerleague.com>,
relay=mailstore1.secures
erver.net[72.167.238.201]:25, delay=236635, delays=236632/0.06/3.1/0,
dsn=4.0.0, status=deferred (host mailstore1.secureserver.net[7
2.167.238.201] refused to talk to me:
554-p3pismtp01-006.prod.phx3.secureserver.net 554 Your access to this
mail system has been rej
ected due to spam or virus content. If you believe that this failure
is in error, please submit an unblock request at http://unbloc
k.secureserver.net)
> Feb 7 21:23:31 uCpbx postfix/smtp[14195]: 5571885C34C:
> to=<mn...@egiftplanet.com>,
> relay=mail.egiftplanet.com[208.91.131.6]:25, del
> ay=12844, delays=12841/0.13/1/2.4, dsn=5.0.0,
status=bounced (host
> mail.egiftplanet.com[208.91.131.6] said: 571 Your PROVIDER
is BLA
> CKLISTED at UCEPROTECT-LEVEL 3 - See:
> http://www.uceprotect.net/rblcheck.php?ipr=77.70.97.103 (in
reply to
> RCPT TO command))
These entries make it appear you have set soft_bounce=yes
(remote replies with a 5xx "reject" response, but you treat it
as a 4xx defer). Don't do that.
If you need more help, see
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
