On 8/11/2010 7:20 PM, Christopher Adams wrote:
Hello all,
I am having a bit of a problem and I am not sure that it is
specifically Postfix-related, but I'll give it a shot. Feel
free to flog me or tell me to go away.
I am running Postfix 2.3 on a CentOS Linux server.
I noticed on our firewall that there were constant connections
from the machine running Postfix to addresses all over the
world. The interesting thing is that the connection is using
OpenDNS [208.67.216.132], a public DNS server. I do not use
OpenDNS in my /etc/resolv.conf file (I have 2 other
nameservers listed) and I don't know where it is coming from.
Here is an example:
Aug 11 16:01:25 swiki postfix/smtp[7832]: E38F8DB4CCB:
to=<ysamo9...@sx.cn <mailto:ysamo9...@sx.cn>>, relay=none,
delay=30, delays=0/0/30/0, dsn=4.4.1, status=deferred (connect
to sx.cn <http://sx.cn>[208.67.216.132]: Connection timed out)
[please don't post HTML mail, it makes the logs hard to parse.
In gmail, click the "Plain Text" button]
Looks like two problems to me.
First, you shouldn't be sending these mails out. Use "postcat
-q E38F8DB4CCB" to see the mail contents, and grep your logs
for E38F8DB4CCB to see where that mail originated.
My guess is it's a non-delivery notice or bounce for an
undeliverable recipient. It's important to not accept mail
you can't deliver.
Secondly, the 208.67.216.132 ip is what OpenDNS returns when
you query them for a non-existent domain. You really are
using OpenDNS; maybe your router or your ISP is hijacking your
DNS requests.
-- Noel Jones
