|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Suspect log files
From: - Kone Bakenon - (kone
univ-ouaga.bf)
Date: Wed Aug 09 2006 - 14:37:27 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> - Kone Bakenon - wrote:
>>> - Kone Bakenon - wrote:
>>>>> - Kone Bakenon - wrote:
>>>>>> Hello all,
>>>>>> Since day before yesterday, i have a lots of of message like that in
>>>>>> my
>>>>>> log :
>>>>>>
>>>>>> Aug 9 10:03:12 mail postfix/smtpd[11364]: connect from
>>>>>> mail.magicjent.com[63.207.43.210]
>>>>>> Aug 9 10:03:12 mail postfix/smtpd[11373]: NOQUEUE: reject: RCPT
>>>>>> from
>>>>>> mx1.iml.com[204.92.14.10]: 450 <LarryzYxGreenmydomain.com>:
>>>>>> Recipient
>>>>>> address rejected: User unknown in local recipient table; from=<>
>>>>>> to=<LarryzYxGreenmydomain.com> proto=ESMTP helo=<mx1.iml.com>
>>>>>> Aug 9 10:03:12 mail postfix/smtpd[11289]: disconnect from
>>>>>> unknown[206.159.183.93]
>>>>>> Aug 9 10:03:13 mail postfix/smtpd[11341]: connect from
>>>>>> defout.telus.net[199.185.220.240]
>>>>>>
>>>>> As others already said, this looks like backscatter mails from badly
>>>>> configured servers. If your recipient validation is working correctly
>>>>> you
>>>>> might want to change the 450 tempfail of unknown recipient to 550
>>>>> permanent rejection:
>>>>>
>>>>> unknown_local_recipient_reject_code = 550
>>>> I add the previous line and restart postfix but i still have the same
>>>> log.
>>> Are undeliverable mails to not existing users rejected with 450 or 550?
>>> They should be permanently rejected. You will still see one NOQUEUE:
>>> reject, but the sending server will not try to resend this particular
>>> mail.
>>>
>> Log looks like that :
>> Aug 9 17:11:04 mail postfix/smtpd[24915]: NOQUEUE: reject: RCPT from
>> purify.attnet.ne.jp[165.76.8.44]: 550 <RichardvNzPhillipsmydomain.com>:
>> Recipient address rejected: User unknown in local recipient table;
>> from=<>
>> to=<RichardvNzPhillipsuniv-ouaga.bf> proto=ESMTP
>> helo=<purify03.attnet.ne.jp>
>
> It's okay, the mail is rejected permanently (550) because of invalid
> recipient. Backscatter can often be recognised by the empty sender address
> in addition to valid DNS names of servers without lots of numbers in the
> name.
>
>>
>> Aug 9 17:11:04 mail postfix/smtpd[25109]: NOQUEUE: reject: RCPT from
>> unknown[200.38.219.131]: 450 Client host rejected: cannot find your
>> hostname, [200.38.219.131]; from=<servermailgrupolala.com>
>> to=<RonaldayaYounguniv-ouaga.bf> proto=ESMTP
>> helo=<servermail.grupolala.com>
>
> This mail was rejected because of the unknown HOSTNAME. It's probably a
> normal spam zombie, not a backscatter server. Reverse DNS points to
> customer-200-38-219-131.uninet.net.mx, but this hostname does not exist.
> So this rejection is probably unrelated to the backscatter problem.
>
Thanks Sandy. But how can I do to denied this kind of connexion in the
mail server ?
------
Kone
> Sandy
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]