|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: configure postfix to not log NOQUEUE: rejects?
From: Adhamh Findlay (postfix
adhamh.com)
Date: Tue Aug 15 2006 - 18:14:22 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
mouss wrote:
> Adhamh Findlay wrote:
>> Hi,
>>
>> I'm still being victimized by a joe job/backscatter attack that won't
>> stop. Its basically to the point where my log file is totally
>> useless. Today alone I have had 13086 unique ip addresses (each with
>> multiple events) sending me backscatter. I've started using my
>> firewall to block any ip address that generates a "NOQUEUE" error,
>> but that seems like overkill and while it slows down the problem new
>> ip addresses seem to always get used in this attack.
>>
>> Since this joe job/backscatter can't be stopped is there a way to get
>> postfix to not log "NOQUEUE" messages? I could then re-enable this
>> logging if I needed to troubleshoot something.
> tail -F /var/log/mailog | grep -v NOQUEUE > /var/log/newlogfile
Yeah, far enough.... :-)
>
> can you post few of these IPs and why they generate NOQUEUE errors?
I'll just post one IP as they are all pretty much the same. Based on
the emails I grabbed using a virtual alias most of these emails are
bounces. Someone is using my domain in From header and is sending at
least some email to users at other domains that don't exist.
Aug 15 03:17:23 my-domain-com postfix/smtpd[28914]: connect from
200-170-142-109.static.ctbctelecom.com.br[200.170.142.109]
Aug 15 03:17:29 my-domain-com postfix/smtpd[28991]: connect from
200-170-142-109.static.ctbctelecom.com.br[200.170.142.109]
Aug 15 03:18:31 my-domain-com postfix/smtpd[28975]: connect from
200-170-142-109.static.ctbctelecom.com.br[200.170.142.109]
Aug 15 03:18:31 my-domain-com postfix/smtpd[28975]: lost connection
after HELO from 200-170-142-109.static.ctbctelecom.com.br[200.170.142.109]
Aug 15 03:18:31 my-domain-com postfix/smtpd[28975]: disconnect from
200-170-142-109.static.ctbctelecom.com.br[200.170.142.109]
Aug 15 03:18:33 my-domain-com postfix/smtpd[28914]: NOQUEUE: reject:
RCPT from 200-170-142-109.static.ctbctelecom.com.br[200.170.142.109]:
550 5.1.1 <aviaiadhamh.com>: Recipient address rejected: User unknown
in local recipient table; from=<postmasterusinaalvorada.com.br>
to=<aviaiadhamh.com> proto=SMTP helo=<usinaalvorada.com.br>
Aug 15 03:18:33 my-domain-com postfix/smtpd[28914]: lost connection
after RCPT from 200-170-142-109.static.ctbctelecom.com.br[200.170.142.109]
Aug 15 03:18:33 my-domain-com postfix/smtpd[28914]: disconnect from
200-170-142-109.static.ctbctelecom.com.br[200.170.142.109]
Aug 15 03:18:39 my-domain-com postfix/smtpd[28991]: NOQUEUE: reject:
RCPT from 200-170-142-109.static.ctbctelecom.com.br[200.170.142.109]:
550 5.1.1 <aviaiadhamh.com>: Recipient address rejected: User unknown
in local recipient table; from=<postmasterusinaalvorada.com.br>
to=<aviaiadhamh.com> proto=SMTP helo=<usinaalvorada.com.br>
Aug 15 03:18:39 my-domain-com postfix/smtpd[28991]: lost connection
after RCPT from 200-170-142-109.static.ctbctelecom.com.br[200.170.142.109]
Aug 15 03:18:39 my-domain-com postfix/smtpd[28991]: disconnect from
200-170-142-109.static.ctbctelecom.com.br[200.170.142.109]
Adhamh
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]