Home > Others

The mail server built with postfix + Dovecot is processed as a transit server by Spam

Source: Internet
Author: User
Tags rfc822 dovecot
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

I sent an email today, but failed to send it. Then I went to the server to check the log and found that the hard disk was filled with the cache queue and logs of spam,

Tail-F/var/log/maillog found the screen was flushed. Some logs are as follows:

Aug 17 09:39:01 www postfix/error[1173]: 455F050663: to=<[email protected]>, relay=none, delay=28778, delays=28631/146/0/0.51, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)Aug 17 09:39:01 www postfix/error[1229]: 296AE2FDCD: to=<[email protected]>, relay=none, delay=30507, delays=30360/147/0/0.21, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)Aug 17 09:39:01 www postfix/error[1138]: 1F9A853B47: to=<[email protected]>, relay=none, delay=28244, delays=28097/146/0/0.6, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)Aug 17 09:39:01 www postfix/error[1104]: B16DB3AB0B: to=<[email protected]>, relay=none, delay=29431, delays=29284/146/0/0.83, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)Aug 17 09:39:01 www postfix/error[1205]: B7F65597AE: to=<[email protected]>, relay=none, delay=26365, delays=26218/146/0/0.41, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)Aug 17 09:39:01 www postfix/error[1166]: 308EE43BD2: to=<[email protected]>, relay=none, delay=30716, delays=30569/147/0/0.06, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)Aug 17 09:39:01 www postfix/error[1140]: 9654E2B6A6: to=<[email protected]>, relay=none, delay=35359, delays=35213/146/0/0.79, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)Aug 17 09:39:01 www postfix/error[1134]: C74DA58B4C: to=<[email protected]>, relay=none, delay=26704, delays=26557/146/0/0.57, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)Aug 17 09:39:01 www postfix/error[1220]: 506172DC9A: to=<[email protected]>, relay=none, delay=34379, delays=34232/146/0/1.4, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx-tw.mail.gm0.yahoodns.net[203.188.197.119] while sending RCPT TO)

Let's take a look at the process and load of the system. The system is dizzy and the load is 28, so the server is not moving.

[[email protected] /]# toptop - 09:42:06 up 2 days, 22:13,  1 user,  load average: 28.81, 20.57, 12.43Tasks: 238 total,   1 running, 237 sleeping,   0 stopped,   0 zombieCpu(s):  4.4%us,  8.0%sy,  0.0%ni,  4.2%id, 82.7%wa,  0.5%hi,  0.2%si,  0.0%stMem:   3921316k total,  2927360k used,   993956k free,   520508k buffersSwap:        0k total,        0k used,        0k free,   671096k cached  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                                  319 root      20   0 80764 3568 2656 S  3.7  0.1   0:13.37 master                                                                   323 postfix   20   0 80944 3568 2596 S  2.0  0.1   0:09.92 trivial-rewrite                                                          322 postfix   20   0  103m  28m 2712 D  1.7  0.7   0:09.09 qmgr                                                                     862 root      20   0  249m 4784 1032 S  1.7  0.1  14:18.73 rsyslogd                                                                 448 postfix   20   0 80984 3592 2596 S  1.0  0.1   0:03.35 trivial-rewrite                                                          255 root      20   0     0    0    0 D  0.7  0.0   5:59.75 jbd2/xvda1-8                                                             400 postfix   20   0 94400 5164 3588 S  0.7  0.1   0:00.21 smtpd                                                                   1293 root      20   0  761m 8096 2072 S  0.7  0.2   4:48.66 aegis_cli                                                               1877 postfix   20   0 80856 3528 2632 S  0.7  0.1   0:00.08 error                                                                   2024 postfix   20   0 80856 3536 2632 S  0.7  0.1   0:00.04 error                                                                   2152 postfix   20   0 80880 3492 2608 S  0.7  0.1   0:00.02 bounce                                                                  2158 postfix   20   0 80880 3496 2608 D  0.7  0.1   0:00.02 bounce                                                                  2162 root      20   0 15160 1428 1000 R  0.7  0.0   0:00.02 top                                                                      446 postfix   20   0 94400 5172 3604 S  0.3  0.1   0:00.18 smtpd                                                                    455 postfix   20   0 80988 3640 2712 S  0.3  0.1   0:00.10 cleanup                                                                  463 postfix   20   0 94400 5144 3576 S  0.3  0.1   0:00.16 smtpd                                                                    465 postfix   20   0 80988 3636 2712 S  0.3  0.1   0:00.10 cleanup                                                                 1018 postfix   20   0 80988 3640 2712 S  0.3  0.1   0:00.07 cleanup                                                                 1035 postfix   20   0 94400 5120 3548 S  0.3  0.1   0:00.09 smtpd                                                                   1040 postfix   20   0 94400 5140 3568 S  0.3  0.1   0:00.14 smtpd                                                                   1469 postfix   20   0 80856 3532 2632 S  0.3  0.1   0:00.22 error                                                                   1836 postfix   20   0 80856 3528 2632 S  0.3  0.1   0:00.09 error                                                                   1900 postfix   20   0 80856 3536 2632 S  0.3  0.1   0:00.06 error                                                                   1903 postfix   20   0 80856 3528 2632 S  0.3  0.1   0:00.06 error                                                                   1924 postfix   20   0 80856 3528 2632 S  0.3  0.1   0:00.06 error                                                                   1939 postfix   20   0 80856 3532 2632 S  0.3  0.1   0:00.05 error                                                                   1960 postfix   20   0 80856 3528 2632 S  0.3  0.1   0:00.05 error                                                                   1967 postfix   20   0 80856 3532 2632 S  0.3  0.1   0:00.05 error                                                                   1973 postfix   20   0 80856 3528 2632 S  0.3  0.1   0:00.05 error                                                                   1977 postfix   20   0 80856 3532 2632 S  0.3  0.1   0:00.04 error                                                                   2090 postfix   20   0 80880 3500 2608 D  0.3  0.1   0:00.01 bounce                                                                  2153 postfix   20   0 80880 3500 2608 D  0.3  0.1   0:00.01 bounce                                                                  2161 postfix   20   0 80880 3492 2608 D  0.3  0.1   0:00.01 bounce                                                                  2163 postfix   20   0 80880 3492 2608 D  0.3  0.1   0:00.01 bounce                                                                  2164 postfix   20   0 80880 3492 2608 D  0.3  0.1   0:00.01 bounce                                                                  2165 postfix   20   0 80880 3492 2608 D  0.3  0.1   0:00.01 bounce                                                                  2169 postfix   20   0 80880 3496 2608 D  0.3  0.1   0:00.01 bounce                                                                  2170 postfix   20   0 80880 3496 2608 D  0.3  0.1   0:00.01 bounce                                                                  2176 postfix   20   0 80880 3492 2608 D  0.3  0.1   0:00.01 bounce                                                                     1 root      20   0 19232 1088  820 S  0.0  0.0   0:00.87 init                                                                       2 root      20   0     0    0    0 S  0.0  0.0   0:00.00 kthreadd

Stop the Postfix service and check the content of the forwarded spam:

[[email protected] /]# postcat -q 847D9E8238*** ENVELOPE RECORDS deferred/8/847D9E8238 ***message_size:            6545            3068              26               0            6545message_arrival_time: Sun Aug 17 10:15:10 2014create_time: Sun Aug 17 10:15:10 2014named_attribute: rewrite_context=remotesender: [email protected]named_attribute: log_client_name=36-224-134-61.dynamic-ip.hinet.netnamed_attribute: log_client_address=36.224.134.61named_attribute: log_client_port=2806named_attribute: log_message_origin=36-224-134-61.dynamic-ip.hinet.net[36.224.134.61]named_attribute: log_helo_name=115.28.81.191named_attribute: log_protocol_name=SMTPnamed_attribute: client_name=36-224-134-61.dynamic-ip.hinet.netnamed_attribute: reverse_client_name=36-224-134-61.dynamic-ip.hinet.netnamed_attribute: client_address=36.224.134.61named_attribute: client_port=2806named_attribute: helo_name=115.28.81.191named_attribute: protocol_name=SMTPnamed_attribute: client_address_type=2named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]named_attribute: dsn_orig_rcpt=rfc822;[email protected]original_recipient: [email protected]recipient: [email protected]*** MESSAGE CONTENTS deferred/8/847D9E8238 ***Received: from 115.28.81.191 (36-224-134-61.dynamic-ip.hinet.net [36.224.134.61])        by mail.sintie.com (Postfix) with SMTP id 847D9E8238;        Sun, 17 Aug 2014 10:15:10 +0800 (CST)Received: from 65.64.252.253 by ; Sun, 17 Aug 2014 06:09:08 +0400

Postfix is very powerful. You can set security authentication-related items to improve the security level.
After reconfiguration and authentication, check the log again:

Aug 17 10:52:49 www postfix/smtpd[5864]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:49 www postfix/smtpd[5863]: NOQUEUE: reject: RCPT from 118-161-251-198.dynamic.hinet.net[118.161.251.198]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:50 www postfix/smtpd[5865]: connect from 118-161-241-28.dynamic.hinet.net[118.161.241.28]Aug 17 10:52:50 www postfix/smtpd[5863]: NOQUEUE: reject: RCPT from 118-161-251-198.dynamic.hinet.net[118.161.251.198]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:50 www postfix/smtpd[5864]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:50 www postfix/smtpd[5864]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:50 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:50 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:50 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:51 www postfix/smtpd[5859]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:51 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:51 www postfix/smtpd[5863]: NOQUEUE: reject: RCPT from 118-161-251-198.dynamic.hinet.net[118.161.251.198]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:51 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:51 www postfix/smtpd[5864]: NOQUEUE: reject: RCPT from 114-45-30-4.dynamic.hinet.net[114.45.30.4]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>Aug 17 10:52:51 www postfix/smtpd[5865]: NOQUEUE: reject: RCPT from 118-161-241-28.dynamic.hinet.net[118.161.241.28]: 504 5.5.2 <115.28.81.191>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<115.28.81.191>

It was rejected by the server.

If you can analyze the log dynamically, put the IP address in the firewall and pass it directly.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
built server postfix smtp server wireless router with built in radius server server built mail server blacklisted by gmail is mail server blacklisted spam server

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More