Trying to understand some email issues
Kurt Buff - GSEC, GCIH
kurt.buff at gmail.com
Mon Jan 21 16:44:36 UTC 2019
On Sun, Jan 20, 2019 at 10:34 PM Patrick Mahan <plmahan at gmail.com> wrote:
>
> All,
>
> FreeBSD 11.2
>
> Running postfix 3.3.2_1,1
>
> I'm getting hammered with thousands of emails from yahoo.com -
>
> Here is an example -
>
> Jan 20 22:09:01 ns postfix/smtp[1308]: 2DA97A2E2EF: to=<pwascak at aol.com>,
> relay=mx-aol.mail.gm0.yahoodns.net[98.137.157.43]:25, delay=13730,
> delays=13728/0.31/1.1/0.06, dsn=4.7.0, status=deferred (host
> mx-aol.mail.gm0.yahoodns.net[98.137.157.43] said: 421 4.7.0 [TSS04]
> Messages from 23.24.207.145 temporarily deferred due to user complaints -
> 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply
> to MAIL FROM command))
>
> I'm trying to determine if I am somehow relaying emails to yahoo.com, or is
> this someone attacking me.
>
> I am pretty sure I have postfix to avoid acting like a relay for
> unauthenticated connections. But this maybe something I have messed up.
> This has been happening only since I upgraded to 11.2 (I was at 9.x). I
> also just recently switch from sendmail to postfix as well.
>
> I can provide my postfix config on request if needed.
>
> Pointers to other mail-lists are welcomed. I decided to start here before
> jumping on the postfix mailing list.
>
> Thanks in advance,
>
> Patrick
I'd suggest, as a first measure, going to https://mxtoolbox.com, and
looking at their reports for your domain name and your IP address.
Understanding your config and your logs is good, but a quick review of
how others see your domain can point you in the right direction if
there's an error in your config.
For instance, you might have inadvertently made your host an open
relay, and mxtoolbox will understand that. (that just an example - it
actually seems unlikely, as otherwise you'd be getting bounces from
more than just yahoo)
Kurt
More information about the freebsd-questions
mailing list