SPAM, Postfix a sm-msp-queue[13051]

Dobry den,

mam take 2 problemy. Najskor k tomu prvemu.

Nakonfiguroval som Postfix mailserver na CentOS 5 podla tejto prirucky. Vsetko bezi tak ako ma. Spravil som tam aj SASL autentifikaciu, aj virtualnych uzivatelov a tak dalej...

Vsetko funguje tak ako ma az na to ze v logoch sa mi ukazuje hromada takychto sprav:


Feb 27 07:31:50 everest sm-msp-queue[13051]: p1QNVP2L028822: to=root, delay=06:53:19, xdelay=00:00:00, mailer=relay, pri=661932, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection reset by [127.0.0.1]
Feb 27 07:31:50 everest sm-msp-queue[13051]: p1QNVP2O028822: to=root, delay=06:53:18, xdelay=00:00:00, mailer=relay, pri=661932, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection reset by [127.0.0.1]
Feb 27 07:31:50 everest sm-msp-queue[13051]: p1QNVP1x028822: to=root, delay=07:00:01, xdelay=00:00:00, mailer=relay, pri=661932, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection reset by [127.0.0.1]
Feb 27 07:31:50 everest sm-msp-queue[13051]: p1QNVP2N028822: to=root, delay=06:53:19, xdelay=00:00:00, mailer=relay, pri=661932, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection reset by [127.0.0.1]
Feb 27 07:31:50 everest sm-msp-queue[13051]: p1QNVP1w028822: to=root, delay=07:00:01, xdelay=00:00:00, mailer=relay, pri=661932, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection reset by [127.0.0.1]
Feb 27 07:31:50 everest sm-msp-queue[13051]: p1QNVP2R028822: to=root, delay=06:53:18, xdelay=00:00:00, mailer=relay, pri=661932, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection reset by [127.0.0.1]
Feb 27 07:31:50 everest sm-msp-queue[13051]: p1QNVP22028822: to=root, delay=07:00:01, xdelay=00:00:00, mailer=relay, pri=661932, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection reset by [127.0.0.1]
Feb 27 07:31:50 everest sm-msp-queue[13051]: p1QNVP2P028822: to=root, delay=06:53:18, xdelay=00:00:00, mailer=relay, pri=661932, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection reset by [127.0.0.1]
Feb 27 07:31:50 everest sm-msp-queue[13051]: p1QNVP25028822: to=postmaster, delay=06:53:19, xdelay=00:00:00, mailer=relay, pri=663381, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection reset by [127.0.0.1]
Feb 27 07:31:50 everest sm-msp-queue[13051]: p1QNVP28028822: to=postmaster, delay=06:53:19, xdelay=00:00:00, mailer=relay, pri=663581, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection reset by [127.0.0.1]
Feb 27 07:31:50 everest sm-msp-queue[13051]: p1QNVP2B028822: to=postmaster, delay=06:53:19, xdelay=00:00:00, mailer=relay, pri=663581, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection reset by [127.0.0.1]

stale sa tam iba meni to cislo p1QNVP2B028822 a strieda sa tam to=root a to=postmaster

Isoqlog, ktory pouzivam kvoli statistikam o odoslanych a prijatych sprav mi to vyhodnocuje ako spracovane spravy. Denne mi tak ukazuje, ze server odoslal/prijal i niekolko stoviek tisic sprav.

1. Velmi mi to vytazuje cely mailserver. Ako sa tomu da zamedzit?

Moj druhy problem spociva v tomto:

Na mailserveri je niekolko roznych domen a tieto domeny maju svoje uzivatelske ucty. Na tieto ucty zatial nechodi ziadny SPAM co ma zrejme na svedomi SASL autentifikacia a aj spamassasssin pripadne clamav a pravdepodobne ani z tychto uctov SPAM nie je nikde odosielany (aspon v logoch som nic take nenasiel). Takze po tejto stranke je to nakonfiurovane dobre.

V logoch sa mi, ale objavuju nasledujuce zaznamy

Mar  5 15:24:34 everest postfix/smtpd[23755]: NOQUEUE: reject: RCPT from unknown[202.55.186.7]: 550 5.1.1 kulio@ananas.sk: Recipient address rejected: User unknown in virtual mailbox table; from=yellowerkr3@hermannmemorialhospital.com to=kulio@ananas.sk proto=ESMTP helo=DRWUINDWGE
Mar  5 15:24:35 everest postfix/smtpd[23755]: NOQUEUE: reject: RCPT from unknown[202.55.186.7]: 550 5.1.1 kulio@ananas.sk: Recipient address rejected: User unknown in virtual mailbox table; from=feints451@hudsnunitedbank.com to=kulio@ananas.sk proto=ESMTP helo=DRWUINDWGE
Mar  5 15:27:24 everest postfix/smtpd[23782]: NOQUEUE: reject: RCPT from unknown[211.245.24.198]: 550 5.1.1 macica@ananas.sk: Recipient address rejected: User unknown in virtual mailbox table; from=sjprescott@bahcasts.com to=macica@ananas.sk proto=ESMTP helo=www1.skmail.co.kr
Mar  5 15:28:39 everest postfix/smtpd[23782]: NOQUEUE: reject: RCPT from unknown[213.230.123.185]: 550 5.1.1 dark@ananas.sk: Recipient address rejected: User unknown in virtual mailbox table; from=dark@ananas.sk to=dark@ananas.sk proto=ESMTP helo=185.64.uzpak.uz
Mar  5 15:31:46 everest postfix/smtpd[23821]: NOQUEUE: reject: RCPT from unknown[188.34.56.77]: 550 5.1.1 lara@ananas.sk: Recipient address rejected: User unknown in virtual mailbox table; from=aeriesgt64@hpfs.com to=lara@ananas.sk proto=ESMTP helo=dsl-188-34-56-77.asretelecom.net
Mar  5 15:31:49 everest postfix/smtpd[23821]: NOQUEUE: reject: RCPT from unknown[188.34.56.77]: 550 5.1.1 lara@ananas.sk: Recipient address rejected: User unknown in virtual mailbox table; from=transubstantiation@jetexpressairlines.com to=lara@ananas.sk proto=ESMTP helo=dsl-188-34-56-77.asretelecom.net>
Mar  5 15:31:52 everest postfix/smtpd[23821]: NOQUEUE: reject: RCPT from unknown[188.34.56.77]: 550 5.1.1 lara@ananas.sk: Recipient address rejected: User unknown in virtual mailbox table; from=synagogqn57@jeffersoncountypublicschools.com to=lara@ananas.sk proto=ESMTP helo=dsl-188-34-56-77.asretelecom.net

Domena ananas.sk je akoze domena, ktora je pridana na mailserveri (zamerne som nazov zmenil). Tie nazvy schranok ako macica@ananas.sk, kulio@ananas.sk, lara@ananas.sk a mnohe mnohe dalsie v skutocnosti neexistuju.

Chapem to tak ze sa niekto pokusa posielat spravy na schranky pre domenu ananas.sk. Tieto schranky ale neexistuju tak sa email nikdy nedoruci. Tento postup mailservera je samozrejme spravny.

2. Da sa toho nejako zbavit? Strasne to zahlcuje logy, hoci nie tak velmi ako ten prvy problem.

Dakujem

Dotaz: SPAM, Postfix a sm-msp-queue[13051]

Odpovědi