Postfix  trying to send email for unknown users of my domains

Posted on 2009-02-21
Last Modified: 2013-12-06
I am looking in my  /var/log/maillog and i have:

1- a lot of these entries:
Feb 15 07:29:28 myhostname postfix/qmgr[2587]: 1545F1B090E: to=<>, relay=none, delay=70215, delays=70215/0.01/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host[] refused to talk to me: 421 4.7.0 [TS01] Messages from temporarily deferred due to user complaints -; see
Feb 15 07:29:28 myhostname postfix/qmgr[2587]: 1D9972220A4: from=<>, size=7638, nrcpt=1 (queue active)
Feb 15 07:29:28 myhostname postfix/qmgr[2587]: 1D9972220A4: to=<>, relay=none, delay=44946, delays=44946/0.01/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host[] refused to talk to me: 421 4.7.0 [TS01] Messages from temporarily deferred due to user complaints -; see
Feb 15 07:29:28 myhostname postfix/qmgr[2587]: 1D8C61AF95D: from=<>, size=7634, nrcpt=1 (queue active)
Feb 15 07:29:28 myhostname postfix/qmgr[2587]: 1D8C61AF95D: to=<>, relay=none, delay=72517, delays=72517/0.01/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host[] refused to talk to me: 421 4.7.0 [TS01] Messages from temporarily deferred due to user complaints -; see
Feb 15 07:29:28 myhostname postfix/qmgr[2587]: 1970F1AFEA8: from=<>, size=7645, nrcpt=1 (queue active)

2- 75000+ email messages queed up for delivery

I do not do mailing lists this is for just 5 domains with about 3 email users per domain.

the user  does not even exist in my user list.  my question is 5 part:
1-what likely happened
2-how do i clear it up
3-how do i stop it(changes to postfix conf from happening
4-is there a good program to prevent it happening again (spam assin)?
5-damage control, how do i find out if im now blacklisted and how do i fix tha

here is part of my

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain = $myhostname

smtpd_sasl_auth_enable = yes

broken_sasl_auth_clients = yes

disable_vrfy_command = yes

smtpd_helo_required = yes

smtpd_error_sleep_time = 1s

smtpd_soft_error_limit = 10

smtpd_hard_error_limit = 20

smtpd_recipient_restrictions = 











   # reject_unknown_reverse_client_hostname,






Open in new window

Question by:knightdogs
    LVL 23

    Accepted Solution

    0. Please provide your entire (or better - output of "postconf -n" command).
    1. you may have some webmail or html form which allows sending emails through your postfix without authentication (permit_mynetworks)
    2. look at 0. :) Secure your html forms (if you have them)
    3. look at 2.
    4. postfix configuration should be enough, look at 0.

    Author Comment


    thanks for the quick response.  here is the results of postconf -n:

    alias_maps = hash:/etc/aliases
    append_dot_mydomain = no
    biff = no
    broken_sasl_auth_clients = yes
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    daemon_directory = /usr/libexec/postfix
    debug_peer_level = 2
    disable_vrfy_command = yes
    header_checks = regexp:/etc/postfix/header_checks
    html_directory = no
    inet_interfaces = all
    mail_owner = postfix
    mailbox_command = /usr/bin/procmail
    mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
    mailq_path = /usr/bin/mailq.postfix
    manpage_directory = /usr/share/man
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    mydestination = $myhostname, $mydomain, localhost.$mydomain, mail.$mydomain, loc                                             alhost, localhost.localdomain
    mydomain =
    myhostname =
    mynetworks_style = host
    myorigin = $mydomain
    newaliases_path = /usr/bin/newaliases.postfix
    notify_classes = resource, software
    queue_directory = /var/spool/postfix
    readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
    relay_domains = $mydestination
    sample_directory = /usr/share/doc/postfix-2.3.3/samples
    sendmail_path = /usr/sbin/sendmail.postfix
    setgid_group = postdrop
    smtpd_banner = $myhostname ESMTP $mail_name
    smtpd_error_sleep_time = 1s
    smtpd_hard_error_limit = 20
    smtpd_helo_required = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,    permit_mynetworks,                                                reject_unauth_destination,   reject_invalid_hostname,   reject_non_fqdn_hostna                                             me,   reject_non_fqdn_sender,   reject_non_fqdn_recipient,   reject_unknown_send                                             er_domain,   reject_unknown_recipient_domain,   reject_unauth_pipelining,   reje                                             ct_rbl_client,   reject_rbl_client,   reject_rb                                             l_client,   reject_rbl_client,   permit
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = $myhostname
    smtpd_soft_error_limit = 10
    smtpd_tls_CAfile = /etc/httpd/certs/
    smtpd_tls_cert_file = /etc/httpd/certs/xxxxxx.crt
    smtpd_tls_key_file = /etc/httpd/certs/myserver.key
    smtpd_tls_loglevel = 3
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    smtpd_use_tls = yes
    tls_random_source = dev:/dev/urandom
    unknown_local_recipient_reject_code = 450
    virtual_alias_maps = hash:/etc/postfix/virtual

    Author Comment

    on 1. is there a way to look at a log or queed email to see what form might be doing this?

    also i have 75918 queed emails, where can i look to delet them ( instead of in webmin , at 22 a screen that is a lot of screens to go thru to delete!)

    LVL 23

    Expert Comment

    Your config file looks ok, so I assume, that it's caused by some html form used to send emails or you are using webmail, which allows users changing From header in their emails.

    To check your queue: "mailq" or "postqueue -p".
    To examine your queued emails you may use postcat command:
    postcat /var/spool/postfix/deferred/1/1545F1B090E (this is of course example based on your first post with 1545F1B090E email deferred).
    You should be then able to find real sender of this email (still - I'm guessing, that it will be or other ip which belongs to your server).
    Check also your apache access logfiles - maybe you have some buggy website, which allows sending emails.

    To delete all your queued emails you may use "postdrop -d ALL" command - this will delete every email in your queue (even those, which are processed at the moment).
    To delete only deferred emails you may use simple oneliner:
    for id in `mailq | grep "^[0-9A-Z]" | awk '{print $1}' | grep -v "\*$"`; do postdrop -d $id; done

    As you have near 76k emails, deleting them can take a while.

    Author Comment


    here is the output of    postcat /var/spool/postfix/deferred/1/100142A05C7         :

    *** ENVELOPE RECORDS /var/spool/postfix/deferred/1/100142A05C7 ***
    message_size:             779             159               1               0
    message_arrival_time: Thu Feb 19 06:08:32 2009
    create_time: Thu Feb 19 06:08:32 2009
    named_attribute: rewrite_context=local
    sender_fullname: Apache
    *** MESSAGE CONTENTS /var/spool/postfix/deferred/1/100142A05C7 ***
    Received: by (Postfix, from userid 48)
            id 100142A05C7; Thu, 19 Feb 2009 06:08:32 -0500 (EST)
    Date: Thu, 19 Feb 2009 06:08:32 -0500
    From: "" <>
    Subject: =?UTF-8?B?2LPYp9mE2YbYp9mF2Ycg2LPYp9mEIDEzODg=?=
    Message-ID: <>
    X-Priority: 3
    X-Mailer: PHPMailer [version 1.72]
    MIME-Version: 1.0
    Content-Transfer-Encoding: 8bit
    Content-Type: text/html; charset="UTF-8"

    <h1 style="text-align: center; ">&nbsp;ساÙ
            1388 Ù
    خصÙص اÛÙترÙت</h1>
    <h2 style="text-align: center; "><a href=";id=26&amp;AdsID=1639&amp;ads_type=6">تÙضÛحات بÛشتر ٠خرÛد پستÛ</a></h2>
    *** HEADER EXTRACTED /var/spool/postfix/deferred/1/100142A05C7 ***
    named_attribute: encoding=8bit
    *** MESSAGE FILE END /var/spool/postfix/deferred/1/100142A05C7 ***

    it mentions in it. is that where i should look?  I will also look at apache log next.

    Author Comment


    Should/can i run this in Putty?

    for id in `mailq | grep "^[0-9A-Z]" | awk '{print $1}' | grep -v "\*$"`; do postdrop -d $id; done


    Author Comment


    when i run the command in Putty i get:

    postdrop: invalid option -- d
    postdrop: fatal: usage: postdrop [-c config_dir] [-v]

    Author Closing Comment

    Sir, you are the man.  Thank you for your help.
    LVL 23

    Expert Comment

    Sorry for delay - I was with my family at swimming pool :)

    My mistake - I was trying to be too fast probably. It's not postdrop, but postsuper.

    So, command should be:
    for id in `mailq | grep "^[0-9A-Z]" | awk '{print $1}' | grep -v "\*$"`; do postsuper -d $id; done

    (or to delete everything as it is - including emails processed at the time of running this command: postsuper -d ALL).

    And yes - you should run this from your terminal (but I see, that you already know this :)).

    Provided email was sent from your local host, by user Apache (so - it is some website - some buggy one or some webmail), with PHPMailer software.
    Now, you have to find out which webpage are sending this (examine apache access logs for some additional informations).

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Suggested Solutions

    Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
    Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
    Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
    In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now