Solved

log full of strange smtp send entries

Posted on 2011-03-10
2
476 Views
Last Modified: 2012-05-11
My postfix log has started filling up within a half a day and there seem to be a lot of strange smpt send entries.

I have SMTP authorisation set to allow only regsitered domains to send tyhrough the server.

Here are some of the entries.

Can anyone tell me how to trace where they came from or hwo to stop them please

thanks

Mar 10 16:31:54 localhost postfix/smtp[2806]: connect to mx.lostship.in[188.16.169.138]: Connection refused (port 25)
Mar 10 16:31:54 localhost postfix/smtp[2806]: C0EF89890D: to=<Emile@vdhvfbivawhehgwl.lostship.in>, relay=none, delay=26224, delays=25087/1123/14/0, dsn=4.4.1, status=deferred (connect to mx.lostship.in[188.16.169.138]: Connection refused)
Mar 10 16:31:54 localhost postfix/qmgr[2747]: 0DC1E93A18: from=<>, size=5178, nrcpt=1 (queue active)
Mar 10 16:31:54 localhost postfix/smtp[2775]: connect to mx.lostship.in[190.55.9.234]: Connection refused (port 25)
Mar 10 16:31:54 localhost postfix/smtp[2775]: C7EFB33907: to=<Morgan@pbhddaggfhi.lostship.in>, relay=none, delay=94160, delays=93024/1134/2.1/0, dsn=4.4.1, status=deferred (connect to mx.lostship.in[190.55.9.234]: Connection refused)
Mar 10 16:31:54 localhost postfix/qmgr[2747]: A725E95374: from=<>, size=4879, nrcpt=1 (queue active)
Mar 10 16:31:54 localhost postfix/smtp[2796]: connect to mx.lostship.in[109.108.75.3]: Connection timed out (port 25)
Mar 10 16:31:54 localhost postfix/smtp[2796]: 03C7C85845: to=<Pat@mbcotydenufokpgngaovbjorwb.lostship.in>, relay=none, delay=334174, delays=333036/1097/42/0, dsn=4.4.1, status=deferred (connect to mx.lostship.in[109.108.75.3]: Connection timed out)
Mar 10 16:31:54 localhost postfix/qmgr[2747]: AC5537526F: from=<>, size=3645, nrcpt=1 (queue active)
Mar 10 16:31:54 localhost postfix/smtp[2847]: connect to mx.lostship.in[190.55.9.234]: Connection refused (port 25)
Mar 10 16:31:54 localhost postfix/smtp[2847]: C423490A64: to=<Clifton@kdcjkjbhltfljiha.lostship.in>, relay=none, delay=88042, delays=86905/1135/1.8/0, dsn=4.4.1, status=deferred (connect to mx.lostship.in[190.55.9.234]: Connection refused)
Mar 10 16:31:54 localhost postfix/qmgr[2747]: 0AD9574C0F: from=<>, size=5351, nrcpt=1 (queue active)
Mar 10 16:31:54 localhost postfix/smtp[2765]: connect to mx.lostship.in[109.108.75.3]: Connection timed out (port 25)
Mar 10 16:31:54 localhost postfix/smtp[2765]: 035E5EE9FE: to=<Audrey@ldmcamyhnucchngoiensacbnelg.lostship.in>, relay=none, delay=390602, delays=389463/1108/30/0, dsn=4.4.1, status=deferred (connect to mx.lostship.in[109.108.75.3]: Connection timed out)
Mar 10 16:31:54 localhost postfix/qmgr[2747]: CE5AFF06FC: from=<Sophia@pbarnldbbhrsqepidqhep.kollaps.in>, size=2840, nrcpt=1 (queue active)
Mar 10 16:31:54 localhost postfix/pipe[4180]: CE5AFF06FC: to=<aemeluur7343@49thscoutgroup.co.uk>, relay=maildrop, delay=932, delays=932/0/0/0.01, dsn=5.1.1, status=bounced (user unknown. Command output: Invalid user specified. )
Mar 10 16:31:54 localhost postfix/cleanup[4257]: BE2E26EE9F: message-id=<20110310163154.BE2E26EE9F@brasiletc.com>
Mar 10 16:31:54 localhost postfix/bounce[4049]: CE5AFF06FC: sender non-delivery notification: BE2E26EE9F
Mar 10 16:31:54 localhost postfix/qmgr[2747]: CE5AFF06FC: removed
Mar 10 16:31:54 localhost postfix/qmgr[2747]: ECC6CF0F21: from=<lydykydep8198@kli.lt>, size=1943, nrcpt=1 (queue active)
Mar 10 16:31:54 localhost postfix/pipe[4180]: ECC6CF0F21: to=<nurezys6025@49thscoutgroup.co.uk>, relay=maildrop, delay=261, delays=261/0/0/0, dsn=5.1.1, status=bounced (user unknown. Command output: Invalid user specified. )
Mar 10 16:31:54 localhost postfix/cleanup[2844]: C073CF06FC: message-id=<20110310163154.C073CF06FC@brasiletc.com>
Mar 10 16:31:54 localhost postfix/bounce[4049]: ECC6CF0F21: sender non-delivery notification: C073CF06FC
Mar 10 16:31:54 localhost postfix/qmgr[2747]: ECC6CF0F21: removed
Mar 10 16:31:54 localhost postfix/qmgr[2747]: A31FD12A3E: from=<>, size=4798, nrcpt=1 (queue active)
Mar 10 16:31:55 localhost postfix/smtp[2989]: connect to mx.lostship.in[109.108.75.3]: Connection timed out (port 25)
Mar 10 16:31:55 localhost postfix/smtp[2989]: C45C71183C: to=<Armand@lcldgmhagnaydmhinutddaml.lostship.in>, relay=none, delay=275637, delays=274498/1105/34/0, dsn=4.4.1, status=deferred (connect to mx.lostship.in[109.108.75.3]: Connection timed out)
Mar 10 16:31:55 localhost postfix/qmgr[2747]: 0B529EDA83: from=<>, size=3580, nrcpt=1 (queue active)
Mar 10 16:31:55 localhost postfix/smtp[2830]: connect to mx.lostship.in[109.108.75.3]: Connection timed out (port 25)
Mar 10 16:31:55 localhost postfix/smtp[2789]: connect to mx.lostship.in[109.108.75.3]: Connection timed out (port 25)
Mar 10 16:31:55 localhost postfix/smtp[2808]: connect to mx.lostship.in[188.16.169.138]: Connection refused (port 25)
Mar 10 16:31:55 localhost postfix/smtpd[3340]: connect from qt82.internetdsl.tpnet.pl[80.55.45.82]
Mar 10 16:31:55 localhost postfix/smtp[2988]: connect to mx.lostship.in[190.55.9.234]: Connection refused (port 25)
Mar 10 16:31:55 localhost postfix/smtp[2830]: 087DC8C634: to=<Noe@sbtoasefjsfbtreuinbctj.lostship.in>, relay=none, delay=219710, delays=218571/1102/37/0, dsn=4.4.1, status=deferred (connect to mx.lostship.in[109.108.75.3]: Connection timed out)
Mar 10 16:31:55 localhost postfix/smtpd[2762]: connect from qt82.internetdsl.tpnet.pl[80.55.45.82]
Mar 10 16:31:55 localhost postfix/smtp[2789]: 0C0BE96406: to=<Mariano@ldlinuviccgenxxbijnfa.lostship.in>, relay=none, delay=47570, delays=46431/1105/34/0, dsn=4.4.1, status=deferred (connect to mx.lostship.in[109.108.75.3]: Connection timed out)
Mar 10 16:31:55 localhost postfix/smtp[2808]: C09E79053B: to=<Sharron@scausxbtnghsgtscjsitxj.lostship.in>, relay=none, delay=82928, delays=81790/1136/2/0, dsn=4.4.1, status=deferred (connect to mx.lostship.in[188.16.169.138]: Connection refused)
Mar 10 16:31:55 localhost postfix/smtp[2988]: CFA89100D7: to=<Dorian@ldblcmkehmliilddjnkw.lostship.in>, relay=none, delay=385425, delays=384287/1131/6.9/0, dsn=4.4.1, status=deferred (connect to mx.lostship.in[190.55.9.234]: Connection refused)
Mar 10 16:31:55 localhost postfix/qmgr[2747]: 0594A3139D: to=<Graham@sbtoasefjsfbtreuinbctj.lostship.in>, relay=none, delay=219714, delays=218809/905/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mx.lostship.in[109.108.75.3]: Connection timed out)
Mar 10 16:31:55 localhost postfix/qmgr[2747]: A8DAA10D73: from=<>, size=4690, nrcpt=1 (queue active)
Mar 10 16:31:55 localhost postfix/qmgr[2747]: 660878A44A: from=<>, size=4838, nrcpt=1 (queue active)
Mar 10 16:31:55 localhost postfix/qmgr[2747]: 08BDB10424: from=<>, size=3624, nrcpt=1 (queue active)
Mar 10 16:31:55 localhost postfix/qmgr[2747]: 6CE3412031: from=<>, size=3630, nrcpt=1 (queue active)
Mar 10 16:31:55 localhost postfix/qmgr[2747]: A6DB5318EC: from=<>, size=4710, nrcpt=1 (queue active)
Mar 10 16:31:55 localhost postfix/smtpd[3340]: D894AF0F21: client=qt82.internetdsl.tpnet.pl[80.55.45.82]
Mar 10 16:31:55 localhost postfix/smtp[2876]: connect to mx.lostship.in[109.108.75.3]: Connection timed out (port 25)
Mar 10 16:31:55 localhost postfix/smtp[2876]: CE76E87952: to=<Alexis@nbncdndapnujjpxedindpwe.lostship.in>, relay=none, delay=425114, delays=423974/1097/44/0, dsn=4.4.1, status=deferred (connect to mx.lostship.in[109.108.75.3]: Connection timed out)
Mar 10 16:31:55 localhost postfix/qmgr[2747]: A03E28CD51: from=<>, size=3628, nrcpt=1 (queue active)
Mar 10 16:31:56 localhost postfix/cleanup[4257]: D894AF0F21: message-id=<9V1YNX-OC36JN-SQ@mbdhmioaugmjejolajntc.kollaps.in>
Mar 10 16:31:56 localhost postfix/smtpd[2762]: 16869F105E: client=qt82.internetdsl.tpnet.pl[80.55.45.82]
Mar 10 16:31:56 localhost postfix/smtp[2828]: connect to mx.kollaps.in[46.247.162.226]: Connection timed out (port 25)
Mar 10 16:31:56 localhost postfix/smtp[2828]: A49D533FBB: to=<Earline@rdsbdihrjrgtbejgtqtcisf.kollaps.in>, relay=none, delay=16520, delays=15379/1100/40/0, dsn=4.4.1, status=deferred (connect to mx.kollaps.in[46.247.162.226]: Connection timed out)
Mar 10 16:31:56 localhost postfix/qmgr[2747]: 09A519BE59: from=<>, size=5192, nrcpt=1 (queue active)
0
Comment
Question by:zpitzy
2 Comments
 
LVL 43

Accepted Solution

by:
ravenpl earned 500 total points
ID: 35106374
mailq # display currently queued mail with some delivery notifications,
having the mail id, issue
postcat -q mailId # to display it verbosely
now browse bottom-up the Received : headers to find the path it already walked
0
 

Author Closing Comment

by:zpitzy
ID: 35395359
Did nto solve problem
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now