asked on ubuntu hardy SPAM issue
I have one person receiving a lot of non deliverable email messages.
They have been blocked via Barracuda and UCEProtect.
I created a block rule for Port 25 in my Cisco Router. This is what is being blocked.
The MAC address is that of the router and the server.
[ACCESS_RULE]: IN=eth0 OUT= MAC=50:3d:e5:a2:40:d4:00:1
How can I troubleshoot this to determine where the issue is coming from. No changes on the server. This started about a week ago.
Using Postfix
They have been blocked via Barracuda and UCEProtect.
I created a block rule for Port 25 in my Cisco Router. This is what is being blocked.
The MAC address is that of the router and the server.
[ACCESS_RULE]: IN=eth0 OUT= MAC=50:3d:e5:a2:40:d4:00:1
How can I troubleshoot this to determine where the issue is coming from. No changes on the server. This started about a week ago.
Using Postfix
LinuxEmail ServersLinux Distributions
Last Comment
bmsjeff
ASKER
Here is a part of the log: (not sure what this tells me?)
Feb 5 09:39:01 myserver01 postfix/bounce[20672]: 14E5BC1F19: sender non-delivery notification: 673BDC1433
Feb 5 09:39:01 myserver01 postfix/qmgr[5146]: 14E5BC1F19: removed
Feb 5 09:39:01 myserver01 postfix/local[20674]: 673BDC1433: to=<thisisme@myemail.com>,
Feb 5 09:39:01 myserver01 postfix/qmgr[5146]: 673BDC1433: removed
Feb 5 09:39:03 myserver01 postfix/smtp[20599]: connect to o.webmd.com[63.140.35.28]:
Feb 5 09:39:03 myserver01 postfix/smtp[20599]: D3C86C2A46: to=<nikkii.haggard@o.webmd
Feb 5 09:39:04 myserver01 postfix/smtp[20543]: D31F7C239D: host mailin-02.mx.aol.com[205.1
Feb 5 09:39:05 myserver01 postfix/smtp[20618]: connect to answers.yahoo.com[216.115.
Feb 5 09:39:05 myserver01 postfix/smtp[20618]: D0296C2618: to=<meetadmin@answers.yaho
Feb 5 09:39:07 myserver01 postfix/smtp[20543]: D31F7C239D: host mailin-04.mx.aol.com[64.12
Feb 5 09:39:12 myserver01 postfix/smtp[20566]: 069E9C2EB2: to=<ea_3tfaison@apsa.org>,
Feb 5 09:39:17 myserver01 postfix/smtpd[20677]: warning: 209.54.32.182: hostname salesfrc.net verification failed: Name or service not known
Feb 5 09:39:17 myserver01 postfix/smtpd[20677]: connect from unknown[209.54.32.182]
Feb 5 09:39:18 myserver01 postfix/smtpd[20677]: NOQUEUE: reject: RCPT from unknown[209.54.32.182]: 554 5.7.1 Service unavailable; Client host [209.54.32.182] blocked using sbl.spamhaus.org; http://www.spamhaus.org/sbl/query/SBLCSS; from=<gfr@wootmerce.com> to=<thisisme@myemail.com> proto=ESMTP helo=<hfe182.wootmerce.com
Feb 5 09:39:18 myserver01 postfix/smtpd[20677]: disconnect from unknown[209.54.32.182]
Feb 5 09:39:01 myserver01 postfix/bounce[20672]: 14E5BC1F19: sender non-delivery notification: 673BDC1433
Feb 5 09:39:01 myserver01 postfix/qmgr[5146]: 14E5BC1F19: removed
Feb 5 09:39:01 myserver01 postfix/local[20674]: 673BDC1433: to=<thisisme@myemail.com>,
Feb 5 09:39:01 myserver01 postfix/qmgr[5146]: 673BDC1433: removed
Feb 5 09:39:03 myserver01 postfix/smtp[20599]: connect to o.webmd.com[63.140.35.28]:
Feb 5 09:39:03 myserver01 postfix/smtp[20599]: D3C86C2A46: to=<nikkii.haggard@o.webmd
Feb 5 09:39:04 myserver01 postfix/smtp[20543]: D31F7C239D: host mailin-02.mx.aol.com[205.1
Feb 5 09:39:05 myserver01 postfix/smtp[20618]: connect to answers.yahoo.com[216.115.
Feb 5 09:39:05 myserver01 postfix/smtp[20618]: D0296C2618: to=<meetadmin@answers.yaho
Feb 5 09:39:07 myserver01 postfix/smtp[20543]: D31F7C239D: host mailin-04.mx.aol.com[64.12
Feb 5 09:39:12 myserver01 postfix/smtp[20566]: 069E9C2EB2: to=<ea_3tfaison@apsa.org>,
Feb 5 09:39:17 myserver01 postfix/smtpd[20677]: warning: 209.54.32.182: hostname salesfrc.net verification failed: Name or service not known
Feb 5 09:39:17 myserver01 postfix/smtpd[20677]: connect from unknown[209.54.32.182]
Feb 5 09:39:18 myserver01 postfix/smtpd[20677]: NOQUEUE: reject: RCPT from unknown[209.54.32.182]: 554 5.7.1 Service unavailable; Client host [209.54.32.182] blocked using sbl.spamhaus.org; http://www.spamhaus.org/sbl/query/SBLCSS; from=<gfr@wootmerce.com> to=<thisisme@myemail.com> proto=ESMTP helo=<hfe182.wootmerce.com
Feb 5 09:39:18 myserver01 postfix/smtpd[20677]: disconnect from unknown[209.54.32.182]
Okay, so looks like you are actually running a full fledged mail server on your ubuntu host?
In that case please describe your intended operation, and post a sanitized postfix config.
In that case please describe your intended operation, and post a sanitized postfix config.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER
I would like only authorized users to have the ability to send mail via SMTP. I want to block anything else.
Here is the "main.cf" file. (I think this is what you are looking for)
# See /usr/share/postfix/main.cf
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_da
smtp_tls_session_cache_dat
# See /usr/share/doc/postfix/TLS
# information on enabling SSL in the smtp client.
myhostname = mymailserver.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mymailserver.com, localhost
relayhost =
mynetworks = 127.0.0.0/8
#mailbox_command = procmail -a "$EXTENSION"
mailbox_command =
mailbox_size_limit = 0
message_size_limit = 51200000
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_option
broken_sasl_auth_clients = yes
#smtpd_recipient_restricti
smtpd_recipient_restrictio
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org, permit
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_off
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_ti
tls_random_source = dev:/dev/urandom
Here is the "main.cf" file. (I think this is what you are looking for)
# See /usr/share/postfix/main.cf
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_da
smtp_tls_session_cache_dat
# See /usr/share/doc/postfix/TLS
# information on enabling SSL in the smtp client.
myhostname = mymailserver.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mymailserver.com, localhost
relayhost =
mynetworks = 127.0.0.0/8
#mailbox_command = procmail -a "$EXTENSION"
mailbox_command =
mailbox_size_limit = 0
message_size_limit = 51200000
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_option
broken_sasl_auth_clients = yes
#smtpd_recipient_restricti
smtpd_recipient_restrictio
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org, permit
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_off
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_ti
tls_random_source = dev:/dev/urandom
Okay, so:
- you want users on the internal network to be able to send email out with smtp on this server?
- do you want authenticated users from the outside to be able to send to the world through this server?
- do you want to accept email from the outside for your own domain on this server?
- do you have a fully qualified domain name forward and reverse record for this server?
- do you actually own mymailserver.com?
- you want users on the internal network to be able to send email out with smtp on this server?
- do you want authenticated users from the outside to be able to send to the world through this server?
- do you want to accept email from the outside for your own domain on this server?
- do you have a fully qualified domain name forward and reverse record for this server?
- do you actually own mymailserver.com?
ASKER
- you want users on the internal network to be able to send email out with smtp on this server?
YES
- do you want authenticated users from the outside to be able to send to the world through this server?
YES - i.e. when the internal users take their laptops home.
- do you want to accept email from the outside for your own domain on this server?
YES
- do you have a fully qualified domain name forward and reverse record for this server?
NOT SURE, how do I verify this?
- do you actually own mymailserver.com?
YES
YES
- do you want authenticated users from the outside to be able to send to the world through this server?
YES - i.e. when the internal users take their laptops home.
- do you want to accept email from the outside for your own domain on this server?
YES
- do you have a fully qualified domain name forward and reverse record for this server?
NOT SURE, how do I verify this?
- do you actually own mymailserver.com?
YES
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
DNS forward and reverse:
You could run an nslookup on your mail server name, like
Can you post a few examples of those non deliverable mail reports?
You could run an nslookup on your mail server name, like
nslookup mail.mymailserver.com
nslookup 1.2.3.4
Can you post a few examples of those non deliverable mail reports?
You have
>>>smtpd_recipient_restric
However you also have
smtpd_tls_auth_only = no
Why is that?
Further have you checked if you system is acting as open relay? Check your server IP from the following links:
http://mxtoolbox.com/diagnostic.aspx
http://www.mailradar.com/openrelay/
http://www.checkor.com/
Sudeep
>>>smtpd_recipient_restric
However you also have
smtpd_tls_auth_only = no
Why is that?
Further have you checked if you system is acting as open relay? Check your server IP from the following links:
http://mxtoolbox.com/diagnostic.aspx
http://www.mailradar.com/openrelay/
http://www.checkor.com/
Sudeep
ASKER
using easydns.com
The MX record is pointing to mymailserver.com
C:\Users\Me>nslookup xxx.xxx.xxx.xxx
Server: dsldns-in.embarqhsd.net
Address: 67.235.xxx.xxx
Name: 30.207.xxx.xxx.DED-DSL.fus
Address: xxx.xxx.xxx.xxx
C:\Users\Me>nslookup mymailserver.com
Server: dsldns-in.embarqhsd.net
Address: 67.235.xxx.xxx
Non-authoritative answer:
Name: mymailserver.com
Address: xxx.xxx.xxx.xxx
I will get you the non deliverable reports.
Everything has worked fine for years, the problem just started last 3 weeks.
The MX record is pointing to mymailserver.com
C:\Users\Me>nslookup xxx.xxx.xxx.xxx
Server: dsldns-in.embarqhsd.net
Address: 67.235.xxx.xxx
Name: 30.207.xxx.xxx.DED-DSL.fus
Address: xxx.xxx.xxx.xxx
C:\Users\Me>nslookup mymailserver.com
Server: dsldns-in.embarqhsd.net
Address: 67.235.xxx.xxx
Non-authoritative answer:
Name: mymailserver.com
Address: xxx.xxx.xxx.xxx
I will get you the non deliverable reports.
Everything has worked fine for years, the problem just started last 3 weeks.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER
sudeep - I don't know. I am a newbie at this.
Mailradar gives me:
Port 25 is Closed at xxx.xxx.xxx.xxx
Test aborted.
MXToolbox gives me all checks, except for:
SMTP Reverse DNS Mismatch Warning - Reverse DNS does not match SMTP Banner
Mailradar gives me:
Port 25 is Closed at xxx.xxx.xxx.xxx
Test aborted.
MXToolbox gives me all checks, except for:
SMTP Reverse DNS Mismatch Warning - Reverse DNS does not match SMTP Banner
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionI created a block rule for Port 25 in my Cisco Router. This is what is being blocked.If he shut down port 25, it won't be detected as an open relay at the moment, but it can't stay like this for long if he wants to use it.
The MAC address is that of the router and the server.
ASKER
Here it is:
mylogin@myserver01:~$ sudo tail -f /var/log/mail.log | grep to=
Feb 6 13:35:08 myserver01 postfix/smtp[13212]: 9E29C4D575: to=<cigars@ersecorvo.com>,
Feb 6 13:35:09 myserver01 postfix/smtp[13171]: 3B878C2B44: to=<jfultz@data.cmcore.com
Feb 6 13:35:09 myserver01 postfix/local[13229]: 3786A4D426: to=<MYEMAIL@MYDOMAIN.com>,
Feb 6 13:35:13 myserver01 postfix/smtp[13128]: D4A5FC1879: to=<jaybusbygryt@gutel.com
Feb 6 13:35:15 myserver01 postfix/smtp[13222]: 943DBC2E16: to=<wood-biz@suichi.info>,
Feb 6 13:35:25 myserver01 postfix/smtp[13224]: DA48AC169C: to=<s28d642ohpc63@corp.sup
Feb 6 13:35:29 myserver01 postfix/smtp[13130]: D9A13C15FC: to=<mbogart@a1.interclick.
Feb 6 13:35:29 myserver01 postfix/smtp[13132]: D66074D7E5: to=<glazetd@eudict.com>, relay=none, delay=165328, delays=165237/60/30/0, dsn=4.4.1, status=deferred (connect to eudict.com[216.70.108.87]:
Feb 6 13:35:29 myserver01 postfix/smtp[13139]: DA212C2B8D: to=<kelsy@msnbc.msn.com>, relay=none, delay=434768, delays=434677/60/30/0, dsn=4.4.1, status=deferred (connect to msnbc.msn.com[65.55.53.235
Feb 6 13:35:29 myserver01 postfix/local[13229]: 625CD4D42B: to=<MYEMAIL@MYDOMAIN.com>,
Feb 6 13:35:29 myserver01 postfix/smtp[13143]: DE7D64D69C: to=<pyrexgo79@proracingsim
Feb 6 13:35:29 myserver01 postfix/smtp[13151]: 0767AC1415: to=<jparker@mail.aol.com>,
Feb 6 13:35:29 myserver01 postfix/smtp[13131]: D0AA7C14CB: to=<states@secure.ian.com>
Feb 6 13:35:29 myserver01 postfix/smtp[13149]: DEE2AC2B4E: to=<homes@valeries.com>, relay=none, delay=436182, delays=436091/60/30/0, dsn=4.4.1, status=deferred (connect to valeries.com[82.98.86.167]
Feb 6 13:35:29 myserver01 postfix/smtp[13138]: DF180C2D8D: to=<ekinder@uid.shoplocal.
Feb 6 13:35:29 myserver01 postfix/smtp[13152]: DB428C2BB9: to=<hjones@rslusa.com>, relay=none, delay=435104, delays=435013/61/30/0, dsn=4.4.1, status=deferred (connect to rslusa.com[208.91.196.50]:
Feb 6 13:35:29 myserver01 postfix/local[13229]: CA1554D42F: to=<MYEMAIL@MYDOMAIN.com>,
Feb 6 13:35:29 myserver01 postfix/local[13229]: D1A614D42D: to=<MYEMAIL@MYDOMAIN.com>,
Feb 6 13:35:29 myserver01 postfix/smtp[13136]: DE305C2C79: to=<faustinonelson_zx@pnte
Feb 6 13:35:29 myserver01 postfix/local[13229]: EC2764D42F: to=<MYEMAIL@MYDOMAIN.com>,
Feb 6 13:35:30 myserver01 postfix/smtp[13165]: 923A9C1523: to=<searches@villamalgae.c
Feb 6 13:35:30 myserver01 postfix/smtp[13162]: 95CD4C5666: to=<jpb1143@students.pjc.e
Feb 6 13:35:30 myserver01 postfix/smtp[13179]: 9FCA14D776: to=<john_hanley@bxadycorp.
Feb 6 13:35:30 myserver01 postfix/smtp[13174]: 6F9A7C2BA7: to=<cwanish@media.gsimedia
Feb 6 13:35:30 myserver01 postfix/local[13229]: 6AC0E4D432: to=<MYEMAIL@MYDOMAIN.com>,
Feb 6 13:35:30 myserver01 postfix/smtp[13158]: 9B46E4DA6F: to=<k_muraj_ia@nedllc.mo>,
Feb 6 13:35:30 myserver01 postfix/smtp[13147]: DD5074D9AA: to=<dtdtiy@english.ivsz.hu
Feb 6 13:35:31 myserver01 postfix/smtp[13189]: 9168CC2E30: to=<expert@gladefern.com>,
Feb 6 13:35:31 myserver01 postfix/smtp[13201]: 9C6F9C2EA3: to=<diafrate@1031helpcente
Feb 6 13:35:31 myserver01 postfix/smtp[13209]: 9F9E1C2BED: to=<kara@at.atwola.com>, relay=none, delay=434993, delays=434900/32/60/0, dsn=4.4.1, status=deferred (connect to at.atwola.com[64.236.144.2
Feb 6 13:35:31 myserver01 postfix/smtp[13211]: 32C81C18D0: to=<matt.eckler@firstunion
Feb 6 13:35:31 myserver01 postfix/local[13229]: 3EC334D436: to=<MYEMAIL@MYDOMAIN.com>,
Feb 6 13:35:31 myserver01 postfix/smtp[13192]: 393F4C2EF2: to=<emailreed.kyrk@comcast
Feb 6 13:35:31 myserver01 postfix/smtp[13205]: 3DEFAC1A6E: to=<linda.kohler@cbdfw.com
Feb 6 13:35:31 myserver01 postfix/smtp[13223]: 3AA3BC2C0A: to=<kseno@chkcnt.edu>, relay=none, delay=434928, delays=434836/32/60/0, dsn=4.4.1, status=deferred (connect to chkcnt.edu[69.16.143.70]:2
Feb 6 13:35:31 myserver01 postfix/smtp[13193]: 3A37CC1DD4: to=<bonita.a.pollard@onemo
Feb 6 13:35:31 myserver01 postfix/local[13229]: 6F7084D43B: to=<MYEMAIL@MYDOMAIN.com>,
Feb 6 13:35:31 myserver01 postfix/smtp[13198]: 3D3964DAED: to=<customerservice@ketteh
Feb 6 13:35:32 myserver01 postfix/smtp[13125]: 3C211C1760: to=<mita7770@gmail.co>, relay=none, delay=162548, delays=162455/33/60/0, dsn=4.4.1, status=deferred (connect to gmail.co[74.125.228.54]:25
Feb 6 13:35:32 myserver01 postfix/smtp[13207]: 35733C2C95: to=<lynnettecristy@gartmor
mylogin@myserver01:~$ sudo tail -f /var/log/mail.log | grep to=
Feb 6 13:35:08 myserver01 postfix/smtp[13212]: 9E29C4D575: to=<cigars@ersecorvo.com>,
Feb 6 13:35:09 myserver01 postfix/smtp[13171]: 3B878C2B44: to=<jfultz@data.cmcore.com
Feb 6 13:35:09 myserver01 postfix/local[13229]: 3786A4D426: to=<MYEMAIL@MYDOMAIN.com>,
Feb 6 13:35:13 myserver01 postfix/smtp[13128]: D4A5FC1879: to=<jaybusbygryt@gutel.com
Feb 6 13:35:15 myserver01 postfix/smtp[13222]: 943DBC2E16: to=<wood-biz@suichi.info>,
Feb 6 13:35:25 myserver01 postfix/smtp[13224]: DA48AC169C: to=<s28d642ohpc63@corp.sup
Feb 6 13:35:29 myserver01 postfix/smtp[13130]: D9A13C15FC: to=<mbogart@a1.interclick.
Feb 6 13:35:29 myserver01 postfix/smtp[13132]: D66074D7E5: to=<glazetd@eudict.com>, relay=none, delay=165328, delays=165237/60/30/0, dsn=4.4.1, status=deferred (connect to eudict.com[216.70.108.87]:
Feb 6 13:35:29 myserver01 postfix/smtp[13139]: DA212C2B8D: to=<kelsy@msnbc.msn.com>, relay=none, delay=434768, delays=434677/60/30/0, dsn=4.4.1, status=deferred (connect to msnbc.msn.com[65.55.53.235
Feb 6 13:35:29 myserver01 postfix/local[13229]: 625CD4D42B: to=<MYEMAIL@MYDOMAIN.com>,
Feb 6 13:35:29 myserver01 postfix/smtp[13143]: DE7D64D69C: to=<pyrexgo79@proracingsim
Feb 6 13:35:29 myserver01 postfix/smtp[13151]: 0767AC1415: to=<jparker@mail.aol.com>,
Feb 6 13:35:29 myserver01 postfix/smtp[13131]: D0AA7C14CB: to=<states@secure.ian.com>
Feb 6 13:35:29 myserver01 postfix/smtp[13149]: DEE2AC2B4E: to=<homes@valeries.com>, relay=none, delay=436182, delays=436091/60/30/0, dsn=4.4.1, status=deferred (connect to valeries.com[82.98.86.167]
Feb 6 13:35:29 myserver01 postfix/smtp[13138]: DF180C2D8D: to=<ekinder@uid.shoplocal.
Feb 6 13:35:29 myserver01 postfix/smtp[13152]: DB428C2BB9: to=<hjones@rslusa.com>, relay=none, delay=435104, delays=435013/61/30/0, dsn=4.4.1, status=deferred (connect to rslusa.com[208.91.196.50]:
Feb 6 13:35:29 myserver01 postfix/local[13229]: CA1554D42F: to=<MYEMAIL@MYDOMAIN.com>,
Feb 6 13:35:29 myserver01 postfix/local[13229]: D1A614D42D: to=<MYEMAIL@MYDOMAIN.com>,
Feb 6 13:35:29 myserver01 postfix/smtp[13136]: DE305C2C79: to=<faustinonelson_zx@pnte
Feb 6 13:35:29 myserver01 postfix/local[13229]: EC2764D42F: to=<MYEMAIL@MYDOMAIN.com>,
Feb 6 13:35:30 myserver01 postfix/smtp[13165]: 923A9C1523: to=<searches@villamalgae.c
Feb 6 13:35:30 myserver01 postfix/smtp[13162]: 95CD4C5666: to=<jpb1143@students.pjc.e
Feb 6 13:35:30 myserver01 postfix/smtp[13179]: 9FCA14D776: to=<john_hanley@bxadycorp.
Feb 6 13:35:30 myserver01 postfix/smtp[13174]: 6F9A7C2BA7: to=<cwanish@media.gsimedia
Feb 6 13:35:30 myserver01 postfix/local[13229]: 6AC0E4D432: to=<MYEMAIL@MYDOMAIN.com>,
Feb 6 13:35:30 myserver01 postfix/smtp[13158]: 9B46E4DA6F: to=<k_muraj_ia@nedllc.mo>,
Feb 6 13:35:30 myserver01 postfix/smtp[13147]: DD5074D9AA: to=<dtdtiy@english.ivsz.hu
Feb 6 13:35:31 myserver01 postfix/smtp[13189]: 9168CC2E30: to=<expert@gladefern.com>,
Feb 6 13:35:31 myserver01 postfix/smtp[13201]: 9C6F9C2EA3: to=<diafrate@1031helpcente
Feb 6 13:35:31 myserver01 postfix/smtp[13209]: 9F9E1C2BED: to=<kara@at.atwola.com>, relay=none, delay=434993, delays=434900/32/60/0, dsn=4.4.1, status=deferred (connect to at.atwola.com[64.236.144.2
Feb 6 13:35:31 myserver01 postfix/smtp[13211]: 32C81C18D0: to=<matt.eckler@firstunion
Feb 6 13:35:31 myserver01 postfix/local[13229]: 3EC334D436: to=<MYEMAIL@MYDOMAIN.com>,
Feb 6 13:35:31 myserver01 postfix/smtp[13192]: 393F4C2EF2: to=<emailreed.kyrk@comcast
Feb 6 13:35:31 myserver01 postfix/smtp[13205]: 3DEFAC1A6E: to=<linda.kohler@cbdfw.com
Feb 6 13:35:31 myserver01 postfix/smtp[13223]: 3AA3BC2C0A: to=<kseno@chkcnt.edu>, relay=none, delay=434928, delays=434836/32/60/0, dsn=4.4.1, status=deferred (connect to chkcnt.edu[69.16.143.70]:2
Feb 6 13:35:31 myserver01 postfix/smtp[13193]: 3A37CC1DD4: to=<bonita.a.pollard@onemo
Feb 6 13:35:31 myserver01 postfix/local[13229]: 6F7084D43B: to=<MYEMAIL@MYDOMAIN.com>,
Feb 6 13:35:31 myserver01 postfix/smtp[13198]: 3D3964DAED: to=<customerservice@ketteh
Feb 6 13:35:32 myserver01 postfix/smtp[13125]: 3C211C1760: to=<mita7770@gmail.co>, relay=none, delay=162548, delays=162455/33/60/0, dsn=4.4.1, status=deferred (connect to gmail.co[74.125.228.54]:25
Feb 6 13:35:32 myserver01 postfix/smtp[13207]: 35733C2C95: to=<lynnettecristy@gartmor
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
p.s.
none of the above emails where actual sent by a user.
none of the above emails where actual sent by a user.
Check /var/log/mail.log, see who submits the messages.
Tamas