From: Noel Jones (no email)
Date: Thu Mar 05 2009 - 12:17:21 EST
Jim McIver wrote:
> Here's a snippet from maillog, but not sure if it's what your looking for:
Thanks, this is very helpful.
> Mar 4 15:10:13 mail postfix/smtpd: warning: Illegal address
> syntax from unknown[18.104.22.168] in MAIL co
The above client is listed in multiple RBLs, including
zen.spamhaus.org, bl.spamcop.net, cbl.abuseat.org,
b.barracudacentral.org, and dnsbl.sorbs.net.
> Mar 4 15:10:15 mail postfix/smtpd: warning: 22.214.171.124:
> address not listed for hostname mail.medterm.o
> Mar 4 15:10:15 mail postfix/smtpd: connect from
This client is also listed in multiple RBLs.
> Mar 4 15:10:15 mail postfix/smtpd: NOQUEUE: reject_warning: RCPT
> from unknown[126.96.36.199]: 450 Client
> host rejected: cannot find your hostname, [188.8.131.52];
> from=<> to=<>
> proto=SMTP helo=<yahoo.co.jp>
Clearly a forged HELO name. Grounds for rejecting any mail
from this client.
> Mar 4 15:10:15 mail postfix/smtpd: E35C331:
> Mar 4 15:10:18 mail postfix/cleanup: E35C331:
> Mar 4 15:10:18 mail postfix/qmgr: E35C331:
> from=<>, size=966, nrcpt=1 (queue active
> Mar 4 15:10:18 mail postfix/smtp: E35C331:
> to=<>, relay=127.0.0.1[127.0.0.1], delay=3,
> status=bounced (host 127.0.0.1[127.0.0.1] said: 557 Invalid routing
> request - domain in BLACK LIST. (in reply to
> MAIL FROM command))
What?? Some idiot content_filter at 127.0.0.1 is rejecting
the mail after you've already accepted it.
Don't do that. Reject mail when first comes from the
internet. Once mail has been accepted, a content filter must
not reject the message.
> Mar 4 15:10:18 mail postfix/cleanup: 5ABF260:
> Mar 4 15:10:18 mail postfix/qmgr: 5ABF260: from=<>, size=2926,
> nrcpt=1 (queue active)
> Mar 4 15:10:18 mail postfix/qmgr: E35C331: removed
> Mar 4 15:10:19 mail postfix/smtpd: disconnect from
> Mar 4 15:10:20 mail postfix/smtp: 5ABF260:
> to=<>, relay=mx1.mail.yahoo.co.jp[124.83
> .171.181], delay=2, status=bounced (host
> mx1.mail.yahoo.co.jp[184.108.40.206] said: 553 VS10-RT Possible forgery
> or deactivated due to abuse (#5.1.1) (in reply to
> RCPT TO command))
Yahoo didn't send this mail, and they don't want your
Eventually they (and others) will blacklist you for
backscatter - ie. returning mail they never sent.
You must fix your content_filter to not reject mail. Choices
may include tag+deliver, quarantine, or discard, depending on
what your software supports. It may offer the choice of
reject or bounce, don't do that.
You can also greatly reduce the load on the content filter by
using one or two good RBLs to reject mail before it ever gets
to the content_filter. zen.spamhaus.org is safe and very
-- Noel Jones