Hallo,
ich brauche eure Hilfe! meine mailq ist mit über 900 Emails von einer Emailadresse voll welche nicht in meinem System angelegt ist!
Server wurde auf open-Relay getestet, Rootkits sind auch keine vorhanden!
Auf dem System laufen ca. 3000 Mailboxen
das ganze läuft über virtual-mailboxen
hier meine main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=no
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = test.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost, mailserver.test.com
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = 194.242.xxx.xxx
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = hash:/etc/postfix/virtual,proxy:mysql:/etc/postfix/mysql-virtual-alias-maps.cf,proxy:mysql:/etc/postfix/mysql-email2email.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,check_client_access hash:/etc/postfix/pop-before-smtp,reject_unauth_destination,check_policy_service inet:127.0.0.1:12525, check_recipient_access hash:/etc/postf$
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, reject_unknown_address, reject_non_fqdn_sender
smtpd_client_restrictions =
check_client_access hash:/etc/postfix/access
permit_mynetworks
permit_sasl_authenticated
check_client_access hash:/etc/postfix/pop-before-smtp
reject_unauth_pipelining
reject_rbl_client bl.spamcop.net
reject_rbl_client dnsbl.dronebl.org
reject_rbl_client cbl.abuseat.org
reject_rbl_client ix.dnsbl.manitu.net
reject_rbl_client combined.njabl.org
reject_rbl_client zen.spamhaus.org
reject_rbl_client t1.dnsbl.net.au
check_policy_service inet:127.0.0.1:10023
transport_maps = hash:/etc/postfix/transport
header_checks = regexp:/etc/postfix/header_checks
message_size_limit = 50240000
maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d
smtp_data_done_timeout = 1200s
mail.err
Jun 11 09:58:19 mailserver postfix/cleanup[17696]: fatal: 1FBDDD7C2C5: move to hold queue failed: No such file or directory
postcar einer solchen mail:
mailserver:/etc/postfix# postcat /var/spool/postfix/deferred/9/945A51B8340
*** ENVELOPE RECORDS /var/spool/postfix/deferred/9/945A51B8340 ***
message_size: 2800 215 1 0 2800
message_arrival_time: Tue Jun 11 10:16:31 2013
create_time: Tue Jun 11 10:16:31 2013
named_attribute: log_message_origin=local
named_attribute: trace_flags=0
sender:
original_recipient: yayatulla@comcast.net
recipient: yayatulla@comcast.net
*** MESSAGE CONTENTS /var/spool/postfix/deferred/9/945A51B8340 ***
Received: by test.com (Postfix)
id 945A51B8340; Tue, 11 Jun 2013 10:16:31 +0200 (CEST)
Date: Tue, 11 Jun 2013 10:16:31 +0200 (CEST)
From: MAILER-DAEMON@mailserver.text.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: yayatulla@comcast.net
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="27FE71B8331.1370938591/test.com"
Message-Id: <20130611081631.945A51B8340@test.com>
This is a MIME-encapsulated message.
--27FE71B8331.1370938591/test.com
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii
This is the mail system at host test.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<doristucker@bellsouth.net>: host gateway-f1.isp.att.net[204.127.217.16] said:
550 [SUSPEND] Mailbox currently suspended - Please contact correspondent
directly (in reply to RCPT TO command)
--27FE71B8331.1370938591/test.com
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; test.com
X-Postfix-Queue-ID: 27FE71B8331
X-Postfix-Sender: rfc822; yayatulla@comcast.net
Arrival-Date: Tue, 11 Jun 2013 10:15:51 +0200 (CEST)
Final-Recipient: rfc822; doristucker@bellsouth.net
Original-Recipient: rfc822;doristucker@bellsouth.net
Action: failed
Status: 5.0.0
Remote-MTA: dns; gateway-f1.isp.att.net
Diagnostic-Code: smtp; 550 [SUSPEND] Mailbox currently suspended - Please
contact correspondent directly
--27FE71B8331.1370938591/test.com
Content-Description: Undelivered Message Headers
Content-Type: text/rfc822-headers
Return-Path: <yayatulla@comcast.net>
Received: from faswts.fas-tec.local (50.86.213.193.static.cust.telenor.com [193.213.86.50])
by test.com (Postfix) with ESMTPA id A3C081B831C;
Tue, 11 Jun 2013 10:15:51 +0200 (CEST)
Content-Type: multipart/mixed; boundary="===============1412344710=="
MIME-Version: 1.0
Subject: Payment receipt
To: Recipients <yayatulla@comcast.net>
From: "Ernst Kuemmerle" <yayatulla@comcast.net>
Date: Tue, 11 Jun 2013 10:15:37 +0200
X-TEST-MailScanner-Information: Please contact the ISP for more information
X-TEST-MailScanner-ID: A3C081B831C.AEED0
X-TEST-MailScanner: Found to be clean
X-TEST-MailScanner-From: yayatulla@comcast.net
X-Spam-Status: No
--27FE71B8331.1370938591/test.com--
*** HEADER EXTRACTED /var/spool/postfix/deferred/9/945A51B8340 ***
*** MESSAGE FILE END /var/spool/postfix/deferred/9/945A51B8340 ***
mailserver:/etc/postfix#
Server:
Debian mailserver 2.6.32-5-amd64#1
mysql 5.5.14
Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8o mod_perl/2.0.4 Perl/v5.10.1
Bitte um Hilfe,...danke
ich brauche eure Hilfe! meine mailq ist mit über 900 Emails von einer Emailadresse voll welche nicht in meinem System angelegt ist!
Server wurde auf open-Relay getestet, Rootkits sind auch keine vorhanden!
Auf dem System laufen ca. 3000 Mailboxen
das ganze läuft über virtual-mailboxen
hier meine main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=no
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = test.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost, mailserver.test.com
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = 194.242.xxx.xxx
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = hash:/etc/postfix/virtual,proxy:mysql:/etc/postfix/mysql-virtual-alias-maps.cf,proxy:mysql:/etc/postfix/mysql-email2email.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,check_client_access hash:/etc/postfix/pop-before-smtp,reject_unauth_destination,check_policy_service inet:127.0.0.1:12525, check_recipient_access hash:/etc/postf$
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, reject_unknown_address, reject_non_fqdn_sender
smtpd_client_restrictions =
check_client_access hash:/etc/postfix/access
permit_mynetworks
permit_sasl_authenticated
check_client_access hash:/etc/postfix/pop-before-smtp
reject_unauth_pipelining
reject_rbl_client bl.spamcop.net
reject_rbl_client dnsbl.dronebl.org
reject_rbl_client cbl.abuseat.org
reject_rbl_client ix.dnsbl.manitu.net
reject_rbl_client combined.njabl.org
reject_rbl_client zen.spamhaus.org
reject_rbl_client t1.dnsbl.net.au
check_policy_service inet:127.0.0.1:10023
transport_maps = hash:/etc/postfix/transport
header_checks = regexp:/etc/postfix/header_checks
message_size_limit = 50240000
maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d
smtp_data_done_timeout = 1200s
mail.err
Jun 11 09:58:19 mailserver postfix/cleanup[17696]: fatal: 1FBDDD7C2C5: move to hold queue failed: No such file or directory
postcar einer solchen mail:
mailserver:/etc/postfix# postcat /var/spool/postfix/deferred/9/945A51B8340
*** ENVELOPE RECORDS /var/spool/postfix/deferred/9/945A51B8340 ***
message_size: 2800 215 1 0 2800
message_arrival_time: Tue Jun 11 10:16:31 2013
create_time: Tue Jun 11 10:16:31 2013
named_attribute: log_message_origin=local
named_attribute: trace_flags=0
sender:
original_recipient: yayatulla@comcast.net
recipient: yayatulla@comcast.net
*** MESSAGE CONTENTS /var/spool/postfix/deferred/9/945A51B8340 ***
Received: by test.com (Postfix)
id 945A51B8340; Tue, 11 Jun 2013 10:16:31 +0200 (CEST)
Date: Tue, 11 Jun 2013 10:16:31 +0200 (CEST)
From: MAILER-DAEMON@mailserver.text.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: yayatulla@comcast.net
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="27FE71B8331.1370938591/test.com"
Message-Id: <20130611081631.945A51B8340@test.com>
This is a MIME-encapsulated message.
--27FE71B8331.1370938591/test.com
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii
This is the mail system at host test.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<doristucker@bellsouth.net>: host gateway-f1.isp.att.net[204.127.217.16] said:
550 [SUSPEND] Mailbox currently suspended - Please contact correspondent
directly (in reply to RCPT TO command)
--27FE71B8331.1370938591/test.com
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; test.com
X-Postfix-Queue-ID: 27FE71B8331
X-Postfix-Sender: rfc822; yayatulla@comcast.net
Arrival-Date: Tue, 11 Jun 2013 10:15:51 +0200 (CEST)
Final-Recipient: rfc822; doristucker@bellsouth.net
Original-Recipient: rfc822;doristucker@bellsouth.net
Action: failed
Status: 5.0.0
Remote-MTA: dns; gateway-f1.isp.att.net
Diagnostic-Code: smtp; 550 [SUSPEND] Mailbox currently suspended - Please
contact correspondent directly
--27FE71B8331.1370938591/test.com
Content-Description: Undelivered Message Headers
Content-Type: text/rfc822-headers
Return-Path: <yayatulla@comcast.net>
Received: from faswts.fas-tec.local (50.86.213.193.static.cust.telenor.com [193.213.86.50])
by test.com (Postfix) with ESMTPA id A3C081B831C;
Tue, 11 Jun 2013 10:15:51 +0200 (CEST)
Content-Type: multipart/mixed; boundary="===============1412344710=="
MIME-Version: 1.0
Subject: Payment receipt
To: Recipients <yayatulla@comcast.net>
From: "Ernst Kuemmerle" <yayatulla@comcast.net>
Date: Tue, 11 Jun 2013 10:15:37 +0200
X-TEST-MailScanner-Information: Please contact the ISP for more information
X-TEST-MailScanner-ID: A3C081B831C.AEED0
X-TEST-MailScanner: Found to be clean
X-TEST-MailScanner-From: yayatulla@comcast.net
X-Spam-Status: No
--27FE71B8331.1370938591/test.com--
*** HEADER EXTRACTED /var/spool/postfix/deferred/9/945A51B8340 ***
*** MESSAGE FILE END /var/spool/postfix/deferred/9/945A51B8340 ***
mailserver:/etc/postfix#
Server:
Debian mailserver 2.6.32-5-amd64#1
mysql 5.5.14
Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8o mod_perl/2.0.4 Perl/v5.10.1
Bitte um Hilfe,...danke