3

I have received an alerting email about the Mailqueue length from the Nagios:

Additional Info: WARN - Mailqueue length is 18 (More than threshold: 10)

In the mailq, I see some messages like this:

-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
A7B39BFB01A7    16746 Tue Apr  9 08:54:57  noreply@domain.vn
                   (connect to asdasd.vn[203.119.8.111]: Connection timed out)
                                         asdasfjkhgkjhkah@asdasd.vn

The value of smtpd_recipient_restrictions:

smtpd_recipient_restrictions = 
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_unauth_destination,
    check_policy_service unix:private/policy,
    reject_unknown_recipient_domain,
    reject_unverified_recipient

Notice that I've enabled the reject_unknown_recipient_domain.

But let's see which IP address that domain is mapped to:

$ nslookup asdasd.vn
Server:     8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
asdasd.vn   canonical name = thongbao.vnnic.vn.
Name:   thongbao.vnnic.vn
Address: 203.119.8.111

Is there any way to disable this behaviour besides blacklist the 203.119.8.111?

UPDATE 1

/var/log/maillog:

Apr 9 15:50:36 mail postfix/qmgr[18585]: 23A66BFB01A0: to=<asdasfjkhgkjhkah@asdasd.vn>, relay=none, delay=25004, delays=24983/21/ 0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to asdasd.vn[203.119.8.111]: Connection timed out)

quanta
  • 50,327
  • 19
  • 152
  • 213

1 Answers1

1

You could run it through postfix_header_checks just set up a line that says /^To:.*@asdasd.vn/ REJECT, or you could do something else if you prefer..

The nice thing about header checks is you can add as many of those as you'd like.

NickW
  • 10,183
  • 1
  • 18
  • 26
  • Thanks, but it doesn't solve the root cause (there is a lot of non-existent domains that the end user could enter). About the blacklist, I'm afraid that the legitimate users (`someone@vnnic.vn`) can be affected. – quanta Apr 09 '13 at 08:54
  • You could just put noreply@asdasd.vn.. I agree on the non existent domains bit though. – NickW Apr 09 '13 at 08:55
  • Notice that `@asdasd.vn` is the recipient side. `noreply@mydomain.vn` is the sender side. What do you mean by `noreply@asdasd.vn`? How about the other non-existent domains? – quanta Apr 09 '13 at 08:58
  • asdasfjkhgkjhkah@asdasd.vn sorry. – NickW Apr 09 '13 at 09:01
  • Yeah, a blacklist by any other name. The problem is that those domains do have an MX, so they're going to have to wait until postfix discards them. How did you get a mail like that in your queue anyhow, local mail forms? – NickW Apr 09 '13 at 09:04
  • MX or CNAME --> A? I don't know the exact reason why it stuck in queue but after the "Connection timed out", it stand there. See my updated. – quanta Apr 09 '13 at 09:22
  • Yeah, if you do a dig -t mx asdasd.vn there is a record. `;; QUESTION SECTION: ;asdasd.vn. IN MX ;; ANSWER SECTION: asdasd.vn. 52 IN CNAME thongbao.vnnic.vn.` – NickW Apr 09 '13 at 09:24
  • I used to see these fairly regularly, they're basically attacks where they were trying to inject something into your webforms, the messages just sit there until postfix decides they're undeliverable.. – NickW Apr 09 '13 at 09:26
  • let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/8260/discussion-between-quanta-and-nickw) – quanta Apr 09 '13 at 09:27