Whenever I go to the mail queue log in the ISPConfig monitor section, I see approx. 300 hundred requests like the following:
482BDFEC0187 712 Thu Oct 9 09:39:01 smmsp@server.example.com
(connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
root@server.example.com
Why are they here? It's either the root
or smmsp
user. Does this mean that my server is being attacked by spammers?
EDIT: I've already cleared the mail queue a day ago.
EDIT2: Here is an excerpt from the mail logs:
Oct 9 16:29:33 402283 postfix/error[4513]: 1EC3B6EC0105: to=<root@server.example.com/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
Oct 9 16:29:33 402283 postfix/error[4512]: 7A9166EC0135: to=<root@server.example.com>, orig_to=<root>, relay=none, delay=118172, delays=118172/0.05/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
Oct 9 16:29:33 402283 postfix/error[4513]: 707A26EC00D7: to=<root@server.example.com>, orig_to=<root>, relay=none, delay=151772, delays=151772/0.05/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
Oct 9 16:29:33 402283 postfix/error[4512]: 75D966EC009D: to=<root@server.example.com>, orig_to=<root>, relay=none, delay=168572, delays=168572/0.05/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
Oct 9 16:30:01 402283 dovecot: imap-login: Disconnected (disconnected before greeting, waited 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<Nz72bf0EyAB/AAAB>
Oct 9 16:30:01 402283 postfix/smtpd[4559]: connect from localhost.localdomain[127.0.0.1]
An excerpt of one email header from the mail queue:
named_attribute: rewrite_context=local
sender_fullname: CronDaemon
sender: root@server.example.com
original_recipient: root
recipient: root@server.example.com