2

I have been hired by a customer to secure his email server to prevent spam and so. They have Plesk Onyx with Postfix as MTA.

I have installed incoming spam filters (barracuda, etc...), developed a script that looks for unauthorized authentication attempts to block the IP temporaly, and limiting the outgoind email by subscription.

Everything seems to work fine but today we have an issue that I can't resolve, so I need some help. We have several email on the queue and we see the following log:

Nov 22 04:45:29 srv1 postfix/qmgr[19349]: E67091CF059: from=<>, size=2869, 
nrcpt=1 (queue active)
Nov 22 04:45:59 srv1 postfix/smtp[14118]: E67091CF059: to=
<Elisabetqi@static.vnpt.vn>, relay=none, delay=57351, 
delays=57321/0.01/30/0, dsn=4.4.1, status=deferred (connect to 
static.vnpt.vn[203.162.0.78]:25: Connection timed out)

This is a grep from ID E67091CF059, and repeats for three times until now. If you need more info, please ask.

The problem is that I can't detect who is sending this email (script, user, other thing...) and I need to detect to solve the problem.

HBruijn
  • 72,524
  • 21
  • 127
  • 192
Iker Vázquez
  • 123
  • 3

1 Answers1

1

A quick queue listing can be done with mailq and the headers and contents of a specific message can be inspected with postcat -vq E67091CF059

HBruijn
  • 72,524
  • 21
  • 127
  • 192
  • Thanks for the command! I see that someone sent an email to a non existent email address with that source (Elisabetqi@static.vnpt.vn), and the server is trying to reply that the email doesn't exists. The best thing is that it's not spam :-D – Iker Vázquez Nov 22 '17 at 08:49