5

I set up brand new Postfix server last night and did not configure at all yet, just did the install. So, I logged in this morning to finish the configuration and notice that there is stuff in the log:

Jan  8 22:31:32 hwsrv-218892 postfix/postfix-script[17415]: starting the Postfix mail system
Jan  8 22:31:32 hwsrv-218892 postfix/master[17417]: daemon started -- version 3.1.6, configuration /etc/postfix
Jan  9 05:15:15 hwsrv-218892 postfix/smtpd[20781]: connect from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108]
Jan  9 05:15:15 hwsrv-218892 postfix/smtpd[20781]: NOQUEUE: reject: RCPT from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108]: 454 4.7.1 <gogo@linwayedm.com.tw>: Relay access denied; from=<dlh@email.cta.cq.cnt> to=<gogo@linwayedm.com.tw> proto=SMTP helo=<23.254.144.153>
Jan  9 05:15:16 hwsrv-218892 postfix/smtpd[20781]: lost connection after RCPT from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108]
Jan  9 05:15:16 hwsrv-218892 postfix/smtpd[20781]: disconnect from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108] helo=1 mail=1 rcpt=0/1 commands=2/3
Jan  9 05:15:40 hwsrv-218892 postfix/smtpd[20781]: connect from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108]
Jan  9 05:15:41 hwsrv-218892 postfix/smtpd[20781]: NOQUEUE: reject: RCPT from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108]: 454 4.7.1 <gogo@linwayedm.com.tw>: Relay access denied; from=<dlh@email.cta.cq.cnt> to=<gogo@linwayedm.com.tw> proto=SMTP helo=<23.254.161.138>
Jan  9 05:15:41 hwsrv-218892 postfix/smtpd[20781]: lost connection after RCPT from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108]
Jan  9 05:15:41 hwsrv-218892 postfix/smtpd[20781]: disconnect from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108] helo=1 mail=1 rcpt=0/1 commands=2/3
Jan  9 05:19:01 hwsrv-218892 postfix/anvil[20784]: statistics: max connection rate 2/60s for (smtp:118.161.157.108) at Jan  9 05:15:40
Jan  9 05:19:01 hwsrv-218892 postfix/anvil[20784]: statistics: max connection count 1 for (smtp:118.161.157.108) at Jan  9 05:15:15
Jan  9 05:19:01 hwsrv-218892 postfix/anvil[20784]: statistics: max cache size 1 at Jan  9 05:15:15

What are the NOQUEUE messages? Does that mean somebody was trying to use my server to relay spam? If so, how can I make sure that does not happen?

Tyler Durden
  • 467
  • 1
  • 5
  • 15

1 Answers1

10

"NOQUEUE" means that Postfix did not queue an incoming message.

"Reject" means that Postfix rejected an incoming message.

"RCPT" means that Postfix rejected the message after the client sent RCPT.

"454 4.7.1 Relay access denied" means that Postfix rejected the message because it was not addressed to any domain that Postfix serves. This is its default configuration, and prevents spam from being relayed.

To ensure nobody uses your mail server to relay spam, you should:

  1. Ensure that the mynetworks setting is locked down as tightly as possible. Any IP address listed there can relay through your server. By default this is only the local host.
  2. Ensure that you have configured Postfix to know what domains it serves mail for, e.g. with mydomain or virtual_mailbox_domains. By default this is the domain of the machine's hostname (which is one reason why you should never give a machine a hostname of its naked domain name).

See also Fighting Spam - What can I do as an: Email Administrator, Domain Owner, or User?

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940