0
I am using a combination of Postfix, Dovecot and Roundcube for a web mail system. I have a Google Apps for Domains account so am using Google's SMTP server for outgoing mail.
I noticed a couple of days ago my postfix logs reported a couple of deferred emails. On checking mailq
there were a couple of entries like this (not exactly this one because they've been removed):
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- 2A66F820CF 2889 Tue Jul 10 09:42:46 MAILER-DAEMON (SASL authentication failed; server smtp.gmail.com[66.102.1.109] said: 535-5.7.8 Username and Password not accepted. Learn more at?535 5.7.8 https://support.google.com/mail/?p=BadCredentials w135-v6sm3873050wme.7 - gsmtp) donotreply@e.myyodel.co.uk
Yodel is a courier company in the UK and I had a couple of emails from them recently about a package being delivered. However, I did not reply to those emails, and there was no request for a read receipt or anything, so I wasn't sure where these emails in the queue had come from. I also don't know why they were being queued with the "bad credentials" error because I have no problem sending emails normally.
I deleted the two entries and I thought nothing else of it, until this morning when I noticed the entry above appeared again. As I haven't had any emails from Yodel since so this has got me more suspicious.
What could be creating these emails? I don't think it's malware as the fact I have genuinely received emails from Yodel recently make this unlikely.
could Yodel be attempting to send emails via your server and failing? – Sir Adelaide – 2018-07-13T05:39:42.183
@SirAdelaide it’s possible I suppose, but I read the mailq entry as email being sent to yodel. – Darren – 2018-07-13T06:40:45.433