| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | 
11-07-2009, 09:47 PM
| | |  spam from in server zimbra
many emails sent from server system
help me!!!
Last lines of /var/log/mail.log Only show lines with text Code: Nov 8 12:29:39 server1 postfix/error[6307]: 37FAD14E97F: to=<unakasprings@yahoo.com>, relay=none, delay=1.4, delays=0.14/0.09/0/1.1, dsn=4.7.0, status=deferred (delivery temporarily suspended: host f.mx.mail.yahoo.com[98.137.54.237] refused to talk to me: 421 4.7.0 [TS01] Messages from 118.69.228.253 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Nov 8 12:29:39 server1 postfix/smtp[4534]: 302B514E9E5: to=<onlinebanking@alert.bankofamerica.com>, relay=none, delay=7.4, delays=0.01/7.4/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=alert.bankofamerica.com type=A: Host not found)
Nov 8 12:29:39 server1 postfix/qmgr[8951]: 302B514E9E5: removed
Nov 8 12:29:39 server1 postfix/error[23297]: 37FAD14E97F: to=<umartind@comcast.net>, relay=none, delay=1.5, delays=0.14/0.09/0/1.2, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mx4.comcast.net[76.96.26.14]:25: Connection timed out)
Nov 8 12:29:39 server1 postfix/smtp[4558]: 090EA14E95C: to=<kokesch@earthlink.net>, relay=mx1.earthlink.net[209.86.93.226]:25, conn_use=2, delay=236, delays=0.23/220/14/0.65, dsn=5.0.0, status=bounced (host mx1.earthlink.net[209.86.93.226] said: 550 kokesch@earthlink.net...User account is unavailable (in reply to RCPT TO command))
Nov 8 12:29:39 server1 postfix/smtpd[3030]: warning: 41.211.239.130: address not listed for hostname 130.239.211.41.client130.directonpc.net
Nov 8 12:29:39 server1 postfix/smtpd[3030]: connect from unknown[41.211.239.130]
Nov 8 12:29:40 server1 postfix/smtp[4550]: connect to aln-mailrelay.att.net[12.102.252.75]:25: Connection timed out
Nov 8 12:29:40 server1 postfix/smtp[4811]: 415E214E826: to=<kitsales@ivillage.com>, relay=none, delay=239, delays=0.15/186/53/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=ivillage.com type=MX: Host not found, try again)
Nov 8 12:29:40 server1 postfix/error[22854]: 37FAD14E97F: to=<ufo70@webtv.net>, relay=none, delay=2.1, delays=0.14/0.09/0/1.9, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to smtpin.mx.webtv.net[209.240.204.26]:25: Connection timed out)
Nov 8 12:29:40 server1 postfix/smtp[4819]: BE52E14E929: to=<kip.britton@govworks.com>, relay=none, delay=239, delays=0.35/210/28/0, dsn=5.4.6, status=bounced (mail for govworks.com loops back to myself)
Nov 8 12:29:40 server1 postfix/smtp[4820]: 415E214E826: to=<kit@klcent.com>, relay=none, delay=239, delays=0.15/186/53/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=klcent.com type=MX: Host not found, try again)
Nov 8 12:29:40 server1 postfix/smtp[4866]: 5626614E93F: to=<koral@koralhalperin.com>, relay=mail.koralhalperin.com[67.159.7.133]:25, delay=235, delays=0.11/232/1.6/1.6, dsn=2.6.0, status=sent (250 2.6.0 10990 bytes received in 00:00:00; Message accepted for delivery)
Nov 8 12:29:40 server1 postfix/smtp[4866]: 9990614E9E9: to=<onlinebanking@alert.bankofamerica.com>, relay=none, delay=3.9, delays=0.01/3.9/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=alert.bankofamerica.com type=A: Host not found)
Nov 8 12:29:40 server1 postfix/qmgr[8951]: 9990614E9E9: removed
Nov 8 12:29:40 server1 postfix/error[23239]: 37FAD14E97F: to=<ummzaahid@gmail.com>, relay=none, delay=2.3, delays=0.14/0.09/0/2.1, dsn=4.7.0, status=deferred (delivery temporarily suspended: host alt4.gmail-smtp-in.l.google.com[209.85.221.65] refused to talk to me: 421-4.7.0 [118.69.228.253] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Senders Guidelines. 39si1905151qyk.118)
Nov 8 12:29:40 server1 postfix/smtp[1555]: 04B6414E95B: to=<laclaire9@earthlink.net>, relay=mx3.earthlink.net[209.86.93.228]:25, delay=237, delays=0.16/218/18/0.5, dsn=5.0.0, status=bounced (host mx3.earthlink.net[209.86.93.228] said: 550 laclaire9@earthlink.net...User account is unavailable (in reply to RCPT TO command))
Nov 8 12:29:40 server1 postfix/smtp[4547]: 252FF14E925: to=<krisanddale@earthlink.net>, relay=mx2.earthlink.net[209.86.93.227]:25, delay=236, delays=0.12/228/7.2/0.64, dsn=5.0.0, status=bounced (host mx2.earthlink.net[209.86.93.227] said: 550 krisanddale@earthlink.net...User unknown (in reply to RCPT TO command))
Nov 8 12:29:40 server1 postfix/smtp[4767]: connect to ismtp.buckeye.everyone.net[216.200.145.235]:25: Connection timed out
Nov 8 12:29:40 server1 postfix/smtp[4767]: BE52E14E929: to=<kingrat@buckeye-express.com>, relay=none, delay=239, delays=0.35/209/30/0, dsn=4.4.1, status=deferred (connect to ismtp.buckeye.everyone.net[216.200.145.235]:25: Connection timed out)
Nov 8 12:29:40 server1 postfix/smtp[4809]: 432BF14E890: to=<kidslightys@bellsouth.com>, relay=cluster7.us.messagelabs.com[216.82.253.179]:25, delay=246, delays=0.14/133/112/0.61, dsn=5.0.0, status=bounced (host cluster7.us.messagelabs.com[216.82.253.179] said: 550 Invalid recipient <kidslightys@bellsouth.com> (#5.1.1) (in reply to RCPT TO command))
Nov 8 12:29:40 server1 postfix/smtp[1555]: 04B6414E95B: to=<ladawnmercier@earthlink.net>, relay=mx3.earthlink.net[209.86.93.228]:25, delay=237, delays=0.16/218/18/0.76, dsn=5.0.0, status=bounced (host mx3.earthlink.net[209.86.93.228] said: 550 ladawnmercier@earthlink.net...User account is unavailable (in reply to RCPT TO command))
Nov 8 12:29:41 server1 postfix/smtp[4559]: connect to mail.henryschein.com[209.64.143.115]:25: Connection timed out
Nov 8 12:29:41 server1 postfix/smtp[4559]: 7BDAB14E8D5: to=<keggett@dentrix.com>, relay=none, delay=249, delays=0.12/123/125/0, dsn=4.4.1, status=deferred (connect to mail.henryschein.com[209.64.143.115]:25: Connection timed out)
Nov 8 12:29:41 server1 postfix/cleanup[4344]: 1349614E9E5: message-id=<20091108052941.1349614E9E5@ssggroup.com.vn>
Nov 8 12:29:41 server1 postfix/bounce[5000]: 7BDAB14E8D5: sender non-delivery notification: 1349614E9E5
Nov 8 12:29:41 server1 postfix/qmgr[8951]: 1349614E9E5: from=<>, size=17821, nrcpt=1 (queue active)
Nov 8 12:29:41 server1 postfix/cleanup[31022]: 2204114E9AE: message-id=<20091108052941.2204114E9AE@ssggroup.com.vn>
Nov 8 12:29:41 server1 postfix/smtp[1554]: 0145A14E959: to=<kim.smith@dmax-ltd.com>, relay=mx1.mail.twtelecom.net[216.136.95.5]:25, delay=240, delays=0.11/175/65/0.27, dsn=4.1.8, status=deferred (host mx1.mail.twtelecom.net[216.136.95.5] said: 450 4.1.8 <onlinebanking@alert.bankofamerica.com>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Nov 8 12:29:41 server1 postfix/bounce[5000]: 432BF14E890: sender non-delivery notification: 2204114E9AE
Nov 8 12:29:41 server1 postfix/qmgr[8951]: 2204114E9AE: from=<>, size=21931, nrcpt=1 (queue active)
Nov 8 12:29:41 server1 postfix/smtp[4824]: connect to mx3.crosswinds.net[8.21.33.47]:25: Connection timed out
Nov 8 12:29:41 server1 postfix/cleanup[4344]: 629A514E978: message-id=<20091108052941.629A514E978@ssggroup.com.vn>
Nov 8 12:29:41 server1 postfix/bounce[7676]: 0145A14E959: sender non-delivery notification: 629A514E978
Nov 8 12:29:41 server1 postfix/qmgr[8951]: 629A514E978: from=<>, size=17557, nrcpt=1 (queue active)
Nov 8 12:29:41 server1 postfix/smtp[4897]: 252FF14E925: to=<kriggs1@columbus.rr.com>, relay=hrndva-smtpin02.mail.rr.com[71.74.56.244]:25, delay=236, delays=0.12/227/9.1/0, dsn=4.7.1, status=deferred (host hrndva-smtpin02.mail.rr.com[71.74.56.244] refused to talk to me: 554 5.7.1 - Connection refused. IP name lookup failed for 118.69.228.253)
Nov 8 12:29:43 server1 postfix/smtp[4818]: 5C6F014E91F: to=<kmccormack@gpsmanagement.com>, relay=none, delay=243, delays=0.29/189/53/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=gpsmanagement.com type=MX: Host not found, try again)
Nov 8 12:29:43 server1 postfix/smtp[4818]: 1079814E83B: to=<onlinebanking@alert.bankofamerica.com>, relay=none, delay=6.9, delays=0.02/6.9/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=alert.bankofamerica.com type=A: Host not found)
Nov 8 12:29:43 server1 postfix/qmgr[8951]: 1079814E83B: removed
Nov 8 12:29:43 server1 postfix/smtp[4836]: 5626614E93F: host hrndva-smtpin01.mail.rr.com[71.74.56.243] refused to talk to me: 554 5.7.1 - Connection refused. IP name lookup failed for 118.69.228.253
Nov 8 12:29:44 server1 postfix/smtp[4561]: connect to mx4.hotmail.com[65.55.92.136]:25: Connection timed out
Nov 8 12:29:44 server1 postfix/smtp[4787]: connect to mailin-04.mx.aol.com[64.12.138.57]:25: Connection timed out
Nov 8 12:29:44 server1 postfix/cleanup[7986]: F063B14E975: message-id=<20091108052834.F063B14E975@ssggroup.com.vn>
Nov 8 12:29:44 server1 postfix/smtp[4816]: 8643114E957: to=<kmartink@midtel.net>, relay=mailin1.inoc.net[64.22.32.61]:25, delay=244, delays=0.19/172/71/0, dsn=4.0.0, status=deferred (host mailin1.inoc.net[64.22.32.61] refused to talk to me: 450 Your host has incomplete DNS. (see RFC1123 / RFC1912))
Nov 8 12:29:44 server1 postfix/smtp[4526]: connect to smtp.sunclipse.com[207.104.211.8]:25: Connection timed out
Nov 8 12:29:44 server1 postfix/smtp[4526]: BE52E14E929: to=<kirk.gray@landsberg.com>, relay=none, delay=243, delays=0.35/211/32/0, dsn=4.4.1, status=deferred (connect to smtp.sunclipse.com[207.104.211.8]:25: Connection timed out)
Nov 8 12:29:45 server1 postfix/smtp[4536]: connect to smtpin.ptd.net[207.44.97.35]:25: Connection timed out
Nov 8 12:29:45 server1 postfix/smtp[4840]: 5C6F014E91F: to=<kmoffett@grayharris.com>, relay=none, delay=244, delays=0.29/190/53/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=grayharris.com type=MX: Host not found, try again)
Nov 8 12:29:45 server1 postfix/smtp[4812]: connect to mx1.lsu.edu.gslb.pphosted.com[67.231.144.37]:25: Connection timed out
Nov 8 12:29:45 server1 postfix/smtp[4812]: 672D114E922: to=<klax@lsu.edu>, relay=none, delay=249, delays=0.14/136/113/0, dsn=4.4.1, status=deferred (connect to mx1.lsu.edu.gslb.pphosted.com[67.231.144.37]:25: Connection timed out)
Last lines of /var/log/mail.log Only show lines with text  |
11-08-2009, 12:13 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,312
| |
So is your other problem of not being able to start mailboxd solved now? It's difficult to follow your problems when you never seem to give any follow-up to the threads you start.
If you really have got a spammer on your system then I'd suggest you check all your users PCs to see if they have a virus or you may have a compromised account on your server that (possibly) has a weak password - search the forums for what steps you can take to minimise this problem. This is not a Zimbra problem it's more a problem of your security in your LAN and standards you apply to things like users passwords.
__________________
Regards
Bill
|
11-08-2009, 01:25 AM
| | | spam from in server zimbra
apologize to you, I always annoying problems and I can not wait long if it is a problem too difficult.
I see unusual problem here, I'm not the mechanism how it works?
problem derives from the internal network from outside the network.
found in mail sent and this is the start of their Here proplem
I need advice, what should I do to end this problem.
Thank you very much!!! |
11-08-2009, 01:28 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,312
| |
Go to this page and run the test and see what it says.
__________________
Regards
Bill
|
11-08-2009, 09:52 AM
| | |
All I see in that log is: all mails were sent from your server were deffered.
Did you check your server queues?
Did you try to change MTA trusted network?
Let's do it and report here, I hope this help |
11-09-2009, 07:36 AM
| | |
Queue does not matter what, all was delete.
such is my mail ip server: 1.2.3.4 IP ISP
MTA currently in my trusted network:
127.0.0.0 / 8 1.2.3.1/29
I have to change how? advice to help you make your |
11-09-2009, 09:00 AM
| | Outstanding Member | |
Posts: 594
| |
So seems one of your account might be compromised. Better to change password. Also i suggest to add RBL zen.spamhaus.org. to reject spammer at source rather than wasting your resources to finally decide its a spam. |
11-09-2009, 05:06 PM
| | |
U can try change your MTA trusted network to: 1.2.3.4/32 |
11-12-2009, 12:04 PM
| | |
Your trusted network needs to have 127.0.0.1/32 in there or the server will not work. Same with the server's internal IP address. Beyond that it really shouldn't have anything else unless you have very special circumstances.
For example here is my server's MTA Trusted Networks:
127.0.0.1/32 192.168.1.6/32 |
11-15-2009, 04:54 AM
| | |
Quote:
Originally Posted by ArcaneMagus  Your trusted network needs to have 127.0.0.1/32 in there or the server will not work. Same with the server's internal IP address. Beyond that it really shouldn't have anything else unless you have very special circumstances.
For example here is my server's MTA Trusted Networks:
127.0.0.1/32 192.168.1.6/32 | I changed the MTA are as follows: 127.0.0.1/32 myIP/32
More RBL simultaneously as follows: Zen.spamhaus.org
Current mailserver is working very well, no more spam
Thanks everyone very much | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
