Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Postfix logs flooded from excessive mails

    Hello, I view my /var/log/maillog and see tons of lines like this:
    Apr 14 01:35:16 ns1 postfix/qmgr[13307]: AB33922B89D8: to=<>, relay=none, delay=147009, delays=146024/985/0/0, dsn=4.7.0, status=deferred (delivery temporarily suspended: host[] refused to talk to me: 421 4.7.0 [TS01] Messages from temporarily deferred -; see )

    Apr 14 01:49:59 ns1 postfix/qmgr[18884]: 86AC92110A48: from=<>, size=4096, nrcpt=33 (queue active)

    I think those are some kind of SMTP attacks from this host by I tried to block hit with Iptables but it seemes to peace them off and they keep coming...!

    please some kind of postfix-configuration solution?


  2. #2

    Look like a virus or ddos attack not sure, please help

    I have postfix with mysql in centos5 and i'm getting huge amount of attacks like this (from /var/log/maillog):

    PHP Code:
    Apr 18 00:10:01 game3 postfix/qmgr[28284]: C249334A86Bto=<>, relay=nonedelay=55645delays=53557/2089/0/0dsn=4.4.1status=deferred (delivery temporarily suspendedconnect to[]: Connection timed out)
    Apr 18 00:10:17 game3 postfix/smtpd[31088]: [B]connect from [/B]unknown[
    Notice the connect from.

    attacks from or or million other IPs

    Anyway I have tried to ban them all by extracting the IPs from the maillog and ban them but it's seem to be useless it doesn't do anything, except maybe that some of them says connection timed out...

    This attacks occur only when Postfix is active, and the attacks are reflected in 20%wa taken by the server and all the queue slots are taken by the attackers emails (postfix (qmgr) is overflowed, not giving authentic emails to be received) so I tried to block smtp port:

    PHP Code:
    iptables -A INPUT -p tcp --dport 25 -j DROP
    -A INPUT -p udp --dport 25 -j DROP
    -A OUTPUT -p tcp --dport 25 -j DROP
    -A OUTPUT -p udp --dport 25 -j DROP (:D I got mad so I started to invent some commands
    Farther more, when looking in netstat after blocking smtp not smtp record found at all! yet the attacks keep coming!

    And it's makes some changes, now the attacks seem to come from the inside (lol?) but the same side effects remains:

    PHP Code:
    Apr 18 13:21:31 game postfix/smtp[4061]: BA8912100199to=<>, relay=nonedelay=219delays=142/47/30/0dsn=4.4.1status=deferr$
    Apr 18 13:21:31 game postfix/smtp[4034]: [B]connect to [/B][]: Connection timed out (port 25
    Notice after I blocked smtp it's like the smtp trying to connect to somthing ! and I cannot find in the whole log any connect from.

    So is it somthing with the postfix? virus? ddos? how to block it? I'm working on this a week now and no one has solution nor find in the internet.

    p.s. should I switch to exim insted postfix?


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts