MAILER-DAEMON a mailq ban

  • A mailq parancs után sokszor hosszú lista jelenik meg ilyenekből:

    Code
    1. -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------68CF14019B 2557 Mon Oct 9 10:11:18 MAILER-DAEMON (connect to kdemailblaster.com[185.140.110.3]:25: Connection refused) [email protected] 2551 Mon Oct 9 10:12:19 MAILER-DAEMON (connect to kdemailblaster.com[185.140.110.3]:25: Connection refused) [email protected] 3518 Mon Oct 9 10:01:20 MAILER-DAEMON (connect to karimiskincenter.com[185.140.110.3]:25: Connection refused) [email protected] 2563 Mon Oct 9 10:12:18 MAILER-DAEMON (connect to kdemailblaster.com[185.140.110.3]:25: Connection refused) [email protected] 16 Kbytes in 4 Requests.


    Az egyiket kilistáztam a cat /var/log/mail.log|grep "68CF14019B" paranccsal:



    Code: mail.log
    1. cat /var/log/mail.log|grep "68CF14019B"
    2. Oct 9 10:11:18 pro1 postfix/pickup[3117]: 68CF14019B: uid=999 from=<>
    3. Oct 9 10:11:18 pro1 postfix/cleanup[663]: 68CF14019B: message-id=<[email protected]>
    4. Oct 9 10:11:19 pro1 opendkim[1446]: 68CF14019B: DKIM-Signature field added (s=mail, d=ows.hu)
    5. Oct 9 10:11:19 pro1 postfix/qmgr[4820]: 68CF14019B: from=<>, size=2557, nrcpt=1 (queue active)
    6. Oct 9 10:11:19 pro1 postfix/smtp[3717]: 68CF14019B: to=<[email protected]>, relay=none, delay=0.95, delays=0.91/0.02/0.02/0, dsn=4.4.1, status=deferred (connect to kdemailblaster.com[185.140.110.3]:25: Connection refused)
    7. Oct 9 10:16:22 pro1 postfix/qmgr[4820]: 68CF14019B: from=<>, size=2557, nrcpt=1 (queue active)
    8. Oct 9 10:16:23 pro1 postfix/smtp[4379]: 68CF14019B: to=<[email protected]>, relay=none, delay=305, delays=305/0.03/0.02/0, dsn=4.4.1, status=deferred (connect to kdemailblaster.com[185.140.110.3]:25: Connection refused)


    Mi a fene küldi ezeket a leveleket, és hogy tudom eltüntetni?

  • @rauschr


    The problem is that the remote server kdemailblaster.com (185.140.110.3) refuse connection on port 25


    Shell-Script
    1. nuxwin@dev:~$ telnet 185.140.110.3 25Trying 185.140.110.3...telnet: Unable to connect to remote host: Connection refused


    Shell-Script
    1. nuxwin@dev:~$ telnet kdemailblaster.com 25
    2. Trying 185.140.110.3...
    3. telnet: Unable to connect to remote host: Connection refused
    4. nuxwin@dev:~$

    That is same for other domains such as karimiskincenter.com...
    The problem is not on i-MSCP side... There is someone (or a script) on your server that send those mails. You should investigate.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • How to I solve it?


    Show us the one mail source. What you say look like a bounce message sent by Postfix, following SpamAssassin reject...

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • A email account is full, and respond quota email, but the sender is "from=<>".

    Show us the full mail source ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • mailq output

    Code
    1. mailq-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------61DD7407D2 4241 Tue Oct 10 08:40:54 MAILER-DAEMON (connect to gainweighttoday.com[185.140.110.3]:25: Connection refused) [email protected] 4174 Tue Oct 10 09:47:03 MAILER-DAEMON (connect to nyctodesign.com[185.140.110.3]:25: Connection refused) [email protected] 4337 Tue Oct 10 08:40:16 MAILER-DAEMON(delivery temporarily suspended: connect to gainweighttoday.com[185.140.110.3]:25: Connection refused) [email protected] 4313 Tue Oct 10 11:06:09 MAILER-DAEMON (connect to gainweighttoday.com[185.140.110.3]:25: Connection refused) [email protected] 3363 Tue Oct 10 03:16:02 MAILER-DAEMON(host aspmx.l.google.com[74.125.71.27] said: 450-4.2.1 The user you are trying to contact is receiving mail too quickly. 450-4.2.1 Please resend your message at a later time. If the user is able to 450-4.2.1 receive mail at that time, your message will be delivered. For more 450-4.2.1 information, please visit 450 4.2.1 https://support.google.com/mail/?p=OverReceiveLimit i70si9494732wri.414 - gsmtp (in reply to RCPT TO command)) [email protected] 4236 Tue Oct 10 07:46:18 MAILER-DAEMON (connect to nyctodesign.com[185.140.110.3]:25: Connection refused) [email protected] 4236 Tue Oct 10 09:46:35 MAILER-DAEMON(delivery temporarily suspended: connect to nyctodesign.com[185.140.110.3]:25: Connection refused) [email protected]


    search mail.log last email

    Code: mail.log
    1. cat /var/log/mail.log|grep "[email protected]"Oct 10 09:46:34 pro1 postfix/policy-spf[6577]: Policy action=PREPEND Received-SPF: none (nyctodesign.com: No applicable sender policy available) receiver=pro1.ows.hu; identity=mailfrom; envelope-from="[email protected]"; helo=altruist.nyctodesign.com; client-ip=134.255.239.40Oct 10 09:46:34 pro1 postgrey[1517]: action=pass, reason=client AWL, client_name=unknown, client_address=134.255.239.40, [email protected], [email protected] 10 09:46:35 pro1 postfix/qmgr[4820]: 9932F401CF: from=<[email protected]>, size=7877, nrcpt=1 (queue active)Oct 10 09:46:35 pro1 postfix/smtp[6912]: 80D28407F3: to=<[email protected]>, relay=none, delay=0.15, delays=0.1/0.02/0.03/0, dsn=4.4.1, status=deferred (connect to nyctodesign.com[185.140.110.3]:25: Connection refused)Oct 10 09:56:22 pro1 postfix/error[8163]: 80D28407F3: to=<[email protected]>, relay=none, delay=587, delays=587/0.37/0/0.14, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to nyctodesign.com[185.140.110.3]:25: Connection refused)Oct 10 10:06:22 pro1 postfix/error[9543]: 80D28407F3: to=<[email protected]>, relay=none, delay=1187, delays=1187/0.13/0/0.05, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to nyctodesign.com[185.140.110.3]:25: Connection refused)Oct 10 10:26:22 pro1 postfix/error[12699]: 80D28407F3: to=<[email protected]>, relay=none, delay=2387, delays=2387/0.21/0/0.12, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to nyctodesign.com[185.140.110.3]:25: Connection refused)Oct 10 11:06:22 pro1 postfix/error[18383]: 80D28407F3: to=<[email protected]>, relay=none, delay=4787, delays=4787/0.24/0/0.06, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to nyctodesign.com[185.140.110.3]:25: Connection refused)

    search last email id in the mail.log


    The sender was [email protected] "pro1.ows.hu is my panel domain"


    if it were another virtual domain the sender was [email protected] (at PHPmailer)
    or full email address.


    My plugins:
    ClamAV
    CronJobs
    DomainAutoApproval
    LetsEncrypt
    Mailgraph
    OpenDKIM
    PanelRedirect
    PolicydSPF
    Postgrey
    RoundcubePlugins
    SpamAssassin


    OpenDKIM is the new one