[wellylug] Mail log errors

Jethro Carr jethro.carr at jethrocarr.com
Fri Mar 20 16:00:38 NZDT 2009


On Fri, 2009-03-20 at 15:15 +1300, Peter Lynch wrote:
> I'm running Postfix MTA on my Debian Lenny server, and it's configured
> to support virtual domains.  A few time each day I get entries like
> the following in my mail log.
>  
> Mar 19 13:10:04 helena postfix/smtpd[28072]: connect from
> 123-204-171-142.adsl.dynamic.seed.net.tw[123.204.171.142]
> 
> Mar 19 13:10:05 helena postfix/smtpd[28072]: NOQUEUE: reject: RCPT
> from 123-204-171-142.adsl.dynamic.seed.net.tw[123.204.171.142]: 554
> 5.7.1 <bibiorm at gmail.com>: Relay access denied;
> from=<ivy3669 at gmail.com> to=<bibiorm at gmail.com> proto=SMTP
> helo=<210.5.53.22>
> 
> Mar 19 13:10:06 helena postfix/smtpd[28072]: lost connection after
> RCPT from 123-204-171-142.adsl.dynamic.seed.net.tw[123.204.171.142]

> Mar 19 13:10:06 helena postfix/smtpd[28072]: disconnect from
> 123-204-171-142.adsl.dynamic.seed.net.tw[123.204.171.142]


> Two questions I have are:
>  
> 1.  Do I need to worry about the "NOQUEUE: reject: RCPT from xxx"
> message?

No, this message is showing that a remote system - probably a spam bot -
has tried to send an email through your server.

A secure mailserver will not allow a public user to email another email
account via the server.

If the mailserver does allow that to happen, it's referred to as an
open-relay and will get abused to send spam, so seeing this message is a
good thing.

adsl.dynamic.seed.net.tw is quite a common source of spam and hack
attempts in my own server logs.


Not sure what's going on with the bounce message though...

> 
> ______________________________________________________________________
-- 
Jethro Carr
www.jethrocarr.com/index.php?cms=blog
www.amberdms.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20090320/dc01931e/attachment.pgp 


More information about the wellylug mailing list