After some time I build up an E-Mail Server again. I looked up different tutorial to do it right. I did it right or at least I can send and receive E-Mails.
The most important thing for me is that the server is safe. Safe as I don't receive spam, viruses etc. but far more important I don't want to bother other people or systems. I implemented a lot of directives and stuff to harden the system. But I'm still not sure whether it really is or if I somewhere have a mis-configuration.
I have entries in the log which make me twitchy, maybe I'm just not able to read it right.
I'm totally confused. I would like to think, that all mail mentioned above where sent to /dev/null
. First the system says it doesn't know the sender (Some explanation [email protected] is a known and valid address on my server [email protected] is not) :
Jan 23 11:36:22 mail postfix/smtpd[15689]: 78587E1E18: client=unknown[59.98.143.142], sasl_method=PLAIN, [email protected]
Jan 23 11:36:45 mail postfix/cleanup[15705]: 78587E1E18: message-id=<[email protected]>
Jan 23 11:36:45 mail postfix/qmgr[15510]: 78587E1E18: from=<[email protected]>, size=2357, nrcpt=20 (queue active)
Jan 23 11:36:45 mail postfix/smtpd[15711]: connect from localhost[127.0.0.1]
Jan 23 11:36:45 mail postfix/smtpd[15711]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<[email protected]> proto=ESMTP helo=<localhost>
Jan 23 11:36:45 mail amavis[14998]: (14998-09) Negative SMTP resp. to DATA: 554 5.5.1 Error: no valid recipients
Jan 23 11:36:45 mail postfix/smtpd[15711]: disconnect from localhost[127.0.0.1]
My interpretation of this first passage is that someone uses a well known account of the system in the first place to connect to the system. Second it tries to send E-Mail using a different name, that is not known to the server.
Second Amavis want to bounce it:
Jan 23 11:36:45 mail amavis[14998]: (14998-09) Negative SMTP resp. to DATA: 554 5.5.1 Error: no valid recipients
Jan 23 11:36:45 mail postfix/smtpd[15711]: disconnect from localhost[127.0.0.1]
Jan 23 11:36:45 mail amavis[14998]: (14998-09) (!)V41u_uXR4ZV9(6_lwbkN2e1dX) SEND from <> -> <[email protected]>, [email protected] BODY=7BIT 550 5.1.1 from MTA(smtp:[127.0.0.1]:10025): 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table
Jan 23 11:36:45 mail amavis[14998]: (14998-09) (!)NOTICE: UNABLE TO SEND DSN to <[email protected]>: 550 5.1.1 from MTA(smtp:[127.0.0.1]:10025): 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table
Jan 23 11:36:45 mail amavis[14998]: (14998-09) unexpected status/result, please verify: To be bounced, but DSN was neither sent nor suppressed?, <[email protected]>
an 23 11:36:45 19 more entries of that type
But last the log says:
Jan 23 11:36:45 mail amavis[14998]: (14998-09) Blocked BAD-HEADER-0 {UnknownOpenRelay,Quarantined}, [59.98.143.142]:29864 [59.98.143.142] <[email protected]> -> <[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>, Queue-ID: 78587E1E18, Message-ID: <[email protected]>, mail_id: 6_lwbkN2e1dX, Hits: -, size: 2355, 222 ms
Jan 23 11:36:45 mail postfix/smtp[15708]: 78587E1E18: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=24, delays=24/0/0.01/0.22, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=14998-09, BOUNCE)
Jan 23 11:36:45 mail postfix/smtp[15708]: [...]
Jan 23 11:36:45 mail postfix/qmgr[15510]: 78587E1E18: removed
Jan 23 11:36:47 mail postfix/smtpd[15689]: 67360E1E18: client=unknown[59.98.143.142], sasl_method=PLAIN, [email protected]
Jan 23 11:36:48 mail postfix/smtpd[15689]: 67360E1E18: reject: RCPT from unknown[59.98.143.142]: 504 5.5.2 <tleonsis@washingtoncaps>: Recipient address rejected: need fully-qualified address; from=<[email protected]> to=<tleonsis@washingtoncaps> proto=ESMTP helo=<example.com>
Jan 23 11:38:02 mail postfix/smtpd[15689]: 67360E1E18: reject: RCPT from unknown[59.98.143.142]: 450 4.1.2 : Recipient address rejected: Domain not found; from= to= proto=ESMTP helo= Jan 23 11:38:03 mail postfix/smtpd[15689]: lost connection after RCPT from unknown[59.98.143.142] Jan 23 11:38:03 mail postfix/smtpd[15689]: disconnect from unknown[59.98.143.142]
Sorry, I'm not allowed to post the log or the configuration as the system here sees it as spam ...
What do you think? Do I send Spam Mails or is my server safe?
My Guess is that I send mails as I got some backscatter mail. How can I suppress this kind of behavior?