# Postfix Log

## Narusegawa

I've got a simple mail server for 4 domains and about 2-3 users per domain. However I'm seeing a huge amount of failed emails over successful.

The mail log being kind of confusing I'm not sure what the errors are.

```
554 Requested mail action rejected: access denied 2366

504 Command parameter not implemented 1665

999 Unknown error 810

550 Requested mail action not taken: relaying not allowed, unknown recipient user, ... 558
```

That's over 5000 rejected/failed email compared to just over 1000 good mail per month. Surely the spam/hacker mail doesn't outweigh good mail by 5:1 as thats just a silly amount.

How would I go about figuring out what these errors are caused by? I can post a good chunk of mail log if someone is willing to have a look at it for me.

----------

## Narusegawa

 *Quote:*   

> Oct 27 12:03:42 mail postfix/pickup[5404]: 614E012B79: uid=0 from=<root>
> 
> Oct 27 12:03:42 mail postfix/cleanup[5606]: 614E012B79: message-id=<20061027100342.614E012B79@mail.mydomain.com>
> 
> Oct 27 12:03:42 mail postfix/qmgr[27860]: 614E012B79: from=<root@mail.mydomain.com>, size=4587, nrcpt=1 (queue active)
> ...

 

Looking at this myself I'm just guessing a lot of this is for lack of fully qualified domain names coming through.

----------

## Janne Pikkarainen

Actually spam:ham-ratio CAN be 5:1, it's not that extraordinary nowadays. It's a shame that situation is so annoying, but anyway I wouldn't expect your handful of users to send very much mail. 1000 of pieces of legitimate mail sounds pretty realistic, unless they are very much e-mail addicted or receiving lots of mailing-lists etc.

But when it comes to spammers or viruses that sent out lot of spam... well, they usually tend to send out LOTS of crap. They keep on hammering your server with some foobar names and getting the spam number up to 5000 would not require very many spam attacks to get the number up there. Unresolveable sender address is usually a sign of spam, anyway.

So if I were you, I would inspect the sender/recipient list and see if it seems to be lots of crap or not.

----------

## Narusegawa

Ahh thanks.

I'm considering turning off the postmaster accounts, as those are never checked and are just catching spam. And gettin large (I noticed in the logs a msg about the maildir being full for postmaster which prompted me to login and check em). Not sure if that would affect postfix too much or not.

----------

## nielchiano

 *Narusegawa wrote:*   

> I'm considering turning off the postmaster accounts,

 

postmaster is RFC-required! you MUST have it. However, you can still live without it; it'll only make your domain RCF-ignorant. (You might even end up in the rfc-ignorant blacklist)

----------

## Narusegawa

hmm.... that's annoying. maybe i should allow postmaster then, but set it to auto-delete all mails to it every hour  :Smile: 

----------

## nielchiano

 *Narusegawa wrote:*   

> hmm.... that's annoying. maybe i should allow postmaster then, but set it to auto-delete all mails to it every hour 

 

which would have the same RFC-ignorant effect... but it's a solution.

It'd be much easyer to tell postfix to deliver postmaster's mail to /dev/null...

----------

## Narusegawa

I'm using a mysql alias table for postfix, the to field having an address in there... not sure if I can put /dev/null in there. But I'll try.

I don't why for personal domains we need a postmaster account. Why should I have to be forced to have a mailbox domain, which mail shouldnt be sent to, will be filled with spam (5000+ per month) just to satisfy an RFC. And if I don't delete or /dev/null it then it'll take up space on my server.

It just seems completely un-necessary to have this mailbox.

----------

## nielchiano

 *Narusegawa wrote:*   

> I don't why for personal domains we need a postmaster account. Why should I have to be forced to have a mailbox domain, which mail shouldnt be sent to

  *Narusegawa wrote:*   

> It just seems completely un-necessary to have this mailbox.

 

You're not forced to have a mailbox-domain. You are only REQUESTED that IF you run a mailserver on a domain, the mailbox postmaster@domain SHOULD exist and is delivered to an administrator.

This mailbox SHOULD be used to contact the responsible person in case someone detects same bizare things with your mailserver: mailing loops, open-relay, ...

this mailbox SHOULDN'T be used to spam.... but, off course, it is; sadly

NOTE: i didn't use "must" or "required"

----------

## Narusegawa

Well I've put my 3 domains to have an alias of postmaster@domainname.com to forward to my postmaster@mailserver.com mailbox.

As you say, it's a sad state of affairs when we know it will indeed be used for spamming against.

I'd have thought postfix (rbl's), spamassassin and clamav would've been enough to reduce spam significantly.

----------

## Narusegawa

Incidentally... off topic... do I need to update spamassassin or amavisd's databases? Or what not. I know clamav needs updating now and then but I'm used to that.

----------

