# postfix and high disk usage

## eruditas

Today I came back from university, and was going to configure my postfix server, but something went wrong. The disk usage was high. I ran htop, and there were many messages like:

```
smtp -t unix -u
```

 and 

```
bounce -z -n defer -t unix -u
```

I checked my /var/log/messages, and what I've got is:

```
Sep 23 18:28:14 darwin postfix/smtp[11838]: 33A41F7E8: host mx1.osn.de[194.45.27.123] said: 451 Temporary failure, please try again later. (in reply to end o$

Sep 23 18:29:45 darwin postfix/smtp[11842]: A3A57ED2F: conversation with mail-in.freeserve.com[193.252.22.142] timed out while receiving the initial server g$

Sep 23 18:29:45 darwin postfix/smtp[11845]: 0D8D4F10B: conversation with mail-in.freeserve.com[193.252.22.186] timed out while receiving the initial server g$

Sep 23 18:29:45 darwin postfix/qmgr[11836]: 36C0BF78A: from=<>, size=3340, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: 3C4C89B015: from=<>, size=3617, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: A2D8CF28D: from=<>, size=2839, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: ACC8B9A9F9: from=<>, size=4120, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: A64BCEE4A: from=<>, size=2867, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: A91F8F4A3: from=<>, size=3248, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: AEBD699D90: from=<>, size=4427, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: A182099B50: from=<>, size=4806, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: A90369B0E3: from=<>, size=3016, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: D7F7BED31: from=<>, size=2808, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: DEEC89AA07: from=<>, size=3143, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/smtp[11864]: 650BD9AF69: conversation with mail-in.freeserve.com[193.252.22.186] timed out while receiving the initial server $

Sep 23 18:29:45 darwin postfix/qmgr[11836]: D5C779AE60: from=<>, size=5052, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: B822E9A95C: from=<>, size=3199, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: BA4399AF8F: from=<>, size=3599, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: B6B849B1D9: from=<>, size=3552, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: B3AC29B3D5: from=<>, size=2861, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: 23536F793: from=<>, size=4952, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: 23CF7EFF8: from=<>, size=4785, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: 2F778E1B4: from=<>, size=2798, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: 29888EDC5: from=<>, size=2968, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: 2C7AD9AA93: from=<>, size=3141, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: 20B35F780: from=<>, size=2795, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: 22CD8ED87: from=<>, size=3259, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: 236B8EF64: from=<>, size=3221, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: 2E2089B0A7: from=<>, size=4581, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: 23F689B035: from=<>, size=2805, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: 9197AEE00: from=<>, size=2828, nrcpt=1 (queue active)

Sep 23 18:29:45 darwin postfix/qmgr[11836]: 935BD9A8E8: from=<>, size=3632, nrcpt=1 (queue active)

Sep 23 18:29:46 darwin postfix/qmgr[11836]: 9EBB7EFED: from=<>, size=5600, nrcpt=1 (queue active)

Sep 23 18:29:46 darwin postfix/qmgr[11836]: 936A39A96B: from=<>, size=4516, nrcpt=1 (queue active)

Sep 23 18:29:46 darwin postfix/qmgr[11836]: 73472F00B: from=<>, size=3016, nrcpt=1 (queue active)

Sep 23 18:29:46 darwin postfix/qmgr[11836]: 7C2EFED66: from=<>, size=3037, nrcpt=1 (queue active)

Sep 23 18:29:46 darwin postfix/qmgr[11836]: 68B34EDCC: from=<>, size=3231, nrcpt=1 (queue active)

Sep 23 18:29:46 darwin postfix/qmgr[11836]: 6CCB89AC90: from=<>, size=5374, nrcpt=1 (queue active)

Sep 23 18:29:46 darwin postfix/qmgr[11836]: 6ECC89AEF9: from=<>, size=4538, nrcpt=1 (queue active)

Sep 23 18:29:46 darwin postfix/qmgr[11836]: 60D639A8B6: from=<>, size=3058, nrcpt=1 (queue active)

Sep 23 18:29:46 darwin postfix/qmgr[11836]: 601039AC95: from=<>, size=4309, nrcpt=1 (queue active)

```

Lots of those lines. I'm new to postfix and linux itself, but I think I'm being hacked or something.

----------

## richard.scott

You've got lots of mail in your mail queue.

type "mailq" to see whats in the queue.

If you don't see your email address listed on the same line as the timestamp then you could be an open relay, which is bad   :Crying or Very sad: 

By default postfix allows any other people in your network IP range to use your system to send email.

Do you have this set in /etc/postfix/main.cf:

```
mynetworks_style = host
```

If not, set it, restart postfix and see if it helps.

Rich

----------

## eruditas

No, it was comented. Will I be able to send mail from different locations, for example when I'll be in other city? I'm making my own server. http://www.gentoo.org/doc/en/virt-mail-howto.xml this helps me.

And when I enable this in my config, there's still lots of queues. How can I remove them?

EDITED: the command to remove is 

```
postsuper -d ALL
```

----------

## richard.scott

 *eruditas wrote:*   

> No, it was comented. Will I be able to send mail from different locations, for example when I'll be in other city? I'm making my own server. http://www.gentoo.org/doc/en/virt-mail-howto.xml this helps me.
> 
> And when I enable this in my config, there's still lots of queues. How can I remove them?
> 
> EDITED: the command to remove is 
> ...

 

The that's your problem... your what's known as an open relay... meaning anyone in the world can use your email to send spam!

I'd look into setting up SASL authentication from the document you talked about... this way your outgoing smtp server will need a username/password to authorise you to use it.

I'd shut down postfix ASAP until you've got that working otherwise your server could get onto a list of known spammers and all your outgoing messages may be rejected by other mail servers.

Rich

----------

## eruditas

http://www.gentoo.org/doc/en/virt-mail-howto.xml

Doesn't this link describes how to make a secure webserver? 

Anyways, mynetworks = hash:/etc/postfix/network_table is my choice. 

But there is no clear way how to manage this file. If I want to add a network i type 

```
127.0.0.0/8 OK

192.168.0.0 OK

```

And then I want to remove specific ips from that list, I add this to main.cf

```
smtpd_recipient_restrictions =

  permit_sasl_authenticated,

  permit_mynetworks,

  reject_unauth_destination

  check_client_access hash:/etc/postfix/client_access

```

And this to /etc/postfix/client_access

```
192.168.1.4 REJECT

```

Is this a good choice?

And If I want to block that ip in iptables, how should I do that?

Where and what should i pout it my iptables file? Here it is:

```
iptables -F

iptables -t nat -F

iptables -P INPUT ACCEPT

iptables -P OUTPUT ACCEPT

iptables -P FORWARD DROP

iptables -I INPUT 1 -i br0 -j ACCEPT

iptables -I INPUT 1 -i wlan1 -j ACCEPT

iptables -I INPUT 1 -i lo -j ACCEPT

iptables -A INPUT -p UDP --dport bootps ! -i br0 -j REJECT

iptables -A INPUT -p UDP --dport bootps ! -i wlan1 -j REJECT

iptables -A INPUT -p TCP --dport 20 -i eth0 -j ACCEPT

iptables -A INPUT -p TCP --dport 21 -i eth0 -j ACCEPT

iptables -A INPUT -p TCP --dport 22 -i eth0 -j ACCEPT

iptables -A INPUT -p TCP --dport 25 -i eth0 -j ACCEPT

iptables -A INPUT -p TCP --dport 80 -i eth0 -j ACCEPT

iptables -A INPUT -p TCP --dport 53 -i eth0 -j ACCEPT

iptables -A INPUT -p UDP --dport 53 -i eth0 -j ACCEPT

iptables -A INPUT -p TCP --dport 143 -i eth0 -j ACCEPT

iptables -A INPUT -p TCP --dport 443 -i eth0 -j ACCEPT

iptables -t filter -A INPUT -p udp -m udp --sport 123 --dport 123 -j ACCEPT

iptables -A INPUT -p TCP ! -i br0 -d 0/0 --dport 0:1023 -j DROP

iptables -A INPUT -p UDP ! -i br0 -d 0/0 --dport 0:1023 -j DROP

iptables -A INPUT -p TCP ! -i wlan1 -d 0/0 --dport 0:1023 -j DROP

iptables -A INPUT -p UDP ! -i wlan1 -d 0/0 --dport 0:1023 -j DROP

iptables -I FORWARD -i br0 -d 192.168.0.0/255.255.0.0 -j DROP

iptables -A FORWARD -i br0 -s 192.168.0.0/255.255.0.0 -j ACCEPT

iptables -I FORWARD -i wlan1 -d 192.168.0.0/255.255.0.0 -j DROP

iptables -A FORWARD -i wlan1 -s 192.168.0.0/255.255.0.0 -j ACCEPT

iptables -A FORWARD -i eth0 -d 192.168.0.0/255.255.0.0 -j ACCEPT

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

```

Thanks for the answers, I hope that you will help me to make a secure webserver  :Smile: 

----------

