# postfix spams & logs

## ddaas

Hi there,

Yahoo starts blocking e-mails from our server.

It is possible that someone/somehow is sending spams.

Please help me find what is sending spam from our server.

First please explain to me the following logs (ourdomain is hosted on our server):

```
Feb  3 14:45:57 softexp postfix/smtpd[23394]: NOQUEUE: reject: RCPT from unknown[117.87.x.x]: 554 5.7.1 Service unavailable; Client host [117.87.x.x] blocked using sbl-xbl.spamhaus.org; http://www.spamhaus.org/query/bl?ip=117.87.x.x; from=<xyz@yahoo.com.au> to=<experienceoffice@ourdomain.ro> proto=ESMTP helo=<PC-200901111752>

Feb  3 14:45:58 softexp postfix/smtp[23424]: 56966AC86D: to=<xyz@yahoo.com.au>, relay=d.mx.mail.yahoo.com[66.196.82.7]:25, delay=7.6, delays=0/0.01/7.6/0, dsn=4.7.0, status=undeliverable (host d.mx.mail.yahoo.com[66.196.82.7] refused to talk to me: 421 4.7.0 [TS02] Messages from 80.96.148.194 temporarily deferred due to user complaints - 4.16.56.1; see http://postmaster.yahoo.com/421-ts02.html)
```

What I understand:

1. the client 117.87.x.x tries to connect to our server but is blocked. (it is at spamhouse). It tries to send frm xyz@yahoo.com to experienceoffie@ourdomain.com.

Everything ok till now.

2. what does the second line means? Our server is tring to send to xyz@yahoo.com. Why? It is for sure related with the first log line...

It is because of some bounce message or what?

Thank you

----------

## ddaas

it looks like Postfix is accepting messages even though the RBL check happened after RCPT. That means even though the message is rejected, Postfix has accepted it, then sent a bounce later. Is this correct? How can I solve it?

The output of postconf -n:

```
postconf -n

command_directory = /usr/local/sbin

config_directory = /usr/local/etc/postfix

daemon_directory = /usr/local/libexec/postfix

data_directory = /var/db/postfix

debug_peer_level = 2

debug_peer_list = dom1.com

html_directory = no

mail_owner = postfix

mailq_path = /usr/local/bin/mailq

manpage_directory = /usr/local/man

myhostname = mail.dom1.com

mynetworks_style = host

newaliases_path = /usr/local/bin/newaliases

queue_directory = /var/spool/postfix

readme_directory = no

sample_directory = /usr/local/etc/postfix

sendmail_path = /usr/local/sbin/sendmail

setgid_group = maildrop

smtpd_helo_restrictions = reject_invalid_hostname

smtpd_recipient_restrictions = permit_mynetworks  permit_sasl_authenticated  reject_unauth_destination check_sender_access hash:/usr/local/etc/postfix/access_sender check_helo_access pcre:/usr/local/etc/postfix/helo_checks reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unverified_recipient reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rhsbl_sender    dsn.rfc-ignorant.org permit

smtpd_sasl_auth_enable = yes

smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, reject_unverified_sender, permit

unknown_local_recipient_reject_code = 550

virtual_alias_maps = hash:/usr/local/etc/postfix/valias.txt

virtual_gid_maps = static:1000

virtual_mailbox_base = /var/spool/vmail

virtual_mailbox_domains = /usr/local/etc/postfix/vhost.txt

virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmaps.txt

virtual_uid_maps = static:1000
```

----------

## magic919

Interesting you block out the spammer's IP.  But not your own...

I can't see the error so far.  Could you please post smtpd_recipient_restrictions from your config file, as formatted in the config.

----------

## ddaas

 *magic919 wrote:*   

> Interesting you block out the spammer's IP.  But not your own...
> 
> I can't see the error so far.  Could you please post smtpd_recipient_restrictions from your config file, as formatted in the config.

 

Hi there !

I've removed  reject_unverified_sender and now it looks like that (ignore line numbers, they are from VI):

  smtpd_recipient_restrictions =

692  permit_mynetworks

693  permit_sasl_authenticated

694  reject_unauth_destination

695  check_sender_access hash:/usr/local/etc/postfix/access_sender

696  check_helo_access pcre:/usr/local/etc/postfix/helo_checks

697  reject_non_fqdn_recipient

698  reject_unknown_recipient_domain

699  reject_unverified_recipient

700  reject_rbl_client zen.spamhaus.org,

701  reject_rhsbl_sender    dsn.rfc-ignorant.org

702  permit

----------

