Rejected emails

ychaouche

Valued Member
Hello EQ,

I'm looking to learn more about the reasons why each of these e-mails was rejected ?


Oct 9 11:06:28 messagerie postfix/smtpd[24084]: NOQUEUE: reject: RCPT from unknown[94.74.133.119]: 550 5.1.1 <info@algerian-radio.dz>: Recipient address rejected: User unknown in virtual mailbox table; from=<accounts@aircraftcommutators.com> to=<info@algerian-radio.dz> proto=ESMTP helo=<[94.74.133.119]>


Is someone trying to send mail to the generic "info" address ? should I do something about it ? (I have no such inbox on my domain)


Oct 9 11:14:23 messagerie postfix/smtpd[25563]: NOQUEUE: reject: RCPT from mail-cys01nam02hn0241.outbound.protection.outlook.com[104.47.37.241]: 550 5.1.1 <Mariaoc@algerian-radio.dz>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Mariaoc@algerian-radio.dz> proto=ESMTP helo=<NAM02-CY1-obe.outbound.protection.outlook.com>

Is somebody trying to send mail to an outlook.com addresse with a forged address of Mariaoc@algerian-radio.dz> ? (which also doesn't exist on my server) ? and should/can I do something about it ?


Oct 9 11:40:32 messagerie postfix/smtpd[29196]: NOQUEUE: reject: RCPT from unknown[192.168.90.241]: 554 5.7.1 <najibusma98@gmail.com>: Relay access denied; from=<k.benismael@algerian-radio.dz> to=<najibusma98@gmail.com> proto=ESMTP helo=<[192.168.41.86]>


This seems to be a realying issue, both IPs are from mynetworks. What happened here and how can I fix this ?


Thanks for any reply.
 

EQ Admin

EQ Forum Admin
Staff member
Yes, the first log is an attempt from an IP that has a poor reputation (sender score = 8) trying to spam an address commonly created by businesses.

There is no action that you -must- take. To reduce the amount of these you can add some RBL's such as Spamhaus to your smtp time checks. If you don't mind spending a small amount of money per year, Invaluement also offers a nice RBL service that compliments the service from Spamhaus. Invaluement also has a feed that plugs into SpamAssassin which is a free content scanner to help filter spam, but keep in mind SpamAssassin also requires more cpu resources than the RBL checks that should be configured to happen before it.

For #2, it appears a Microsoft hosted email account was used to try and spam your domain.

This page has some examples on how to configure "mynetworks" to allow ip based relay for your internal networks - Postfix Standard Configuration Examples
 

ychaouche

Valued Member
Thanks popowich for clarifying this to me.

As for #2, I was told that messages from "<>" are usually sent automatically by the mail server (MAILER DAEMON type of e-mails), so I am suspecting that someone sent a mail to an outlook.com account but the mail was refused for some reason (user doesn't exist, over quota or maybe the e-mail was spam), then outlook's MAILER DAEMON sent an e-mail back at the (forged) from e-mail address which happend to be an address on my server : <Mariaoc@algerian-radio.dz> (which also doesn't exist).

So I don't know if I should/could do something about it ?
 

EQ Admin

EQ Forum Admin
Staff member
If you think it's a message like that, you could try locking down your SPF record to -all if you're certain that all of your email is sent from the listed sources.

Also, unrelated, the google verification TXT record in your DNS has a leading space. I'm not sure if that's causing a problem or not for you.

;; ANSWER SECTION:
algerian-radio.dz. 60 IN TXT "v=spf1 a mx ptr ~all"
algerian-radio.dz. 60 IN TXT " google-site-verification=kUDd6mGTVYS4oa-emBpPkJarNY-h4ttasYQdNbCT12s"
 

ychaouche

Valued Member
I authorize only the MX machine to send mail so it should be pretty failsafe. Thanks a lot for your precious feedback popowich, as always :)
 
Top