Rejected emails

Discussion in 'Postfix' started by ychaouche, Oct 9, 2017.

  1. ychaouche

    ychaouche Valued Member

    Joined:
    Mar 22, 2016
    Messages:
    13
    Likes Received:
    2
    Hello EQ,

    I'm looking to learn more about the reasons why each of these e-mails was rejected ?


    Oct 9 11:06:28 messagerie postfix/smtpd[24084]: NOQUEUE: reject: RCPT from unknown[94.74.133.119]: 550 5.1.1 <info@algerian-radio.dz>: Recipient address rejected: User unknown in virtual mailbox table; from=<accounts@aircraftcommutators.com> to=<info@algerian-radio.dz> proto=ESMTP helo=<[94.74.133.119]>


    Is someone trying to send mail to the generic "info" address ? should I do something about it ? (I have no such inbox on my domain)


    Oct 9 11:14:23 messagerie postfix/smtpd[25563]: NOQUEUE: reject: RCPT from mail-cys01nam02hn0241.outbound.protection.outlook.com[104.47.37.241]: 550 5.1.1 <Mariaoc@algerian-radio.dz>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Mariaoc@algerian-radio.dz> proto=ESMTP helo=<NAM02-CY1-obe.outbound.protection.outlook.com>

    Is somebody trying to send mail to an outlook.com addresse with a forged address of Mariaoc@algerian-radio.dz> ? (which also doesn't exist on my server) ? and should/can I do something about it ?


    Oct 9 11:40:32 messagerie postfix/smtpd[29196]: NOQUEUE: reject: RCPT from unknown[192.168.90.241]: 554 5.7.1 <najibusma98@gmail.com>: Relay access denied; from=<k.benismael@algerian-radio.dz> to=<najibusma98@gmail.com> proto=ESMTP helo=<[192.168.41.86]>


    This seems to be a realying issue, both IPs are from mynetworks. What happened here and how can I fix this ?


    Thanks for any reply.
     


  2. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    9,198
    Likes Received:
    136
    Yes, the first log is an attempt from an IP that has a poor reputation (sender score = 8) trying to spam an address commonly created by businesses.

    There is no action that you -must- take. To reduce the amount of these you can add some RBL's such as Spamhaus to your smtp time checks. If you don't mind spending a small amount of money per year, Invaluement also offers a nice RBL service that compliments the service from Spamhaus. Invaluement also has a feed that plugs into SpamAssassin which is a free content scanner to help filter spam, but keep in mind SpamAssassin also requires more cpu resources than the RBL checks that should be configured to happen before it.

    For #2, it appears a Microsoft hosted email account was used to try and spam your domain.

    This page has some examples on how to configure "mynetworks" to allow ip based relay for your internal networks - Postfix Standard Configuration Examples
     

  3. ychaouche

    ychaouche Valued Member

    Joined:
    Mar 22, 2016
    Messages:
    13
    Likes Received:
    2
    Thanks popowich for clarifying this to me.

    As for #2, I was told that messages from "<>" are usually sent automatically by the mail server (MAILER DAEMON type of e-mails), so I am suspecting that someone sent a mail to an outlook.com account but the mail was refused for some reason (user doesn't exist, over quota or maybe the e-mail was spam), then outlook's MAILER DAEMON sent an e-mail back at the (forged) from e-mail address which happend to be an address on my server : <Mariaoc@algerian-radio.dz> (which also doesn't exist).

    So I don't know if I should/could do something about it ?
     
  4. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    9,198
    Likes Received:
    136
    If you think it's a message like that, you could try locking down your SPF record to -all if you're certain that all of your email is sent from the listed sources.

    Also, unrelated, the google verification TXT record in your DNS has a leading space. I'm not sure if that's causing a problem or not for you.

    ;; ANSWER SECTION:
    algerian-radio.dz. 60 IN TXT "v=spf1 a mx ptr ~all"
    algerian-radio.dz. 60 IN TXT " google-site-verification=kUDd6mGTVYS4oa-emBpPkJarNY-h4ttasYQdNbCT12s"
     
  5. ychaouche

    ychaouche Valued Member

    Joined:
    Mar 22, 2016
    Messages:
    13
    Likes Received:
    2
    I authorize only the MX machine to send mail so it should be pretty failsafe. Thanks a lot for your precious feedback popowich, as always :)
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...