On 11/15/2011 12:41 AM, Olivier BATARD wrote:
HI,
I'm a little in double because my postfix server is used to send an
huge amount of spam, generating huge logs like that :
postfix/error[2120]: 993AE145D: to=<xbee...@yahoo.com.tw>, relay=none,
delay=101, delays=100/0.07/0/0.31, dsn=4.7.0, status=deferred
(delivery temporarily suspended: host
mx1.mail.tw.yahoo.com[203.188.197.119] refused to talk to me: 421
4.7.0 [TS01] Messages from 62.161.100.158 temporarily deferred due to
user complaints - 4.16.55.1; see
http://postmaster.yahoo.com/421-ts01.html)
I'm running squeeze, my account are secured with strong password, town
can I stop that ?
thanks,
Some log entries from when the message was submitted from the spammer
into your mail system would be more useful, instead of the log entries
from when your mail server then tried to deliver it.
Is it possible you have an account on your system with an easy to guess
(or empty) password? Look in your system log for when the connection
came in from the spammer, and see if it shows they actually
authenticated with your server. It will look something like this:
Nov 15 00:50:09 xxx postfix/smtpd[9910]: connect from xx.xx.xx.xx
Nov 15 00:50:10 xxx postfix/smtpd[9910]: 8513115A13: client=xx.xx.xx.xx,
sasl_method=PLAIN, sasl_username=kevin
Followed by some lines detailing the specifics of the message that was
submitted to your mail server for delivery. If they authenticated, then
you need to change the password for that user (or disable the user). If
they didn't authenticate, then you're an open relay (doesn't seem
likely, looking at your main.cf).
Hope this helps!
-- Kevin
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ec22ee4.3090...@familyross.net
