Here are a few more lines from the log directly and not from mailq, I still think its related to SAV, or this is how its appearing to me, because its not by someone trying to send through me, its happening because someone is sending to me by a forged hotmail account
Apr 6 23:47:10 imgate postfix/smtpd[58784]: D72052C091: client=unknown[204.13.69.62] Apr 6 23:47:17 imgate postfix/cleanup[58933]: D72052C091: message-id=<[EMAIL PROTECTED]> Apr 6 23:47:17 imgate postfix/qmgr[60489]: D72052C091: from=<[EMAIL PROTECTED]>, size=3816, nrcpt=1 (queue active) Apr 6 23:47:17 imgate postfix/smtp[58737]: D72052C091: to=<[EMAIL PROTECTED]>, relay=x.x.x.75[x.x.x.75]:25, delay=7.3, delays=7.3/0/0/0.01, dsn=5.0.0, status=bounced (host x.x.x.75[x.x.x.75] said: 550 unknown user <[EMAIL PROTECTED]> (in reply to RCPT TO command)) Apr 6 23:47:17 imgate postfix/bounce[58948]: D72052C091: sender non-delivery notification: B043F2C082 Apr 6 23:47:17 imgate postfix/qmgr[60489]: D72052C091: removed My log has a ton of these the but the destination "[EMAIL PROTECTED]" and from "[EMAIL PROTECTED]" keep on changing. It actually looks like a brute force spam effort against my domain as the retries keep on progressing alphabetically, and the indirect cause of this got me black listed by hotmail because imgate was trying to verify if the sender exists (SAV) which I thought I had disabled. Now other than making sure SAV is really turned off, how do I prevent this from happening ? There must be away to tell postfix after X amount of bad tries/destination, black list for Y minutes, or something of that sort. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Len Conrad Sent: Monday, April 09, 2007 11:32 AM To: [email protected] Subject: [IMGate] Re: Being used to do harvest hotmail accounts? >The IP address doing this is not in my relay list, I have very few servers >talking to IMGATE. >I had recently disabled SAV, and maybe forgotten to restart postfix after >that, so maybe this is why we are still seeing this SAV behavior ? SAV doesn't use MAILER-DAEMON as the SAV sender. >How is this preventable with SAV turned on and off? I don't think you are having SAV causing this. you have to look in maillog to find out where/why these msgs are arising. Len
