Noel Jones wrote:
On 4/18/2010 4:40 PM, groups wrote:
Noel Jones wrote, On 04/18/2010 04:20 PM:
On 4/18/2010 4:16 PM, groups wrote:
Postfix logs help you know what happened to a particular message.
Look
in your logs for bounces (sender=<>) arriving from your relayhost,
and
see what postfix does with it. No need to wonder where they went.
-- Noel Jones
A lot of the send only hosts have only an IP (not in DNS)
Look in the logs for the IP to find associated QUEUEIDs.
Apr 18 16:01:24 mailhost postfix/qmgr[3283]: 5BE9956799: from=<>,
size=89424, nrcpt=1 (queue active)
Look in the logs for other entries with that same QUEUEID 5BE9956799
to see other information associated with that transaction.
only 1 entry per transaction ID..
notthing in
/var/spool/postfix ...
ok.. and found something interesting..
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 04C2A56799: from=<>,
size=83199, nrcpt=1 (queue active)
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 2B54756799: from=<>,
size=83614, nrcpt=1 (queue active)
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 4D99856799: from=<>,
size=84029, nrcpt=1 (queue active)
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 7B1F756799: from=<>,
size=84444, nrcpt=1 (queue active)
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 9BD4456799: from=<>,
size=84859, nrcpt=1 (queue active)
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: BF6DC56799: from=<>,
size=85274, nrcpt=1 (queue active)
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: E147056799: from=<>,
size=85689, nrcpt=1 (queue active)
All have the same invalid recipient..
These show the sender and number of recipients = 1; the recipient
address is listed in a different log line.
That seems like an awful lot of bounces in a short period of time.
Sending lots of mail to undeliverable addresses is a red flag that
something is wrong -- such as a badly outdated mail list, or a
compromised machine spewing spam.
One of your tasks is to investigate why there are so many bounces, and
find a way to reduce them. Sending large amounts of undeliverable
mail will have a bad effect on your server's reputation and may
eventually lead to blacklisting.
Almost looks like it is "ping-ponging" back and forth between the
*master-relay* and my relay..
Messages with the null sender "<>" are never bounced, they must be
delivered or discarded.
Bounces are always sent with the null sender.
This prevents bounces from ever looping (except in rare cases of
stupid user tricks such as a .forward that rewrites <> to something
else -- don't do that).
Further information about those messages can be found in the logs.
I have seen this invalid recipient on the old Sendmail box.. and
it ended up in my queue then expires.. (the sender host has been out of
the office when I tried to contact them)
so it looks like I have something not right..
there is nothing in mailq..
Charles
You need to examine the log further. If there's a problem, postfix
will likely tell you what it is, or at least give you a better idea of
where to look.
Postfix generates several log lines for each message. You need to
look at *all* the lines with the same QUEUEID to see what happened to
a message.
Logs for a single message look something like this below (with my
comments). Because postfix can process many messages in parallel,
logs for a single message may be separated by a considerable number of
unrelated log entries. There may be more or fewer entries depending
on what happens with a transaction, but this is fairly typical.
Apr 18 00:00:20 mgate2 postfix/smtpd[91955]: connect from
private.webmail.example.org[192.168.70.47] to smtpd
(client connected; the hostname and IP are logged)
Apr 18 00:00:20 mgate2 postfix/smtpd[91955]: 1A2C779788F:
client=private.webmail.example.org[192.168.70.47]
(the QUEUEID "1A2C779788F" is assigned. That means there was at least
one recipient accepted and a queue file was created. Future lines
pertaining to this specific message will include this same QUEUEID)
Apr 18 00:00:20 mgate2 postfix/cleanup[92028]: 1A2C779788F:
message-id=<[email protected]>
(the Message-id: header is logged. This is a helpful unique message
identifier when searching the logs for a specific message.)
Apr 18 00:00:20 mgate2 postfix/qmgr[95868]: 1A2C779788F: from=<>,
size=382, nrcpt=1 (queue active)
(envelope sender, size, number of recipients, which queue it's
assigned to)
Apr 18 00:00:20 mgate2 postfix/smtpd[91955]: disconnect from
private.webmail.vbhcs.org[192.168.70.47]
(postfix has disconnected from the client. This line can be related
to the "connect" line above by the smtpd process id, in this case
"91955")
Apr 18 00:00:20 mgate2 postfix/local[94393]: 1A2C779788F:
to=<[email protected]>, relay=local, delay=0.11, delays=0.05
/0.03/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
(the mail was delivered to a local user)
Apr 18 00:00:20 mgate2 postfix/qmgr[95868]: 1A2C779788F: removed
(postfix completed this message, and removed the queue file)
-- Noel Jones
Noel..
Thank you very much for the *above and beyond* explanation..
I actually *have* (personal) postfix smtp gateways but all are
configured *not* to receive email
and have worked flawlessly...
I will report back on this same thread when I have a resolution..
Very Respectfully,
Charles
