Nabin Limbu wrote: > Hi everybody, > > My logwatch reports me the following message everyday. What does this > mean? Is my mail server trying to relay mail to rapti.mos.com.np or is > rapti.mos.com.np trying to relay mails via my mailserver. > Also how can I stop these junk mails. > > ruleset=check_mail, arg1=<[EMAIL PROTECTED]>, > relay=rapti.mos.com.np [202.52.255.23], reject=471 4.7.1 We > don't accept junk mail: 210 Time(s)
Without seeing one of the "entire" maillog entries for the above, its hard to tell. But it looks like your mail server rejected an e-mail (210 times) addressed from [EMAIL PROTECTED] (most likely forged) that used a relay of rapti.mos.com.np. > ruleset=check_mail, arg1=<[EMAIL PROTECTED]>, > relay=my142.mydailydeals.net [69.59.159.142], reject=471 > 4.7.1 We don't accept junk mail: 2 Time(s) The above looks more like a "legitimate" attempt from one of the mydailydeals.net servers. Note the relay= has a PTR record that actually matches the envelope from address. Again, without seeing the entire maillog transaction, its hard to be sure. FWIW: I run a low volume mail server at this end. The only time I have seen 200+ rejections (from the same source in one day) was last week. Best I could tell, the 200+ attempts came from a SOBIG.F infected system. To stop this madness, I added the relay= machines IP address to my iptables blacklist file to stop inbound smtp connections from this host. Steve Cowles -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
