7 Replies Latest reply: Oct 13, 2012 5:34 PM by Moises R - OMTBA
Moises R - OMTBA Level 1 Level 1 (0 points)

Hi,

 

I have a 10.6 SLS server configured as a gateway (two IPs External & Internal) that suddenly is getting blacklisted and I don't know how or where I should be looking to identify the issue. The server has several services set up and is the main production server. My problem feels like the same issue they were discussing here: https://discussions.apple.com/message/11427257#11427257 but I need some help because I don't know were I should start looking. The server services a mixed environment of PCs and Macs.

 

Here's the postconf -n:

 

alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases

always_bcc =

biff = no

command_directory = /usr/sbin

config_directory = /etc/postfix

content_filter = smtp-amavis:[127.0.0.1]:10024

daemon_directory = /usr/libexec/postfix

debug_peer_level = 2

enable_server_options = yes

header_checks = pcre:/etc/postfix/custom_header_checks

html_directory = /usr/share/doc/postfix/html

inet_interfaces = all

local_recipient_maps =

mail_owner = _postfix

mailbox_size_limit = 0

mailbox_transport = dovecot

mailq_path = /usr/bin/mailq

manpage_directory = /usr/share/man

maps_rbl_domains =

message_size_limit = 0

mydestination = $myhostname, localhost.$mydomain, localhost, mail.ecogenia.ca, ecogenia.ca, eurolub.org, exeliance.ca, lasalleblanche.ca, $mydomain

mydomain = local

mydomain_fallback = localhost

myhostname = server.ecogenia.ca

mynetworks = 127.0.0.0/31,192.168.1.0/24,server.onemorething.ca

newaliases_path = /usr/bin/newaliases

owner_request_special = no

queue_directory = /private/var/spool/postfix

readme_directory = /usr/share/doc/postfix

recipient_delimiter = +

relayhost =

sample_directory = /usr/share/doc/postfix/examples

sendmail_path = /usr/sbin/sendmail

setgid_group = _postdrop

smtp_sasl_auth_enable = yes

smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd

smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_rbl_client zen.spamhaus.org permit

smtpd_enforce_tls = no

smtpd_helo_required = yes

smtpd_helo_restrictions = reject_invalid_helo_hostname

smtpd_pw_server_security_options = gssapi,cram-md5,plain,login

smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination check_policy_service unix:private/policy permit

smtpd_sasl_auth_enable = yes

smtpd_tls_CAfile = /etc/certificates/server.ecogenia.ca.5175BAA1BA74D298B4FA5292A7739183C7A9DB3F.c hain.pem

smtpd_tls_cert_file = /etc/certificates/server.ecogenia.ca.5175BAA1BA74D298B4FA5292A7739183C7A9DB3F.c ert.pem

smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL

smtpd_tls_key_file = /etc/certificates/server.ecogenia.ca.5175BAA1BA74D298B4FA5292A7739183C7A9DB3F.k ey.pem

smtpd_use_pw_server = yes

smtpd_use_tls = yes

tls_random_source = dev:/dev/urandom

unknown_local_recipient_reject_code = 550

virtual_alias_domains = $virtual_alias_maps hash:/etc/postfix/virtual_domains

virtual_alias_maps = $virtual_maps hash:/etc/postfix/virtual_users

 

 

Any help would be appreciated, I've been trying to figure this out all day and if it doesn't get fixed by Monday, I'll probably get in trouble.

  • 1. Re: Mail Server Blacklisted & Spamming
    MrHoffman Level 6 Level 6 (12,465 points)

    Look at the mail server logs for some of the junk, and figure out where it's getting injected.

     

    You could have an infested client, or an insecure web server application, for instance.  Or a bad password.

     

    Get the box offline, and figure out what's going on with it.

  • 2. Re: Mail Server Blacklisted & Spamming
    Moises R - OMTBA Level 1 Level 1 (0 points)

    Thanks for your prompt response but is there anything that could help me narrow down the search? Some keywords maybe? I see pages and pages of this:

     

     

    Oct 12 15:26:04 server postfix/error[6334]: 8727936113F2: to=<magmapplebeck@aol.com>, relay=none, delay=320776, delays=320751/24/0/0.88, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/smtp[5653]: 7D7CE357D733: to=<gg037@amnestylombardia.org>, relay=none, delay=425827, delays=425739/28/60/0, dsn=4.4.1, status=deferred (connect to mail2.quasigratis.it[194.69.193.7]:25: Operation timed out)

    Oct 12 15:26:04 server postfix/error[6407]: 87003361622F: to=<searly@cs.com>, relay=none, delay=319061, delays=319035/24/0/2.3, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-02.mx.aol.com[64.12.90.65] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/smtp[6309]: 879CC374FCEC: host hrndva-smtpin01.mail.rr.com[71.74.56.243] refused to talk to me: 554 5.7.1 - ERROR: Mail refused - <207.115.108.189> - See http://postmaster.rr.com/amIBlockedByRR?ip=207.115.108.189

    Oct 12 15:26:04 server postfix/error[6329]: 8655E365CD0C: to=<bdalgarno@netscape.net>, relay=none, delay=284737, delays=284707/27/0/4, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-01.mx.aol.com[64.12.90.98] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/qmgr[6275]: 8955E37B6618: from=<>, size=9172, nrcpt=1 (queue active)

    Oct 12 15:26:04 server postfix/error[6385]: 874FE382D48B: to=<smrfs@onlinechase.com>, relay=none, delay=88547, delays=88525/21/0/0.58, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mailstore1.secureserver.net[216.69.186.201] refused to talk to me: 554-m1pismtp01-027.prod.mesa1.secureserver.net 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.)

    Oct 12 15:26:04 server postfix/error[6380]: 87432360D41B: to=<cindynanny@aol.com>, relay=none, delay=322060, delays=322037/23/0/0.78, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6334]: 8727936113F2: to=<magmomb@aol.com>, relay=none, delay=320776, delays=320751/24/0/0.94, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6418]: 874DB360C414: to=<sxzbey@aol.com>, relay=none, delay=322434, delays=322412/21/0/0.62, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6359]: 872CA360E592: to=<mhd424@aol.com>, relay=none, delay=321831, delays=321807/23/0/0.93, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6380]: 87432360D41B: to=<cindyt@aol.com>, relay=none, delay=322060, delays=322037/23/0/0.83, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6359]: 872CA360E592: to=<mheal65@aol.com>, relay=none, delay=321831, delays=321807/23/0/0.97, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/smtp[6309]: 879CC374FCEC: to=<amink@tampabay.rr.com>, relay=hrndva-smtpin02.mail.rr.com[71.74.56.244]:25, delay=184224, delays=184205/18/0.87/0, dsn=4.7.1, status=deferred (host hrndva-smtpin02.mail.rr.com[71.74.56.244] refused to talk to me: 554 5.7.1 - ERROR: Mail refused - <207.115.108.189> - See http://postmaster.rr.com/amIBlockedByRR?ip=207.115.108.189)

    Oct 12 15:26:04 server postfix/error[6418]: 874DB360C414: to=<syddeycake@aol.com>, relay=none, delay=322434, delays=322412/21/0/0.66, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6334]: 8727936113F2: to=<magus1947@aol.com>, relay=none, delay=320776, delays=320751/24/0/0.98, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/smtp[6109]: connect to a0l.com[195.93.85.39]:25: Operation timed out

    Oct 12 15:26:04 server postfix/qmgr[6275]: 8958F35C37C5: from=<smrfs@onlinechase.com>, size=7185, nrcpt=50 (queue active)

    Oct 12 15:26:04 server postfix/error[6471]: 8752A36CE04C: to=<smrfs@onlinechase.com>, relay=none, delay=238064, delays=238042/22/0/0.05, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mailstore1.secureserver.net[216.69.186.201] refused to talk to me: 554-m1pismtp01-027.prod.mesa1.secureserver.net 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.)

    Oct 12 15:26:04 server postfix/error[6362]: 8755436A9FB4: to=<smrfs@onlinechase.com>, relay=none, delay=256367, delays=256345/22/0/0.05, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mailstore1.secureserver.net[216.69.186.201] refused to talk to me: 554-m1pismtp01-027.prod.mesa1.secureserver.net 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.)

    Oct 12 15:26:04 server postfix/error[6359]: 872CA360E592: to=<mhennessy3@aol.com>, relay=none, delay=321831, delays=321807/23/0/0.98, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6334]: 8727936113F2: to=<mahan1111@aol.com>, relay=none, delay=320776, delays=320751/24/0/1, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6418]: 874DB360C414: to=<syellott@aol.com>, relay=none, delay=322434, delays=322412/21/0/0.68, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6380]: 87432360D41B: to=<cindyucb32@aol.com>, relay=none, delay=322060, delays=322037/23/0/0.85, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6334]: 8727936113F2: to=<mahjmh@aol.com>, relay=none, delay=320776, delays=320751/24/0/1, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6359]: 872CA360E592: to=<mher01@aol.com>, relay=none, delay=321831, delays=321807/23/0/0.99, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6380]: 87432360D41B: to=<cingpaws@aol.com>, relay=none, delay=322060, delays=322037/23/0/0.86, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6418]: 874DB360C414: to=<syholt@aol.com>, relay=none, delay=322434, delays=322412/21/0/0.68, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6334]: 8727936113F2: to=<mairive@aol.com>, relay=none, delay=320776, delays=320751/24/0/1, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6333]: 8757336C1BD5: to=<smrfs@onlinechase.com>, relay=none, delay=242870, delays=242848/22/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mailstore1.secureserver.net[216.69.186.201] refused to talk to me: 554-m1pismtp01-027.prod.mesa1.secureserver.net 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.)

    Oct 12 15:26:04 server postfix/error[6405]: 875753602232: to=<nellyboo202@aol.com>, relay=none, delay=324929, delays=324908/22/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/qmgr[6275]: 89618380DD6B: from=<>, size=9985, nrcpt=1 (queue active)

    Oct 12 15:26:04 server postfix/error[6359]: 872CA360E592: to=<mhessler77@aol.com>, relay=none, delay=321831, delays=321807/23/0/1, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6380]: 87432360D41B: to=<cinmidkid@aol.com>, relay=none, delay=322060, delays=322037/23/0/0.87, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6418]: 874DB360C414: to=<szelongmarie@aol.com>, relay=none, delay=322434, delays=322412/21/0/0.7, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6334]: 8727936113F2: to=<maisha391@aol.com>, relay=none, delay=320776, delays=320751/24/0/1, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6405]: 875753602232: to=<nenabradford@aol.com>, relay=none, delay=324929, delays=324908/22/0/0.02, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6359]: 872CA360E592: to=<mhg731@aol.com>, relay=none, delay=321831, delays=321807/23/0/1, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6380]: 87432360D41B: to=<cinnamon2pr@aol.com>, relay=none, delay=322060, delays=322037/23/0/0.87, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6418]: 874DB360C414: to=<taaenteprise@aol.com>, relay=none, delay=322434, delays=322412/21/0/0.7, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6334]: 8727936113F2: to=<majikwarriorz@aol.com>, relay=none, delay=320776, delays=320751/24/0/1, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6405]: 875753602232: to=<nene6508@aol.com>, relay=none, delay=324929, delays=324908/22/0/0.02, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/qmgr[6275]: 8962A35C0022: from=<smrfs@onlinechase.com>, size=7241, nrcpt=2 (queue active)

    Oct 12 15:26:04 server postfix/error[6361]: 875A736D5E81: to=<smrfs@onlinechase.com>, relay=none, delay=235645, delays=235623/22/0/0.01, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mailstore1.secureserver.net[216.69.186.201] refused to talk to me: 554-m1pismtp01-027.prod.mesa1.secureserver.net 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.)

    Oct 12 15:26:04 server postfix/error[6420]: 875AC3619C2C: to=<shabbona@aol.com>, relay=none, delay=318182, delays=318161/21/0/0.01, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6359]: 872CA360E592: to=<mhinnant2@aol.com>, relay=none, delay=321831, delays=321807/23/0/1, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6380]: 87432360D41B: to=<cinncinatifan@aol.com>, relay=none, delay=322060, delays=322037/23/0/0.88, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6405]: 875753602232: to=<netta3273@aol.com>, relay=none, delay=324929, delays=324908/22/0/0.03, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6334]: 8727936113F2: to=<makawi@aol.com>, relay=none, delay=320776, delays=320751/24/0/1, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6420]: 875AC3619C2C: to=<shableasing41@aol.com>, relay=none, delay=318182, delays=318161/21/0/0.01, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6359]: 872CA360E592: to=<mhmtire@aol.com>, relay=none, delay=321831, delays=321807/23/0/1, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6380]: 87432360D41B: to=<cinselkow@aol.com>, relay=none, delay=322060, delays=322037/23/0/0.88, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6359]: 872CA360E592: to=<mholbach@aol.com>, relay=none, delay=321831, delays=321807/23/0/1, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6334]: 8727936113F2: to=<makx@aol.com>, relay=none, delay=320776, delays=320751/24/0/1, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:04 server postfix/error[6420]: 875AC3619C2C: to=<shad4eva62@aol.com>, relay=none, delay=318182, delays=318161/21/0/0.02, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:05 server postfix/qmgr[6275]: 8962B368FA88: from=<smrfs@onlinechase.com>, size=7251, nrcpt=2 (queue active)

    Oct 12 15:26:05 server postfix/error[6380]: 87432360D41B: to=<cinthiaj1967@aol.com>, relay=none, delay=322060, delays=322037/23/0/0.91, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:05 server postfix/error[6359]: 872CA360E592: to=<mhtate@aol.com>, relay=none, delay=321831, delays=321807/23/0/1, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:05 server postfix/error[6334]: 8727936113F2: to=<makyison@aol.com>, relay=none, delay=320776, delays=320751/24/0/1.1, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:05 server postfix/error[6420]: 875AC3619C2C: to=<shaferl@aol.com>, relay=none, delay=318182, delays=318161/21/0/0.04, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:05 server postfix/error[6380]: 87432360D41B: to=<cintiacruzbinet@aol.com>, relay=none, delay=322060, delays=322037/23/0/0.91, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:05 server postfix/error[6359]: 872CA360E592: to=<miabalthazar@aol.com>, relay=none, delay=321831, delays=321807/23/0/1, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

    Oct 12 15:26:05 server postfix/error[6334]: 8727936113F2: to=<mal2684@aol.com>, relay=none, delay=320776, delays=320751/24/0/1.1, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mailin-04.mx.aol.com[205.188.146.194] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html)

  • 3. Re: Mail Server Blacklisted & Spamming
    Moises R - OMTBA Level 1 Level 1 (0 points)

    And some more of this:

     

    Oct 12 13:29:03 server postfix/smtp[86688]: CBED436994C7: host mailin-02.mx.aol.com[64.12.139.193] refused to talk to me: 421 4.7.1 : (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html

    Oct 12 13:29:03 server postfix/smtp[86634]: connect to localhost.localhost.com[64.99.64.32]:25: Operation timed out

    Oct 12 13:29:03 server postfix/smtp[86634]: 5F510374EDB9: to=<ajcxiz@hobnailed.com>, relay=none, delay=177524, delays=177486/8.7/30/0, dsn=4.4.1, status=deferred (connect to localhost.localhost.com[64.99.64.32]:25: Operation timed out)

    Oct 12 13:29:03 server postfix/smtp[86648]: connect to msnhotmail.com[65.55.72.167]:25: Operation timed out

    Oct 12 13:29:03 server postfix/smtp[86654]: connect to cardinally.com[82.98.86.165]:25: Operation timed out

    Oct 12 13:29:03 server postfix/smtp[86654]: 5F510374EDB9: to=<ajcvsagjqv@cardinally.com>, relay=none, delay=177524, delays=177486/8.7/30/0, dsn=4.4.1, status=deferred (connect to cardinally.com[82.98.86.165]:25: Operation timed out)

    Oct 12 13:29:03 server postfix/smtp[86625]: connect to aool.com[205.188.100.24]:25: Operation timed out

    Oct 12 13:29:03 server postfix/smtp[86645]: connect to gc.peachnet.edu[168.30.8.39]:25: Operation timed out

    Oct 12 13:29:04 server postfix/smtp[86617]: connect to misquotation.com[50.57.34.52]:25: Operation timed out

    Oct 12 13:29:04 server postfix/smtp[86617]: 5F510374EDB9: to=<ajcxqh@misquotation.com>, relay=none, delay=177525, delays=177486/9.1/30/0, dsn=4.4.1, status=deferred (connect to misquotation.com[50.57.34.52]:25: Operation timed out)

    Oct 12 13:29:04 server postfix/smtp[86658]: connect to a0l.com[195.93.85.39]:25: Operation timed out

    Oct 12 13:29:04 server postfix/smtp[86631]: connect to reciprocally.com[199.59.241.181]:25: Operation timed out

    Oct 12 13:29:04 server postfix/smtp[86631]: 5F510374EDB9: to=<ajczzy@reciprocally.com>, relay=none, delay=177525, delays=177486/9.2/30/0, dsn=4.4.1, status=deferred (connect to reciprocally.com[199.59.241.181]:25: Operation timed out)

    Oct 12 13:29:04 server postfix/smtp[86598]: C3106365DA99: host smtp.secureserver.net[72.167.238.201] refused to talk to me: 554-p3pismtp01-054.prod.phx3.secureserver.net 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.

    Oct 12 13:29:04 server postfix/smtp[86653]: connect to americaonline.com[207.200.74.38]:25: Operation timed out

    Oct 12 13:29:04 server postfix/smtp[86651]: 65C76374EE9D: to=<ajvzpe@communistic.com>, relay=none, delay=177496, delays=177458/8.2/30/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=communistic.com type=MX: Host not found, try again)

  • 4. Re: Mail Server Blacklisted & Spamming
    MrHoffman Level 6 Level 6 (12,465 points)

    Are you offline?

     

    What's in your POP or IMAP logs?   (That's the usual path for injection.)

  • 5. Re: Mail Server Blacklisted & Spamming
    Moises R - OMTBA Level 1 Level 1 (0 points)

    Unfortunately I can't take it offline because it's the main and only mail server.

     

    The access logs seem legitimate too although there's so much...

     

    deliver(mailbackup): Oct 12 13:55:16 Info: msgid=<95A6A3AD75434925AB1D25567C3AA6BC@ecodesktop2>: saved mail to INBOX

    deliver(mailbackup): Oct 12 13:55:16 Info: push-notify: push notification enabled

    deliver(mailbackup): Oct 12 13:55:16 Warning: push-notify: connect() to socket: "/var/dovecot/push_notify" failed: Permission denied

    deliver(mailbackup): Oct 12 13:55:19 Info: Loading modules from directory: /usr/lib/dovecot/lda

    deliver(mailbackup): Oct 12 13:55:19 Info: Module loaded: /usr/lib/dovecot/lda/lib10_quota_plugin.so

    deliver(philippeforest): Oct 12 13:55:19 Info: Loading modules from directory: /usr/lib/dovecot/lda

    deliver(philippeforest): Oct 12 13:55:19 Info: Module loaded: /usr/lib/dovecot/lda/lib10_quota_plugin.so

    deliver(mailbackup): Oct 12 13:55:19 Info: Module loaded: /usr/lib/dovecot/lda/lib20_push_notify_plugin.so

    deliver(mailbackup): Oct 12 13:55:19 Info: Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so

    Oct 12 13:55:19 server dovecot[68]: auth(default): master in: USER          1          mailbackup          service=deliver

    deliver(mailbackup): Oct 12 13:55:19 Info: auth input: mailbackup

    deliver(mailbackup): Oct 12 13:55:19 Info: auth input: uid=1084

    Oct 12 13:55:19 server dovecot[68]: auth(default): od(mailbackup): lookup user=mailbackup

    deliver(mailbackup): Oct 12 13:55:19 Info: auth input: gid=20

    deliver(mailbackup): Oct 12 13:55:19 Info: auth input: quota=maildir:User quota:noenforcing

    deliver(mailbackup): Oct 12 13:55:19 Info: auth input: quota_rule=*:storage=0

    Oct 12 13:55:19 server dovecot[68]: auth(default): od(mailbackup): found user in local table: user=mailbackup

    deliver(mailbackup): Oct 12 13:55:19 Info: auth input: mail=maildir:/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD0516665919

    deliver(mailbackup): Oct 12 13:55:19 Info: auth input: mail_location=maildir:/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD05 16665919

    deliver(mailbackup): Oct 12 13:55:19 Info: auth input: sieve=/var/spool/imap/dovecot/sieve-scripts/DD19CD32-C712-4B81-A33B-FD051666591 9/dovecot.sieve

    deliver(mailbackup): Oct 12 13:55:19 Info: auth input: sieve_dir=/var/spool/imap/dovecot/sieve-scripts/DD19CD32-C712-4B81-A33B-FD05166 65919

    deliver(mailbackup): Oct 12 13:55:19 Info: auth input: sieve_storage=/var/spool/imap/dovecot/sieve-scripts/DD19CD32-C712-4B81-A33B-FD0 516665919

    Oct 12 13:55:19 server dovecot[68]: auth(default): od(mailbackup): record name=mailbackup, uid=1084, gid=20

    Oct 12 13:55:19 server dovecot[68]: auth(default): od(mailbackup): user=mailbackup, quota=*:storage=0

    Oct 12 13:55:19 server dovecot[68]: auth(default): od(mailbackup): data store location=maildir:/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD0516665 919

    deliver(mailbackup): Oct 12 13:55:19 Info: Quota root: name=User quota backend=maildir args=noenforcing

    deliver(mailbackup): Oct 12 13:55:19 Info: Quota rule: root=User quota mailbox=* bytes=0 messages=0

    deliver(mailbackup): Oct 12 13:55:19 Info: Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh

    deliver(mailbackup): Oct 12 13:55:19 Info: maildir: data=/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD0516665919

    deliver(mailbackup): Oct 12 13:55:19 Info: maildir++: root=/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD0516665919, index=, control=, inbox=/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD0516665919

    deliver(mailbackup): Oct 12 13:55:19 Info: cmusieve: /var/spool/imap/dovecot/sieve-scripts/DD19CD32-C712-4B81-A33B-FD0516665919/dove cot.sieve doesn't exist

    deliver(philippeforest): Oct 12 13:55:19 Info: Module loaded: /usr/lib/dovecot/lda/lib20_push_notify_plugin.so

    deliver(philippeforest): Oct 12 13:55:19 Info: Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so

    deliver(philippeforest): Oct 12 13:55:19 Info: auth input: philippeforest

    deliver(philippeforest): Oct 12 13:55:19 Info: auth input: uid=1086

    deliver(philippeforest): Oct 12 13:55:19 Info: auth input: gid=20

    deliver(philippeforest): Oct 12 13:55:19 Info: auth input: quota=maildir:User quota:noenforcing

    deliver(philippeforest): Oct 12 13:55:19 Info: auth input: quota_rule=*:storage=0

    deliver(philippeforest): Oct 12 13:55:19 Info: auth input: mail=maildir:/var/spool/imap/dovecot/mail/EC236C30-AC0C-45AF-B45B-61CE587D7AFC

    deliver(philippeforest): Oct 12 13:55:19 Info: auth input: mail_location=maildir:/var/spool/imap/dovecot/mail/EC236C30-AC0C-45AF-B45B-61CE 587D7AFC

    deliver(philippeforest): Oct 12 13:55:19 Info: auth input: sieve=/var/spool/imap/dovecot/sieve-scripts/EC236C30-AC0C-45AF-B45B-61CE587D7AF C/dovecot.sieve

    deliver(philippeforest): Oct 12 13:55:19 Info: auth input: sieve_dir=/var/spool/imap/dovecot/sieve-scripts/EC236C30-AC0C-45AF-B45B-61CE587 D7AFC

    deliver(philippeforest): Oct 12 13:55:19 Info: auth input: sieve_storage=/var/spool/imap/dovecot/sieve-scripts/EC236C30-AC0C-45AF-B45B-61C E587D7AFC

    Oct 12 13:55:19 server dovecot[68]: auth(default): master out: USER          1          mailbackup          uid=1084          gid=20          quota=maildir:User quota:noenforcing          quota_rule=*:storage=0          mail=maildir:/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD051666 5919          mail_location=maildir:/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B -FD0516665919          sieve=/var/spool/imap/dovecot/sieve-scripts/DD19CD32-C712-4B81-A33B-FD0516 665919/dovecot.sieve          sieve_dir=/var/spool/imap/dovecot/sieve-scripts/DD19CD32-C712-4B81-A33B-FD 0516665919          sieve_storage=/var/spool/imap/dovecot/sieve-scripts/DD19CD32-C712-4B81-A33 B-FD0516665919

    Oct 12 13:55:19 server dovecot[68]: auth(default): master in: USER          1          philippeforest          service=deliver

    Oct 12 13:55:19 server dovecot[68]: auth(default): od(philippeforest): lookup user=philippeforest

    Oct 12 13:55:19 server dovecot[68]: auth(default): od(philippeforest): found user in local table: user=philippeforest

    Oct 12 13:55:19 server dovecot[68]: auth(default): od(philippeforest): record name=philippeforest, uid=1086, gid=20

    Oct 12 13:55:19 server dovecot[68]: auth(default): od(philippeforest): user=philippeforest, quota=*:storage=0

    deliver(philippeforest): Oct 12 13:55:19 Info: Quota root: name=User quota backend=maildir args=noenforcing

    deliver(philippeforest): Oct 12 13:55:19 Info: Quota rule: root=User quota mailbox=* bytes=0 messages=0

    deliver(philippeforest): Oct 12 13:55:19 Info: Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh

    deliver(philippeforest): Oct 12 13:55:19 Info: maildir: data=/var/spool/imap/dovecot/mail/EC236C30-AC0C-45AF-B45B-61CE587D7AFC

    deliver(philippeforest): Oct 12 13:55:19 Info: maildir++: root=/var/spool/imap/dovecot/mail/EC236C30-AC0C-45AF-B45B-61CE587D7AFC, index=, control=, inbox=/var/spool/imap/dovecot/mail/EC236C30-AC0C-45AF-B45B-61CE587D7AFC

    deliver(philippeforest): Oct 12 13:55:19 Info: cmusieve: /var/spool/imap/dovecot/sieve-scripts/EC236C30-AC0C-45AF-B45B-61CE587D7AFC/dove cot.sieve doesn't exist

    Oct 12 13:55:19 server dovecot[68]: auth(default): od(philippeforest): data store location=maildir:/var/spool/imap/dovecot/mail/EC236C30-AC0C-45AF-B45B-61CE587D7 AFC

    Oct 12 13:55:19 server dovecot[68]: auth(default): master out: USER          1          philippeforest          uid=1086          gid=20          quota=maildir:User quota:noenforcing          quota_rule=*:storage=0          mail=maildir:/var/spool/imap/dovecot/mail/EC236C30-AC0C-45AF-B45B-61CE587D 7AFC          mail_location=maildir:/var/spool/imap/dovecot/mail/EC236C30-AC0C-45AF-B45B -61CE587D7AFC          sieve=/var/spool/imap/dovecot/sieve-scripts/EC236C30-AC0C-45AF-B45B-61CE58 7D7AFC/dovecot.sieve          sieve_dir=/var/spool/imap/dovecot/sieve-scripts/EC236C30-AC0C-45AF-B45B-61 CE587D7AFC          sieve_storage=/var/spool/imap/dovecot/sieve-scripts/EC236C30-AC0C-45AF-B45 B-61CE587D7AFC

    deliver(mailbackup): Oct 12 13:55:20 Info: Loading modules from directory: /usr/lib/dovecot/lda

    deliver(mailbackup): Oct 12 13:55:20 Info: Module loaded: /usr/lib/dovecot/lda/lib10_quota_plugin.so

    deliver(philippeforest): Oct 12 13:55:20 Info: msgid=<F5FFEDD669784E5985CAA349B7D2466D@ecodesktop2>: saved mail to INBOX

    deliver(philippeforest): Oct 12 13:55:20 Info: push-notify: push notification enabled

    deliver(philippeforest): Oct 12 13:55:20 Warning: push-notify: connect() to socket: "/var/dovecot/push_notify" failed: Permission denied

    deliver(mailbackup): Oct 12 13:55:20 Info: Module loaded: /usr/lib/dovecot/lda/lib20_push_notify_plugin.so

    deliver(mailbackup): Oct 12 13:55:20 Info: Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so

    deliver(mailbackup): Oct 12 13:55:20 Info: auth input: mailbackup

    deliver(mailbackup): Oct 12 13:55:20 Info: auth input: uid=1084

    deliver(mailbackup): Oct 12 13:55:20 Info: auth input: gid=20

    deliver(mailbackup): Oct 12 13:55:20 Info: auth input: quota=maildir:User quota:noenforcing

    deliver(mailbackup): Oct 12 13:55:20 Info: auth input: quota_rule=*:storage=0

    deliver(mailbackup): Oct 12 13:55:20 Info: auth input: mail=maildir:/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD0516665919

    deliver(mailbackup): Oct 12 13:55:20 Info: auth input: mail_location=maildir:/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD05 16665919

    deliver(mailbackup): Oct 12 13:55:20 Info: auth input: sieve=/var/spool/imap/dovecot/sieve-scripts/DD19CD32-C712-4B81-A33B-FD051666591 9/dovecot.sieve

    deliver(mailbackup): Oct 12 13:55:20 Info: auth input: sieve_dir=/var/spool/imap/dovecot/sieve-scripts/DD19CD32-C712-4B81-A33B-FD05166 65919

    deliver(mailbackup): Oct 12 13:55:20 Info: auth input: sieve_storage=/var/spool/imap/dovecot/sieve-scripts/DD19CD32-C712-4B81-A33B-FD0 516665919

    Oct 12 13:55:20 server dovecot[68]: auth(default): master in: USER          1          mailbackup          service=deliver

    Oct 12 13:55:20 server dovecot[68]: auth(default): od(mailbackup): lookup user=mailbackup

    Oct 12 13:55:20 server dovecot[68]: auth(default): od(mailbackup): found user in local table: user=mailbackup

    Oct 12 13:55:20 server dovecot[68]: auth(default): od(mailbackup): record name=mailbackup, uid=1084, gid=20

    Oct 12 13:55:20 server dovecot[68]: auth(default): od(mailbackup): user=mailbackup, quota=*:storage=0

    deliver(mailbackup): Oct 12 13:55:20 Info: Quota root: name=User quota backend=maildir args=noenforcing

    deliver(mailbackup): Oct 12 13:55:20 Info: Quota rule: root=User quota mailbox=* bytes=0 messages=0

    deliver(mailbackup): Oct 12 13:55:20 Info: Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh

    deliver(mailbackup): Oct 12 13:55:20 Info: maildir: data=/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD0516665919

    deliver(mailbackup): Oct 12 13:55:20 Info: maildir++: root=/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD0516665919, index=, control=, inbox=/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD0516665919

    deliver(mailbackup): Oct 12 13:55:20 Info: cmusieve: /var/spool/imap/dovecot/sieve-scripts/DD19CD32-C712-4B81-A33B-FD0516665919/dove cot.sieve doesn't exist

    Oct 12 13:55:20 server dovecot[68]: auth(default): od(mailbackup): data store location=maildir:/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD0516665 919

    Oct 12 13:55:20 server dovecot[68]: auth(default): master out: USER          1          mailbackup          uid=1084          gid=20          quota=maildir:User quota:noenforcing          quota_rule=*:storage=0          mail=maildir:/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD051666 5919          mail_location=maildir:/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B -FD0516665919          sieve=/var/spool/imap/dovecot/sieve-scripts/DD19CD32-C712-4B81-A33B-FD0516 665919/dovecot.sieve          sieve_dir=/var/spool/imap/dovecot/sieve-scripts/DD19CD32-C712-4B81-A33B-FD 0516665919          sieve_storage=/var/spool/imap/dovecot/sieve-scripts/DD19CD32-C712-4B81-A33 B-FD0516665919

    deliver(mailbackup): Oct 12 13:55:20 Info: msgid=<F5FFEDD669784E5985CAA349B7D2466D@ecodesktop2>: saved mail to INBOX

    deliver(mailbackup): Oct 12 13:55:20 Info: push-notify: push notification enabled

    deliver(mailbackup): Oct 12 13:55:20 Warning: push-notify: connect() to socket: "/var/dovecot/push_notify" failed: Permission denied

    deliver(mailbackup): Oct 12 13:55:20 Info: msgid=<F5FFEDD669784E5985CAA349B7D2466D@ecodesktop2>: saved mail to INBOX

    deliver(mailbackup): Oct 12 13:55:20 Info: push-notify: push notification enabled

    deliver(mailbackup): Oct 12 13:55:20 Warning: push-notify: connect() to socket: "/var/dovecot/push_notify" failed: Permission denied

    Oct 12 13:55:26 server dovecot[68]: auth(default): client in: AUTH          15          LOGIN          service=imap          secured          lip=127.0.0.1          rip=127.0.0.1          lport=993          rport=63327

    Oct 12 13:55:26 server dovecot[68]: auth(default): client out: CONT          15          VXNlcm5hbWU6

    Oct 12 13:55:26 server dovecot[68]: auth(default): client in: CONT          15          Y29tLmFwcGxlLmNhbGVuZGFyc2VydmVy

    Oct 12 13:55:26 server dovecot[68]: auth(default): client out: CONT          15          UGFzc3dvcmQ6

    Oct 12 13:55:26 server dovecot[68]: auth(default): client in: CONT          15          NWhFWTlpVFJVQkxzVVNzOQ==

    Oct 12 13:55:26 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): mail SACL is not enabled; error=2

    Oct 12 13:55:26 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): found user in local table: user=com.apple.calendarserver

    Oct 12 13:55:26 server dovecot[68]: auth(default): client out: OK          15          user=com.apple.calendarserver

    Oct 12 13:55:26 server dovecot[68]: auth(default): master in: REQUEST          16269          89013          15

    Oct 12 13:55:26 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): lookup user=com.apple.calendarserver

    Oct 12 13:55:26 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): found user in local table: user=com.apple.calendarserver

    Oct 12 13:55:26 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): record name=com.apple.calendarserver, uid=250, gid=20

    Oct 12 13:55:26 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): user=com.apple.calendarserver, quota=*:storage=0

    Oct 12 13:55:26 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): data store location=maildir:/var/spool/imap/dovecot/mail/06D36BF2-D9FE-42E3-9B13-EBF9DA895 46F

    Oct 12 13:55:26 server dovecot[68]: auth(default): master out: USER          16269          com.apple.calendarserver          uid=250          gid=20          quota=maildir:User quota:noenforcing          quota_rule=*:storage=0          mail=maildir:/var/spool/imap/dovecot/mail/06D36BF2-D9FE-42E3-9B13-EBF9DA89 546F          mail_location=maildir:/var/spool/imap/dovecot/mail/06D36BF2-D9FE-42E3-9B13 -EBF9DA89546F          sieve=/var/spool/imap/dovecot/sieve-scripts/06D36BF2-D9FE-42E3-9B13-EBF9DA 89546F/dovecot.sieve          sieve_dir=/var/spool/imap/dovecot/sieve-scripts/06D36BF2-D9FE-42E3-9B13-EB F9DA89546F          sieve_storage=/var/spool/imap/dovecot/sieve-scripts/06D36BF2-D9FE-42E3-9B1 3-EBF9DA89546F

    Oct 12 13:55:26 server dovecot[68]: imap-login: Login: user=<com.apple.calendarserver>, method=LOGIN, rip=127.0.0.1, lip=127.0.0.1, TLS

    Oct 12 13:55:26 server dovecot[68]: auth(default): new auth connection: pid=89013

    Oct 12 13:55:26 server dovecot[68]: IMAP(*): Loading modules from directory: /usr/lib/dovecot/imap

    Oct 12 13:55:26 server dovecot[68]: IMAP(*): Module loaded: /usr/lib/dovecot/imap/lib10_quota_plugin.so

    Oct 12 13:55:26 server dovecot[68]: IMAP(*): Module loaded: /usr/lib/dovecot/imap/lib11_imap_quota_plugin.so

    Oct 12 13:55:26 server dovecot[68]: IMAP(*): Effective uid=250, gid=20, home=

    Oct 12 13:55:26 server dovecot[68]: IMAP(*): Quota root: name=User quota backend=maildir args=noenforcing

    Oct 12 13:55:26 server dovecot[68]: IMAP(*): Quota rule: root=User quota mailbox=* bytes=0 messages=0

    Oct 12 13:55:26 server dovecot[68]: IMAP(*): Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh

    Oct 12 13:55:26 server dovecot[68]: IMAP(*): maildir: data=/var/spool/imap/dovecot/mail/06D36BF2-D9FE-42E3-9B13-EBF9DA89546F

    Oct 12 13:55:26 server dovecot[68]: IMAP(*): maildir++: root=/var/spool/imap/dovecot/mail/06D36BF2-D9FE-42E3-9B13-EBF9DA89546F, index=, control=, inbox=/var/spool/imap/dovecot/mail/06D36BF2-D9FE-42E3-9B13-EBF9DA89546F

    Oct 12 13:55:26 server dovecot[68]: IMAP(*): User com.apple.calendarserver: Disconnected: Logged out bytes=68/380

    Oct 12 13:55:26 server dovecot[68]: IMAP(*): Master disconnected (pid 91664)

    Oct 12 13:55:26 server dovecot[68]: auth(default): new auth connection: pid=89013

    Oct 12 13:55:56 server dovecot[68]: auth(default): client in: AUTH          16          LOGIN          service=imap          secured          lip=127.0.0.1          rip=127.0.0.1          lport=993          rport=63430

    Oct 12 13:55:56 server dovecot[68]: auth(default): client out: CONT          16          VXNlcm5hbWU6

    Oct 12 13:55:56 server dovecot[68]: auth(default): client in: CONT          16          Y29tLmFwcGxlLmNhbGVuZGFyc2VydmVy

    Oct 12 13:55:56 server dovecot[68]: auth(default): client out: CONT          16          UGFzc3dvcmQ6

    Oct 12 13:55:56 server dovecot[68]: auth(default): client in: CONT          16          NWhFWTlpVFJVQkxzVVNzOQ==

    Oct 12 13:55:56 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): mail SACL is not enabled; error=2

    Oct 12 13:55:56 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): found user in local table: user=com.apple.calendarserver

    Oct 12 13:55:56 server dovecot[68]: auth(default): client out: OK          16          user=com.apple.calendarserver

    Oct 12 13:55:56 server dovecot[68]: auth(default): master in: REQUEST          16270          89013          16

    Oct 12 13:55:56 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): lookup user=com.apple.calendarserver

    Oct 12 13:55:56 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): found user in local table: user=com.apple.calendarserver

    Oct 12 13:55:56 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): record name=com.apple.calendarserver, uid=250, gid=20

    Oct 12 13:55:56 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): user=com.apple.calendarserver, quota=*:storage=0

    Oct 12 13:55:56 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): data store location=maildir:/var/spool/imap/dovecot/mail/06D36BF2-D9FE-42E3-9B13-EBF9DA895 46F

    Oct 12 13:55:56 server dovecot[68]: auth(default): master out: USER          16270          com.apple.calendarserver          uid=250          gid=20          quota=maildir:User quota:noenforcing          quota_rule=*:storage=0          mail=maildir:/var/spool/imap/dovecot/mail/06D36BF2-D9FE-42E3-9B13-EBF9DA89 546F          mail_location=maildir:/var/spool/imap/dovecot/mail/06D36BF2-D9FE-42E3-9B13 -EBF9DA89546F          sieve=/var/spool/imap/dovecot/sieve-scripts/06D36BF2-D9FE-42E3-9B13-EBF9DA 89546F/dovecot.sieve          sieve_dir=/var/spool/imap/dovecot/sieve-scripts/06D36BF2-D9FE-42E3-9B13-EB F9DA89546F          sieve_storage=/var/spool/imap/dovecot/sieve-scripts/06D36BF2-D9FE-42E3-9B1 3-EBF9DA89546F

    Oct 12 13:55:56 server dovecot[68]: imap-login: Login: user=<com.apple.calendarserver>, method=LOGIN, rip=127.0.0.1, lip=127.0.0.1, TLS

    Oct 12 13:55:56 server dovecot[68]: auth(default): new auth connection: pid=89013

    Oct 12 13:55:56 server dovecot[68]: IMAP(*): Loading modules from directory: /usr/lib/dovecot/imap

    Oct 12 13:55:56 server dovecot[68]: IMAP(*): Module loaded: /usr/lib/dovecot/imap/lib10_quota_plugin.so

    Oct 12 13:55:56 server dovecot[68]: IMAP(*): Module loaded: /usr/lib/dovecot/imap/lib11_imap_quota_plugin.so

    Oct 12 13:55:56 server dovecot[68]: IMAP(*): Effective uid=250, gid=20, home=

    Oct 12 13:55:56 server dovecot[68]: IMAP(*): Quota root: name=User quota backend=maildir args=noenforcing

    Oct 12 13:55:56 server dovecot[68]: IMAP(*): Quota rule: root=User quota mailbox=* bytes=0 messages=0

    Oct 12 13:55:56 server dovecot[68]: IMAP(*): Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh

    Oct 12 13:55:56 server dovecot[68]: IMAP(*): maildir: data=/var/spool/imap/dovecot/mail/06D36BF2-D9FE-42E3-9B13-EBF9DA89546F

    Oct 12 13:55:56 server dovecot[68]: IMAP(*): maildir++: root=/var/spool/imap/dovecot/mail/06D36BF2-D9FE-42E3-9B13-EBF9DA89546F, index=, control=, inbox=/var/spool/imap/dovecot/mail/06D36BF2-D9FE-42E3-9B13-EBF9DA89546F

    Oct 12 13:55:56 server dovecot[68]: IMAP(*): User com.apple.calendarserver: Disconnected: Logged out bytes=68/380

    Oct 12 13:55:56 server dovecot[68]: IMAP(*): Master disconnected (pid 91720)

    Oct 12 13:55:56 server dovecot[68]: auth(default): new auth connection: pid=89013

    Oct 12 13:56:27 server dovecot[68]: auth(default): client in: AUTH          17          LOGIN          service=imap          secured          lip=127.0.0.1          rip=127.0.0.1          lport=993          rport=63480

    Oct 12 13:56:27 server dovecot[68]: auth(default): client out: CONT          17          VXNlcm5hbWU6

    Oct 12 13:56:27 server dovecot[68]: auth(default): client in: CONT          17          Y29tLmFwcGxlLmNhbGVuZGFyc2VydmVy

    Oct 12 13:56:27 server dovecot[68]: auth(default): client out: CONT          17          UGFzc3dvcmQ6

    Oct 12 13:56:27 server dovecot[68]: auth(default): client in: CONT          17          NWhFWTlpVFJVQkxzVVNzOQ==

    Oct 12 13:56:27 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): mail SACL is not enabled; error=2

    Oct 12 13:56:27 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): found user in local table: user=com.apple.calendarserver

    Oct 12 13:56:27 server dovecot[68]: auth(default): client out: OK          17          user=com.apple.calendarserver

    Oct 12 13:56:27 server dovecot[68]: auth(default): master in: REQUEST          16271          89013          17

    Oct 12 13:56:27 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): lookup user=com.apple.calendarserver

    Oct 12 13:56:27 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): found user in local table: user=com.apple.calendarserver

    Oct 12 13:56:27 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): record name=com.apple.calendarserver, uid=250, gid=20

    Oct 12 13:56:27 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): user=com.apple.calendarserver, quota=*:storage=0

    Oct 12 13:56:27 server dovecot[68]: auth(default): od(com.apple.calendarserver,127.0.0.1): data store location=maildir:/var/spool/imap/dovecot/mail/06D36BF2-D9FE-42E3-9B13-EBF9DA895 46F

    Oct 12 13:56:27 server dovecot[68]: auth(default): master out: USER          16271          com.apple.calendarserver          uid=250          gid=20          quota=maildir:User quota:noenforcing          quota_rule=*:storage=0          mail=maildir:/var/spool/imap/dovecot/mail/06D36BF2-D9FE-42E3-9B13-EBF9DA89 546F          mail_location=maildir:/var/spool/imap/dovecot/mail/06D36BF2-D9FE-42E3-9B13 -EBF9DA89546F          sieve=/var/spool/imap/dovecot/sieve-scripts/06D36BF2-D9FE-42E3-9B13-EBF9DA 89546F/dovecot.sieve          sieve_dir=/var/spool/imap/dovecot/sieve-scripts/06D36BF2-D9FE-42E3-9B13-EB F9DA89546F          sieve_storage=/var/spool/imap/dovecot/sieve-scripts/06D36BF2-D9FE-42E3-9B1 3-EBF9DA89546F

    Oct 12 13:56:27 server dovecot[68]: imap-login: Login: user=<com.apple.calendarserver>, method=LOGIN, rip=127.0.0.1, lip=127.0.0.1, TLS

    Oct 12 13:56:27 server dovecot[68]: auth(default): new auth connection: pid=89013

    Oct 12 13:56:27 server dovecot[68]: IMAP(*): Loading modules from directory: /usr/lib/dovecot/imap

    Oct 12 13:56:27 server dovecot[68]: IMAP(*): Module loaded: /usr/lib/dovecot/imap/lib10_quota_plugin.so

    Oct 12 13:56:27 server dovecot[68]: IMAP(*): Module loaded: /usr/lib/dovecot/imap/lib11_imap_quota_plugin.so

    Oct 12 13:56:27 server dovecot[68]: IMAP(*): Effective uid=250, gid=20, home=

    Oct 12 13:56:27 server dovecot[68]: IMAP(*): Quota root: name=User quota backend=maildir args=noenforcing

    Oct 12 13:56:27 server dovecot[68]: IMAP(*): Quota rule: root=User quota mailbox=* bytes=0 messages=0

    Oct 12 13:56:27 server dovecot[68]: IMAP(*): Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh

    Oct 12 13:56:27 server dovecot[68]: IMAP(*): maildir: data=/var/spool/imap/dovecot/mail/06D36BF2-D9FE-42E3-9B13-EBF9DA89546F

    Oct 12 13:56:27 server dovecot[68]: IMAP(*): maildir++: root=/var/spool/imap/dovecot/mail/06D36BF2-D9FE-42E3-9B13-EBF9DA89546F, index=, control=, inbox=/var/spool/imap/dovecot/mail/06D36BF2-D9FE-42E3-9B13-EBF9DA89546F

    Oct 12 13:56:27 server dovecot[68]: IMAP(*): User com.apple.calendarserver: Disconnected: Logged out bytes=68/380

    Oct 12 13:56:27 server dovecot[68]: IMAP(*): Master disconnected (pid 91752)

    Oct 12 13:56:27 server dovecot[68]: auth(default): new auth connection: pid=89013

    deliver(mailbackup): Oct 12 13:56:42 Info: Loading modules from directory: /usr/lib/dovecot/lda

    deliver(philippeforest): Oct 12 13:56:42 Info: Loading modules from directory: /usr/lib/dovecot/lda

    deliver(mailbackup): Oct 12 13:56:42 Info: Module loaded: /usr/lib/dovecot/lda/lib10_quota_plugin.so

    deliver(philippeforest): Oct 12 13:56:42 Info: Module loaded: /usr/lib/dovecot/lda/lib10_quota_plugin.so

    deliver(mailbackup): Oct 12 13:56:42 Info: Module loaded: /usr/lib/dovecot/lda/lib20_push_notify_plugin.so

    deliver(philippeforest): Oct 12 13:56:42 Info: Module loaded: /usr/lib/dovecot/lda/lib20_push_notify_plugin.so

    deliver(mailbackup): Oct 12 13:56:42 Info: Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so

    deliver(philippeforest): Oct 12 13:56:42 Info: Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so

    deliver(mailbackup): Oct 12 13:56:42 Info: auth input: mailbackup

    deliver(mailbackup): Oct 12 13:56:42 Info: auth input: uid=1084

    deliver(mailbackup): Oct 12 13:56:42 Info: auth input: gid=20

    deliver(mailbackup): Oct 12 13:56:42 Info: auth input: quota=maildir:User quota:noenforcing

    deliver(mailbackup): Oct 12 13:56:42 Info: auth input: quota_rule=*:storage=0

    deliver(mailbackup): Oct 12 13:56:42 Info: auth input: mail=maildir:/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD0516665919

    deliver(mailbackup): Oct 12 13:56:42 Info: auth input: mail_location=maildir:/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD05 16665919

    deliver(mailbackup): Oct 12 13:56:42 Info: auth input: sieve=/var/spool/imap/dovecot/sieve-scripts/DD19CD32-C712-4B81-A33B-FD051666591 9/dovecot.sieve

    deliver(mailbackup): Oct 12 13:56:42 Info: auth input: sieve_dir=/var/spool/imap/dovecot/sieve-scripts/DD19CD32-C712-4B81-A33B-FD05166 65919

    deliver(mailbackup): Oct 12 13:56:42 Info: auth input: sieve_storage=/var/spool/imap/dovecot/sieve-scripts/DD19CD32-C712-4B81-A33B-FD0 516665919

    deliver(philippeforest): Oct 12 13:56:42 Info: auth input: philippeforest

    deliver(philippeforest): Oct 12 13:56:42 Info: auth input: uid=1086

    deliver(philippeforest): Oct 12 13:56:42 Info: auth input: gid=20

    deliver(philippeforest): Oct 12 13:56:42 Info: auth input: quota=maildir:User quota:noenforcing

    deliver(philippeforest): Oct 12 13:56:42 Info: auth input: quota_rule=*:storage=0

    deliver(philippeforest): Oct 12 13:56:42 Info: auth input: mail=maildir:/var/spool/imap/dovecot/mail/EC236C30-AC0C-45AF-B45B-61CE587D7AFC

    deliver(philippeforest): Oct 12 13:56:42 Info: auth input: mail_location=maildir:/var/spool/imap/dovecot/mail/EC236C30-AC0C-45AF-B45B-61CE 587D7AFC

    deliver(philippeforest): Oct 12 13:56:42 Info: auth input: sieve=/var/spool/imap/dovecot/sieve-scripts/EC236C30-AC0C-45AF-B45B-61CE587D7AF C/dovecot.sieve

    deliver(philippeforest): Oct 12 13:56:42 Info: auth input: sieve_dir=/var/spool/imap/dovecot/sieve-scripts/EC236C30-AC0C-45AF-B45B-61CE587 D7AFC

    deliver(philippeforest): Oct 12 13:56:42 Info: auth input: sieve_storage=/var/spool/imap/dovecot/sieve-scripts/EC236C30-AC0C-45AF-B45B-61C E587D7AFC

    Oct 12 13:56:42 server dovecot[68]: auth(default): master in: USER          1          mailbackup          service=deliver

    Oct 12 13:56:42 server dovecot[68]: auth(default): od(mailbackup): lookup user=mailbackup

    Oct 12 13:56:42 server dovecot[68]: auth(default): od(mailbackup): found user in local table: user=mailbackup

    deliver(philippeforest): Oct 12 13:56:42 Info: Quota root: name=User quota backend=maildir args=noenforcing

    deliver(mailbackup): Oct 12 13:56:42 Info: Quota root: name=User quota backend=maildir args=noenforcing

    deliver(philippeforest): Oct 12 13:56:42 Info: Quota rule: root=User quota mailbox=* bytes=0 messages=0

    deliver(philippeforest): Oct 12 13:56:42 Info: Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh

    deliver(mailbackup): Oct 12 13:56:42 Info: Quota rule: root=User quota mailbox=* bytes=0 messages=0

    deliver(mailbackup): Oct 12 13:56:42 Info: Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh

    deliver(philippeforest): Oct 12 13:56:42 Info: maildir: data=/var/spool/imap/dovecot/mail/EC236C30-AC0C-45AF-B45B-61CE587D7AFC

    deliver(philippeforest): Oct 12 13:56:42 Info: maildir++: root=/var/spool/imap/dovecot/mail/EC236C30-AC0C-45AF-B45B-61CE587D7AFC, index=, control=, inbox=/var/spool/imap/dovecot/mail/EC236C30-AC0C-45AF-B45B-61CE587D7AFC

    deliver(mailbackup): Oct 12 13:56:42 Info: maildir: data=/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD0516665919

    deliver(mailbackup): Oct 12 13:56:42 Info: maildir++: root=/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD0516665919, index=, control=, inbox=/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD0516665919

    deliver(philippeforest): Oct 12 13:56:42 Info: cmusieve: /var/spool/imap/dovecot/sieve-scripts/EC236C30-AC0C-45AF-B45B-61CE587D7AFC/dove cot.sieve doesn't exist

    deliver(mailbackup): Oct 12 13:56:42 Info: cmusieve: /var/spool/imap/dovecot/sieve-scripts/DD19CD32-C712-4B81-A33B-FD0516665919/dove cot.sieve doesn't exist

    Oct 12 13:56:42 server dovecot[68]: auth(default): od(mailbackup): record name=mailbackup, uid=1084, gid=20

    Oct 12 13:56:42 server dovecot[68]: auth(default): od(mailbackup): user=mailbackup, quota=*:storage=0

    Oct 12 13:56:42 server dovecot[68]: auth(default): od(mailbackup): data store location=maildir:/var/spool/imap/dovecot/mail/DD19CD32-C712-4B81-A33B-FD0516665 919

  • 6. Re: Mail Server Blacklisted & Spamming
    Moises R - OMTBA Level 1 Level 1 (0 points)

    I'm not seing much change in the logs since yesterday and I'm suspecting that there might be a malware or something on the LAN causing all of this but I have no idea how to identify it.

    Does anybody has any suggestions?

    I'm thinking about going down to the office and turn on the PCs and check the activity in the next hours...

  • 7. Re: Mail Server Blacklisted & Spamming
    Moises R - OMTBA Level 1 Level 1 (0 points)

    A few entries since I turned on 5 PCs within the LAN at around 18H:

     

     

    Oct 13 17:44:13 server postfix/smtpd[94047]: connect from localhost[127.0.0.1]

    Oct 13 17:44:13 server postfix/smtpd[94047]: DDCB33946F21: client=localhost[127.0.0.1]

    Oct 13 17:44:13 server postfix/cleanup[94034]: DDCB33946F21: message-id=<02177698-4F33-4CE9-9E8C-123739DF9408@ecogenia.ca>

    Oct 13 17:44:14 server postfix/smtpd[94047]: disconnect from localhost[127.0.0.1]

    Oct 13 17:44:14 server postfix/qmgr[10532]: DDCB33946F21: from=<pforest@ecogenia.ca>, size=5311734, nrcpt=1 (queue active)

    Oct 13 17:44:14 server postfix/smtp[94036]: 45FB23946EFD: to=<moisesruiz@onemorething.ca>, relay=127.0.0.1[127.0.0.1]:10024, delay=12, delays=1.2/0.02/0.07/11, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=36333-17, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as DDCB33946F21)

    Oct 13 17:44:14 server postfix/qmgr[10532]: 45FB23946EFD: removed

    Oct 13 17:44:26 server postfix/smtp[94049]: DDCB33946F21: to=<moisesruiz@onemorething.ca>, relay=mail.onemorething.ca[69.70.178.122]:25, delay=12, delays=0.22/0.02/6.5/5.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9EF24A07DE9)

    Oct 13 17:44:26 server postfix/qmgr[10532]: DDCB33946F21: removed

    Oct 13 17:44:47 server postfix/smtpd[94067]: connect from server.ecogenia.ca[207.115.108.189]

    Oct 13 17:44:47 server postfix/smtpd[94067]: 1AAD13946F5F: client=server.ecogenia.ca[207.115.108.189], sasl_method=CRAM-MD5, sasl_username=postmaster

    Oct 13 17:44:47 server postfix/cleanup[94034]: 1AAD13946F5F: message-id=<88EA2483-11AA-4449-A04A-3FE83620B61D@ecogenia.ca>

    Oct 13 17:44:47 server postfix/qmgr[10532]: 1AAD13946F5F: from=<postmaster@ecogenia.ca>, size=100428, nrcpt=1 (queue active)

    Oct 13 17:44:48 server postfix/smtpd[94047]: connect from localhost[127.0.0.1]

    Oct 13 17:44:48 server postfix/smtpd[94047]: 7328A3946F74: client=localhost[127.0.0.1]

    Oct 13 17:44:48 server postfix/cleanup[94034]: 7328A3946F74: message-id=<88EA2483-11AA-4449-A04A-3FE83620B61D@ecogenia.ca>

    Oct 13 17:44:48 server postfix/smtpd[94047]: disconnect from localhost[127.0.0.1]

    Oct 13 17:44:48 server postfix/qmgr[10532]: 7328A3946F74: from=<postmaster@ecogenia.ca>, size=100878, nrcpt=1 (queue active)

    Oct 13 17:44:48 server postfix/smtp[94036]: 1AAD13946F5F: to=<moisesruiz@onemorething.ca>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.4, delays=0.01/0/0/1.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=36836-17, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7328A3946F74)

    Oct 13 17:44:48 server postfix/qmgr[10532]: 1AAD13946F5F: removed

    Oct 13 17:44:49 server postfix/smtp[94049]: 7328A3946F74: to=<moisesruiz@onemorething.ca>, relay=mail.onemorething.ca[69.70.178.122]:25, delay=0.58, delays=0.03/0/0.05/0.5, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 973C3A07E2A)

    Oct 13 17:44:49 server postfix/qmgr[10532]: 7328A3946F74: removed

    Oct 13 17:45:03 server postfix/smtpd[94026]: disconnect from server.ecogenia.ca[207.115.108.189]

    Oct 13 17:45:47 server postfix/smtpd[94067]: disconnect from server.ecogenia.ca[207.115.108.189]

    Oct 13 17:49:07 server postfix/anvil[94030]: statistics: max connection rate 2/60s for (smtp:207.115.108.189) at Oct 13 17:44:47

    Oct 13 17:49:07 server postfix/anvil[94030]: statistics: max connection count 2 for (smtp:207.115.108.189) at Oct 13 17:44:47

    Oct 13 17:49:07 server postfix/anvil[94030]: statistics: max cache size 1 at Oct 13 17:44:00

    Oct 13 18:26:25 server postfix/smtpd[96448]: warning: 69.50.212.38: hostname server9.ourcomputer4u.com verification failed: nodename nor servname provided, or not known

    Oct 13 18:26:25 server postfix/smtpd[96448]: connect from unknown[69.50.212.38]

    Oct 13 18:26:26 server postfix/trivial-rewrite[96454]: warning: do not list domain eurolub.org in BOTH mydestination and virtual_alias_domains

    Oct 13 18:26:26 server postfix/smtpd[96448]: NOQUEUE: reject: RCPT from unknown[69.50.212.38]: 450 4.7.1 <plemieux@eurolub.org>: Recipient address rejected: Service is unavailable; from=<AmyLang572@www.bestpuppet.in> to=<plemieux@eurolub.org> proto=ESMTP helo=<winners.www.bestpuppet.in>

    Oct 13 18:26:26 server postfix/smtpd[96448]: disconnect from unknown[69.50.212.38]

    Oct 13 18:29:46 server postfix/anvil[96453]: statistics: max connection rate 1/60s for (smtp:69.50.212.38) at Oct 13 18:26:25

    Oct 13 18:29:46 server postfix/anvil[96453]: statistics: max connection count 1 for (smtp:69.50.212.38) at Oct 13 18:26:25

    Oct 13 18:29:46 server postfix/anvil[96453]: statistics: max cache size 1 at Oct 13 18:26:25

    Oct 13 18:29:55 server postfix/smtpd[96605]: connect from webdarwin.com[216.70.84.39]

    Oct 13 18:29:56 server postfix/smtpd[96605]: AE4A7394823D: client=webdarwin.com[216.70.84.39]

    Oct 13 18:29:56 server postfix/cleanup[96617]: AE4A7394823D: message-id=<20121013222956.AE4A7394823D@server.ecogenia.ca>

    Oct 13 18:29:56 server postfix/qmgr[10532]: AE4A7394823D: from=<mike@behlerconstruction.com>, size=862, nrcpt=1 (queue active)

    Oct 13 18:29:56 server postfix/smtpd[96605]: disconnect from webdarwin.com[216.70.84.39]

    Oct 13 18:29:57 server postfix/smtpd[96620]: connect from localhost[127.0.0.1]

    Oct 13 18:29:57 server postfix/smtpd[96620]: BAF773948249: client=localhost[127.0.0.1]

    Oct 13 18:29:57 server postfix/cleanup[96617]: BAF773948249: message-id=<20121013222956.AE4A7394823D@server.ecogenia.ca>

    Oct 13 18:29:57 server postfix/smtpd[96620]: disconnect from localhost[127.0.0.1]

    Oct 13 18:29:57 server postfix/qmgr[10532]: BAF773948249: from=<mike@behlerconstruction.com>, size=1692, nrcpt=1 (queue active)

    Oct 13 18:29:57 server postfix/smtp[96618]: AE4A7394823D: to=<guycrasnier@server.ecogenia.ca>, orig_to=<gcrasnier@ecogenia.ca>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.7, delays=0.68/0.08/0.05/0.88, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=36333-18, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as BAF773948249)

    Oct 13 18:29:57 server postfix/qmgr[10532]: AE4A7394823D: removed

    Oct 13 18:29:58 server postfix/pipe[96624]: BAF773948249: to=<guycrasnier@server.ecogenia.ca>, relay=dovecot, delay=0.46, delays=0.03/0.09/0/0.35, dsn=2.0.0, status=sent (delivered via dovecot service)

    Oct 13 18:29:58 server postfix/qmgr[10532]: BAF773948249: removed

    Oct 13 18:33:16 server postfix/anvil[96611]: statistics: max connection rate 1/60s for (smtp:216.70.84.39) at Oct 13 18:29:55

    Oct 13 18:33:16 server postfix/anvil[96611]: statistics: max connection count 1 for (smtp:216.70.84.39) at Oct 13 18:29:55

    Oct 13 18:33:16 server postfix/anvil[96611]: statistics: max cache size 1 at Oct 13 18:29:55

    Oct 13 19:39:40 server postfix/smtpd[575]: warning: 69.50.212.39: hostname admin.thecomputer4u.com verification failed: nodename nor servname provided, or not known

    Oct 13 19:39:40 server postfix/smtpd[575]: connect from unknown[69.50.212.39]

    Oct 13 19:39:40 server postfix/trivial-rewrite[580]: warning: do not list domain eurolub.org in BOTH mydestination and virtual_alias_domains

    Oct 13 19:39:41 server postfix/smtpd[575]: NOQUEUE: reject: RCPT from unknown[69.50.212.39]: 450 4.7.1 <plemieux@eurolub.org>: Recipient address rejected: Service is unavailable; from=<SeniorPeopleMeet.comDating487@www.bestresortcasino.in> to=<plemieux@eurolub.org> proto=ESMTP helo=<totals.www.bestresortcasino.in>

    Oct 13 19:39:41 server postfix/smtpd[575]: disconnect from unknown[69.50.212.39]

    Oct 13 19:43:01 server postfix/anvil[579]: statistics: max connection rate 1/60s for (smtp:69.50.212.39) at Oct 13 19:39:40

    Oct 13 19:43:01 server postfix/anvil[579]: statistics: max connection count 1 for (smtp:69.50.212.39) at Oct 13 19:39:40

    Oct 13 19:43:01 server postfix/anvil[579]: statistics: max cache size 1 at Oct 13 19:39:40