[sdnog] mail problem
Nishal Goburdhan
nishal at controlfreak.co.za
Tue Jan 26 12:49:35 SAST 2016
On 25 Jan 2016, at 13:51, Sahlih Shihab wrote:
> Dear All
> Greetings
> We need some help please,
> We have a hosting server with "postfix" mail server, our mail server
> sent spam to outside - see the following-, while this email
> cbe at carib.com not fount in our mail server
> What should we do to fix this issue.
> Thanks
>
> mailq output
> -- D94D9501C18 1340729 Fri Jan 22 22:39:02 cbe at carib.com
> (host mx-apac.mail.gm0.yahoodns.net[106.10.166.54] said: 421 4.7.0
> [TS01] Messages from 41.67.16.200 temporarily deferred due to user
> complaints - 4.16.55.1; see
> https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL
> FROM command))
well for a start, it would appear that someone was able to use your mail
server to send lots of mail to yahoo.com. that’s quite serious, since
mail is largely “reputation based” and once you’ve been identified
as a spam sender, it usually takes significant effort to get off it.
so, before doing anything, i’d suggest you spend some serious effort
to understand how this (sending that large volume of mail) was able to
be achieved. your system logs are probably your best bet in determining
this. then check for weak passwords; check to see who is allowed to
relay mail through you, how that relay process works (eg. SMTP-AUTH),
etc.
the error message at yahoo does indicate that this is a temporary block;
if you’re certain it’s unnecessary mail, consider flushing your
mail queue? i’m no mail expert, so hopefully others can give you
better responses :-)
—n.
More information about the sdnog
mailing list