Today, our ISP blacklisted us from their relay. In the mail.log I discovered that the mail server is sending a lot of mails to postmaster@hostname.domain.tld "hostname" being the host name of the mail server. Tld=our country top level domain. We have an account (admin) that has the alias postmaster@domain.tld but mail to postmaster@hostname.domain.tld is relayed to the MX relay of our ISP, resulting in us being blacklisted.
Last 24 hours our mail server has had 10K SMTP sessions with the relay, as opposed to 12K the last 7 days. So it seems that this problem has started recently.
Why would the mail server send e-mails to postmaster@hostname.domain.tld? Where can I look to trouble shoot and fix this problem?
Thank you
Help: Mailserver sending messages to postmaster@hostname.domainname.tld - Now blacklisted by ISP relay
-
jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
Help: Mailserver sending messages to postmaster@hostname.domainname.tld - Now blacklisted by ISP relay
Hi Azeem,
Please keep in mind that this question needs to be open to the proper Forum - https://community.zimbra.com/zforums914/ This is only for Community Product, I hope that some admin move this thread.
After that, do you have something in the postqueue? What about zimbra.log?
Please try to apply this easy steps for reduce any attemtp of use openrelay function:
https://www.jorgedelacruz.es/2014/04/03 ... d-i-parte/
Also, please do a zmcontrol -v in a console and paste us.
Best regards
Please keep in mind that this question needs to be open to the proper Forum - https://community.zimbra.com/zforums914/ This is only for Community Product, I hope that some admin move this thread.
After that, do you have something in the postqueue? What about zimbra.log?
Please try to apply this easy steps for reduce any attemtp of use openrelay function:
https://www.jorgedelacruz.es/2014/04/03 ... d-i-parte/
Also, please do a zmcontrol -v in a console and paste us.
Best regards
Help: Mailserver sending messages to postmaster@hostname.domainname.tld - Now blacklisted by ISP relay
Thank you. Sorry for posting in the wrong forum, but I got confused in the temporary forums set up here.
Since this thread hasn't been moved yet, I'll use it for now.
We are running an old Zimbra 6.0.16 FOSS on Debian 4.0. We are in the process of migrating to 8.x Network edition on a new OS, but the migration has proved harder than I expected so I need to fix this problem that arose today.
I think the main cause was that the storage disks were out of space. Here is the first occurrence of something being sent to postmaster@hostname.domain.tld from mail.log:
Sep 17 13:40:08 mail2 postfix/smtpd[2693]: NOQUEUE: reject: MAIL from localhost.domain.no[127.0.0.1]: 452 4.3.1 Insufficient system storage; proto=ESMTP helo=<localhost>
Sep 17 13:40:08 mail2 postfix/smtpd[2693]: warning: not enough free space in mail queue: 291659776 bytes < 1.5*message size limit
Sep 17 13:40:08 mail2 postfix/cleanup[2680]: E8A6B2340DE: message-id=<20140917114008.E8A6B2340DE@mail2.domain.no>
Sep 17 13:40:08 mail2 postfix/qmgr[2940]: E8A6B2340DE: from=<double-bounce@mail2.domain.no>, size=981, nrcpt=1 (queue active)
mail2 is the hostname of the mailserver.
Also, I notice cleaned traffic passed on from amavis looks different yesterday and today:
Yesterday when everything was OK:
Sep 16 06:30:10 mail2 amavis[22511]: (22511-14) Passed CLEAN, <zimbra@mail2.domain.no> -> <admin@domain.no>,<myname@domain.no>, Message-ID: <20140911043004.74E7522C184@mail2.domain.no>, mail_id: hyM3l4f9-r0K, Hits: 2.782, size: 476, queued_as: 383092340DE, 5745 ms
Today, where we can see that a message is forwarded to postmaster@hostname.domain.tld, which does not exist (we have a postmaster@domain-tld):
Sep 17 16:40:22 mail2 amavis[12715]: (12715-04-2) Passed CLEAN, [109.247.116.9] [**.**.20.192] <double-bounce@mail2.domain.no> -> <postmaster@mail2.domain.no>, Message-ID: <20140917115027.153EA2340E0@mail2.domain.no>, mail_id: Nld1JPzUkYqx, Hits: -1.488, size: 2217, queued_as: 3682912C016, 6243 ms
Is the mailadresses at hostname.domain.tld something Zimbra uses by default; a misconfiguration some where (server has been running trouble free for years) or other?
We have cleaned up the disks, so it seems that the server is not sending to this address any more. We are still blacklisted, and I need to tell our ISP that we have fixed the problem, and prevent it from happening again.
Thank you for any help.
Arnljot
Since this thread hasn't been moved yet, I'll use it for now.
We are running an old Zimbra 6.0.16 FOSS on Debian 4.0. We are in the process of migrating to 8.x Network edition on a new OS, but the migration has proved harder than I expected so I need to fix this problem that arose today.
I think the main cause was that the storage disks were out of space. Here is the first occurrence of something being sent to postmaster@hostname.domain.tld from mail.log:
Sep 17 13:40:08 mail2 postfix/smtpd[2693]: NOQUEUE: reject: MAIL from localhost.domain.no[127.0.0.1]: 452 4.3.1 Insufficient system storage; proto=ESMTP helo=<localhost>
Sep 17 13:40:08 mail2 postfix/smtpd[2693]: warning: not enough free space in mail queue: 291659776 bytes < 1.5*message size limit
Sep 17 13:40:08 mail2 postfix/cleanup[2680]: E8A6B2340DE: message-id=<20140917114008.E8A6B2340DE@mail2.domain.no>
Sep 17 13:40:08 mail2 postfix/qmgr[2940]: E8A6B2340DE: from=<double-bounce@mail2.domain.no>, size=981, nrcpt=1 (queue active)
mail2 is the hostname of the mailserver.
Also, I notice cleaned traffic passed on from amavis looks different yesterday and today:
Yesterday when everything was OK:
Sep 16 06:30:10 mail2 amavis[22511]: (22511-14) Passed CLEAN, <zimbra@mail2.domain.no> -> <admin@domain.no>,<myname@domain.no>, Message-ID: <20140911043004.74E7522C184@mail2.domain.no>, mail_id: hyM3l4f9-r0K, Hits: 2.782, size: 476, queued_as: 383092340DE, 5745 ms
Today, where we can see that a message is forwarded to postmaster@hostname.domain.tld, which does not exist (we have a postmaster@domain-tld):
Sep 17 16:40:22 mail2 amavis[12715]: (12715-04-2) Passed CLEAN, [109.247.116.9] [**.**.20.192] <double-bounce@mail2.domain.no> -> <postmaster@mail2.domain.no>, Message-ID: <20140917115027.153EA2340E0@mail2.domain.no>, mail_id: Nld1JPzUkYqx, Hits: -1.488, size: 2217, queued_as: 3682912C016, 6243 ms
Is the mailadresses at hostname.domain.tld something Zimbra uses by default; a misconfiguration some where (server has been running trouble free for years) or other?
We have cleaned up the disks, so it seems that the server is not sending to this address any more. We are still blacklisted, and I need to tell our ISP that we have fixed the problem, and prevent it from happening again.
Thank you for any help.
Arnljot