rejected emails
This is a discussion on rejected emails within the mailing.postfix.users forums, part of the Mail Servers and Related category; rogv24@yahoo.com wrote: > > I checked in postconf the only thing that came up was: > unknown_client_reject_code = 450 ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-27-2006
|
|||
|
|||
Re: rejected emails
rogv24@yahoo.com wrote:
> > I checked in postconf the only thing that came up was: > unknown_client_reject_code = 450 It's probably unset. Try: postconf -d | grep client Should be about 2nd from the bottom 
|
|
10-27-2006
|
|||
|
|||
|
Re: rejected emails
that is the only thing I found under postconf:
unknown_client_reject_code = 450 Greg Hackney wrote: > rogv24@yahoo.com wrote: > > > I did a postconf and i didn't even see reject_unknown_client. > > You'll see it in "man 5 postconf". > > It won't appear in the output of "postconf" until you actually > use it in the configuration. What you will be able to see with > postconf, is the heading that it usually goes under, > smtpd_client_restrictions > > > > So I guess I have to wait. > > No waiting, it's there. It was there in Version 1.something. > > > > Is it best to reinstall Postfix with the new version or upgrade? > > I've since forgotten what OS you are running, but with Linux it > doesn't matter whether you upgrade from an RPM or distribution > package, or do a "make install" from the source code, it won't > blow away your configs in /etc/postfix. But it's smart to > always back up those files anyway. > > -- > Greg
|
|
10-31-2006
|
|||
|
|||
|
Re: rejected emails
I have another question I scanned my log file and found that 125.24.193.52 have submitted spam. Also there are over 40 IP addresses for example 125.24.173.114, 125.24.193.52 have submitted spam. Can I safely say that blocking 125.24 will be OK to add to posfix. If so I am not sure how to do it because I must make sure it reads from left to right and not rejecting emails that are 20.30.125.24. rogv24@yahoo.com wrote: > that is the only thing I found under postconf: > unknown_client_reject_code = 450 > > Greg Hackney wrote: > > rogv24@yahoo.com wrote: > > > > > I did a postconf and i didn't even see reject_unknown_client. > > > > You'll see it in "man 5 postconf". > > > > It won't appear in the output of "postconf" until you actually > > use it in the configuration. What you will be able to see with > > postconf, is the heading that it usually goes under, > > smtpd_client_restrictions > > > > > > > So I guess I have to wait. > > > > No waiting, it's there. It was there in Version 1.something. > > > > > > > Is it best to reinstall Postfix with the new version or upgrade? > > > > I've since forgotten what OS you are running, but with Linux it > > doesn't matter whether you upgrade from an RPM or distribution > > package, or do a "make install" from the source code, it won't > > blow away your configs in /etc/postfix. But it's smart to > > always back up those files anyway. > > > > -- > > Greg
|
|
10-31-2006
|
|||
|
|||
|
Re: rejected emails
rogv24@yahoo.com wrote:
> > I have another question I scanned my log file and found that > 125.24.193.52 > have submitted spam. Also there are over 40 IP addresses for example > 125.24.173.114, 125.24.193.52 have submitted spam. Can I safely say > that blocking > 125.24 will be OK to add to posfix. If so I am not sure how to do it > because > I must make sure it reads from left to right and not rejecting emails > that are 20.30.125.24. Yes, it's read left to right, and 125.24 is the entire subnet for that adsl address pool in Bangkok. (whois -h whois.arin.net 125.24.193.52) If you ever want to block classless subnets that use CIDR notation, then you can't use the access table format. It has to be a CIDR table. cidr:/etc/postfix/filename (man 5 cidr_table). The CIDR format for that same block, is: 125.24.0.0/16 REJECT -- Greg
|
|
10-31-2006
|
|||
|
|||
|
Re: rejected emails
when I entered the whois command I saw AU and that is Australia. Where
are getting Bangkok from? Also where did you get the arin.net from? Thanks Roger Greg Hackney wrote: > rogv24@yahoo.com wrote: > > > > I have another question I scanned my log file and found that > > 125.24.193.52 > > have submitted spam. Also there are over 40 IP addresses for example > > 125.24.173.114, 125.24.193.52 have submitted spam. Can I safely say > > that blocking > > 125.24 will be OK to add to posfix. If so I am not sure how to do it > > because > > I must make sure it reads from left to right and not rejecting emails > > that are 20.30.125.24. > > Yes, it's read left to right, and 125.24 is the entire subnet > for that adsl address pool in Bangkok. > > (whois -h whois.arin.net 125.24.193.52) > > If you ever want to block classless subnets that use CIDR notation, > then you can't use the access table format. It has to be a CIDR table. > cidr:/etc/postfix/filename (man 5 cidr_table). > > The CIDR format for that same block, is: > 125.24.0.0/16 REJECT > > -- > Greg
|
|
10-31-2006
|
|||
|
|||
|
Re: rejected emails
rogv24@yahoo.com wrote:
> when I entered the whois command I saw AU and that is Australia. Where > are getting Bangkok from? Also where did you get the arin.net from? whois.arin.net is the lookup site of the American Registry for Internet numbers. If the IP is not an American number, it should redirect to the correct registry, which in this case is whois.apnic.net (The Asia/Pacific registry for Internet numbers). Mine redirects like this: $ whois -h whois.arin.net 125.24.193.52 [Querying whois.arin.net] [Redirected to whois.apnic.net] [Querying whois.apnic.net] Followed by a lot of data output, including these lines: inetnum: 125.24.0.0 - 125.24.255.255 netname: tot-ip-3-adsl-kkm-bras-ip-pool descr: tot ip network ip address pool for adsl services admin-c: tk56-ap person: tawat kerdput nic-hdl: TK56-AP e-mail: tawath@tot.co.th address: 89/2 Moo 3 Chaengwattana Rd, Laksi, Bangkok 10210 THAILAND -- Greg
|
|
11-01-2006
|
|||
|
|||
|
Re: rejected emails
hello Greg,
We are getting a bunch of rejects like this. Please note the IP address and I cannot block it because this customer is doing business with us. What can the customer AITG do to prevent this from happening. I contacted them and they don't know whats going on. They are just grabbing their IP address. Oct 31 14:01:36 si-ems01 postfix/smtpd[25041]: [ID 197553 mail.info] disconnect from noc026.aitg.com[66.77.54.5] Oct 31 14:01:42 si-ems02 postfix/smtpd[11997]: [ID 197553 mail.info] connect from noc026.aitg.com[66.77.54.5] Oct 31 14:01:42 si-ems02 postfix/smtpd[11997]: [ID 197553 mail.info] C9CB36E29: client=noc026.aitg.com[66.77.54.5] Oct 31 14:01:42 si-ems02 postfix/smtpd[11997]: [ID 197553 mail.info] C9CB36E29: reject: RCPT from noc026.aitg.com[66.77.54.5]: 554 < noc026.aitg.com[66.77.54.5]>: Client host rejected: Access denied; from=<efotqdn@net.pe> to=<WimberlyN@si.edu> proto=ESMTP helo=<noc 026.aitg.com> Oct 31 13:57:59 si-mailout01 postfix/smtp[7857]: [ID 197553 mail.info] DC247EC46F: to=<susan@fonz.org>, relay=none, delay=1, status= deferred (connect to mail.fonz.org[66.77.54.58]: Connection refused) Oct 31 14:00:22 si-ems02 postfix/smtpd[11590]: [ID 197553 mail.info] connect from noc026.aitg.com[66.77.54.5] Oct 31 14:00:22 si-ems02 postfix/smtpd[11590]: [ID 197553 mail.info] 4B91A6F7C: client=noc026.aitg.com[66.77.54.5] Oct 31 14:00:22 si-ems02 postfix/smtpd[11590]: [ID 197553 mail.info] 4B91A6F7C: reject: RCPT from noc026.aitg.com[66.77.54.5]: 554 < noc026.aitg.com[66.77.54.5]>: Client host rejected: Access denied; from=<rmayne@erols.com> to=<crawfordm@si.edu> proto=ESMTP helo=<n oc026.aitg.com> Oct 31 14:00:23 si-ems02 postfix/smtpd[12052]: [ID 197553 mail.info] connect from noc026.aitg.com[66.77.54.5] Oct 31 14:00:23 si-ems02 postfix/smtpd[12052]: [ID 197553 mail.info] 0E5D66FAE: client=noc026.aitg.com[66.77.54.5] Oct 31 14:00:23 si-ems02 postfix/smtpd[12052]: [ID 197553 mail.info] 0E5D66FAE: reject: RCPT from noc026.aitg.com[66.77.54.5]: 554 < noc026.aitg.com[66.77.54.5]>: Client host rejected: Access denied; from=<spainjazmi@boo.net> to=<hanleyl@si.edu> proto=ESMTP helo=<n oc026.aitg.com> Greg Hackney wrote: > rogv24@yahoo.com wrote: > > when I entered the whois command I saw AU and that is Australia. Where > > are getting Bangkok from? Also where did you get the arin.net from? > > > whois.arin.net is the lookup site of the American Registry for > Internet numbers. If the IP is not an American number, it should > redirect to the correct registry, which in this case is > whois.apnic.net (The Asia/Pacific registry for Internet numbers). > > Mine redirects like this: > > $ whois -h whois.arin.net 125.24.193.52 > [Querying whois.arin.net] > [Redirected to whois.apnic.net] > [Querying whois.apnic.net] > > Followed by a lot of data output, including > these lines: > > inetnum: 125.24.0.0 - 125.24.255.255 > netname: tot-ip-3-adsl-kkm-bras-ip-pool > descr: tot ip network ip address pool for adsl services > admin-c: tk56-ap > person: tawat kerdput > nic-hdl: TK56-AP > e-mail: tawath@tot.co.th > address: 89/2 Moo 3 Chaengwattana Rd, Laksi, Bangkok 10210 THAILAND > > -- > Greg
|
|
11-01-2006
|
|||
|
|||
|
Re: rejected emails
rogv24@yahoo.com wrote:
> Oct 31 14:00:22 si-ems02 postfix/smtpd[11590]: [ID 197553 mail.info] > 4B91A6F7C: reject: RCPT from noc026.aitg.com[66.77.54.5]: 554 > noc026.aitg.com[66.77.54.5]>: Client host rejected: Access denied; It looks like it's being blocked by something within smtpd_client_restrictions, or a check_client_access configuration. (Something that you configured in, based either on IP addresses or domain names). -- Greg
|
Linear Mode
