These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for something wrong with postfix server on the new forum.
My client sudden reported that he could not send and receive email.
Then I checked the postfix process is running and I try to telnet localhost 25 for a full smtp test and got the same problem on this comment I found so far http://www.virtualmin.com/node/21459#comment-96935
and I tried to stop and start postfix daemon and it stucked at Staring postfix. The I tried to reboot the server, the postfix could not start I listed daemon process with ps -ef
show somthing strange
root 2821 1539 0 21:38 ? 00:00:00 /bin/sh /etc/rc3.d/S80postfix start
root 2831 2821 0 21:38 ? 00:00:00 /bin/sh /usr/libexec/postfix/postfix-script start
root 2838 2831 0 21:38 ? 00:00:00 /bin/sh /usr/libexec/postfix/postfix-script check-fatal
postfix 2864 2838 0 21:38 ? 00:00:01 /usr/sbin/postsuper
and I from something error on maillog
host2 postfix/postfix-script[25293]: fatal: Postfix integrity check failed!
Howdy,
What distro/version are you using?
Also, are you using a VPS, or dedicated server? If a VPS, what type of VPS?
And if you look in your email logs, either /var/log/maillog or /var/log/mail.log when starting up and connecting to Postfix, do you see any errors?
-Eric
centos 5.5 dedicated server
I just read this comment https://www.virtualmin.com/node/19621#comment-88500
and I did execute this command postfix set-permissions
It seems this process take quite a bit of time to finish.
the postfix set-permissions is finished
The postfix could start but when I test smtp locally in ssh, I send a message to myself but still not received
[root@host]# telnet localhost 25
Trying MYIP...
Connected to host.
Escape character is '^]'.
220 host ESMTP Postfix
HELO host
250 host
MAIL FROM:<test@mydomain.com>
250 2.1.0 Ok
RCPT TO:<test@mydomain.com>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject: test
asdadasd.
.
250 2.0.0 Ok: queued as 1CA36160ADE
quit
221 2.0.0 Bye
Connection closed by foreign host.
I ps -ef the postfix process
there are quite a many of these processes postfix 429 4106 0 05:06 ? 00:00:00 error -n retry -t unix -u postfix 1165 4106 0 05:16 ? 00:00:00 bounce -z -n defer -t unix -u
I searched a post on google http://www.howtoforge.com/forums/archive/index.php/t-43821.html
the guy said extacly the issue I'm suffering from.
I checked my smtp server is not open relay
I check whether smtp server ip is blacklisted with the site mentioned in the post http://mxtoolbox.com/blacklists.aspx
My smtp ip all passed except BARRACUDA
http://postimg.org/image/4g666crxv/
There is one more problem is I could not open the webmin postfix config page. The web browser status just showing transferring data from xx.xx.xx.xx The is no such problem on other webmin page.
Howdy,
If you run this command, what output do you receive:
mailq | tail -1
That'll show how many email messages are in your queue.
Also, what does the command "uptime" show?
-Eric
I could not show the status right now. I stopped postfix yesterday. Now I started postfix. More than 10 mins of stucking at "Starting postfix" prompt.
I've no idea what wrong with it.
postfix is started finally~~~~~~startup time required nearly 30mins -_-|||
mailq | tail -1 no output
uptime of an instance of execution time
09:21:12 up 47 min, 2 users, load average: 35.04, 15.54, 6.72
At the same time I tail -f /var/log/maillog
There are lot of message log filling out the log file here are some of them
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 699CE63EC6E7: from=<>, size=8227, nrcpt=1 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 67D7F64B00EB: from=<lpmyj@yahoo.com.tw>, size=3364, nrcpt=11 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 63E4E63FA7CB: from=<uvnhbl@yahoo.com.tw>, size=3914, nrcpt=11 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 625FE64A9581: from=<lpmyj@yahoo.com.tw>, size=4406, nrcpt=10 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 6B01A62DB8C5: from=<uvnhbl@yahoo.com.tw>, size=3534, nrcpt=11 (queue active)
Apr 11 09:23:53 host2 postfix/smtp[6526]: 6860D64D978A: host filter4.mail.xuite.net[210.242.46.179] said: 452 Too many recipients received this hour from Host: Unknown (IP: 58.64.134.102) (in reply to RCPT TO command)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 641B064BBB32: from=<ndwsfzwl@yahoo.com.tw>, size=4284, nrcpt=10 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 6919C52DAC1A: from=<uvnhbl@yahoo.com.tw>, size=3941, nrcpt=10 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 6D772648BA0B: from=<uvnhbl@yahoo.com.tw>, size=3881, nrcpt=10 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 6613B651C3EA: from=<ndwsfzwl@yahoo.com.tw>, size=3401, nrcpt=11 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 6641164D8B85: from=<ndwsfzwl@yahoo.com.tw>, size=4440, nrcpt=11 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 6A51C46D8F00: from=<ndwsfzwl@yahoo.com.tw>, size=3321, nrcpt=10 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 6357364D8820: from=<ndwsfzwl@yahoo.com.tw>, size=4236, nrcpt=11 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 665606426595: from=<uvnhbl@yahoo.com.tw>, size=3901, nrcpt=10 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 622DB64D0FFE: from=<ndwsfzwl@yahoo.com.tw>, size=3404, nrcpt=11 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 68DA4645673F: from=<uvnhbl@yahoo.com.tw>, size=4491, nrcpt=10 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 65CAA64DBD39: from=<uvnhbl@yahoo.com.tw>, size=3893, nrcpt=11 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 6F449F22912: removed
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 699C5638820F: from=<lpmyj@yahoo.com.tw>, size=3987, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6F5B064A7435: from=<ndwsfzwl@yahoo.com.tw>, size=3908, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6A04D63A8C9C: from=<lpmyj@yahoo.com.tw>, size=3966, nrcpt=10 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6209E64BC52C: from=<ndwsfzwl@yahoo.com.tw>, size=2881, nrcpt=10 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 68D7A6503ED3: from=<ndwsfzwl@yahoo.com.tw>, size=4017, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6CA966490A4A: from=<ndwsfzwl@yahoo.com.tw>, size=4348, nrcpt=10 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6B7B36497884: from=<lpmyj@yahoo.com.tw>, size=4273, nrcpt=10 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6BB8664B85DF: from=<ndwsfzwl@yahoo.com.tw>, size=3900, nrcpt=10 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6DDE8648178B: from=<uvnhbl@yahoo.com.tw>, size=3458, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 64E1B64D3C2C: from=<ndwsfzwl@yahoo.com.tw>, size=3263, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6952042F9574: from=<lpmyj@yahoo.com.tw>, size=3835, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 66DBD64EC3C4: from=<ndwsfzwl@yahoo.com.tw>, size=4420, nrcpt=10 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 66A6246DACD1: from=<uvnhbl@yahoo.com.tw>, size=4247, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 66FD66499F9A: from=<uvnhbl@yahoo.com.tw>, size=3952, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6FFF2640F966: from=<>, size=6303, nrcpt=1 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6417364882A2: from=<ndwsfzwl@yahoo.com.tw>, size=2581, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 628FE6531B2D: from=<ndwsfzwl@yahoo.com.tw>, size=4331, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6A71C64BE58F: from=<ndwsfzwl@yahoo.com.tw>, size=3180, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6FF1E63453D2: from=<lpmyj@yahoo.com.tw>, size=3309, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/error[6060]: 68671649374C: to=<eoody@ms1.hinet.net>, relay=none, delay=507402, delays=507376/23/0/3.1, dsn=4.0.0, status=deferred (delivery temporarily suspended: host msx-smtp4.hinet.net[168.95.5.36] refused to talk to me: 421 Too many SMTP sessions for this host)
Apr 11 09:23:54 host2 postfix/bounce[6514]: 67D43646DB5F: sender non-delivery notification: 0167A633998A
Apr 11 09:23:54 host2 postfix/error[6152]: 6559F64746E7: to=<lovemicky922@yahoo.com.tw>, relay=none, delay=521315, delays=521057/237/0/21, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mta-v4.mail.vip.tp2.yahoo.com[203.188.197.111] refused to talk to me: 421 4.7.1 [TS03] All messages from 58.64.134.102 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html)
postfix is started finally~~~~~~startup time required nearly 30mins -_-|||
mailq | tail -1 no output
uptime of an instance of execution time
09:21:12 up 47 min, 2 users, load average: 35.04, 15.54, 6.72
At the same time I tail -f /var/log/maillog
There are lot of message log filling out the log file here are some of them
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 699CE63EC6E7: from=<>, size=8227, nrcpt=1 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 67D7F64B00EB: from=<lpmyj@yahoo.com.tw>, size=3364, nrcpt=11 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 63E4E63FA7CB: from=<uvnhbl@yahoo.com.tw>, size=3914, nrcpt=11 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 625FE64A9581: from=<lpmyj@yahoo.com.tw>, size=4406, nrcpt=10 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 6B01A62DB8C5: from=<uvnhbl@yahoo.com.tw>, size=3534, nrcpt=11 (queue active)
Apr 11 09:23:53 host2 postfix/smtp[6526]: 6860D64D978A: host filter4.mail.xuite.net[210.242.46.179] said: 452 Too many recipients received this hour from Host: Unknown (IP: 58.64.134.102) (in reply to RCPT TO command)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 641B064BBB32: from=<ndwsfzwl@yahoo.com.tw>, size=4284, nrcpt=10 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 6919C52DAC1A: from=<uvnhbl@yahoo.com.tw>, size=3941, nrcpt=10 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 6D772648BA0B: from=<uvnhbl@yahoo.com.tw>, size=3881, nrcpt=10 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 6613B651C3EA: from=<ndwsfzwl@yahoo.com.tw>, size=3401, nrcpt=11 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 6641164D8B85: from=<ndwsfzwl@yahoo.com.tw>, size=4440, nrcpt=11 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 6A51C46D8F00: from=<ndwsfzwl@yahoo.com.tw>, size=3321, nrcpt=10 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 6357364D8820: from=<ndwsfzwl@yahoo.com.tw>, size=4236, nrcpt=11 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 665606426595: from=<uvnhbl@yahoo.com.tw>, size=3901, nrcpt=10 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 622DB64D0FFE: from=<ndwsfzwl@yahoo.com.tw>, size=3404, nrcpt=11 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 68DA4645673F: from=<uvnhbl@yahoo.com.tw>, size=4491, nrcpt=10 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 65CAA64DBD39: from=<uvnhbl@yahoo.com.tw>, size=3893, nrcpt=11 (queue active)
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 6F449F22912: removed
Apr 11 09:23:53 host2 postfix/qmgr[5498]: 699C5638820F: from=<lpmyj@yahoo.com.tw>, size=3987, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6F5B064A7435: from=<ndwsfzwl@yahoo.com.tw>, size=3908, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6A04D63A8C9C: from=<lpmyj@yahoo.com.tw>, size=3966, nrcpt=10 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6209E64BC52C: from=<ndwsfzwl@yahoo.com.tw>, size=2881, nrcpt=10 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 68D7A6503ED3: from=<ndwsfzwl@yahoo.com.tw>, size=4017, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6CA966490A4A: from=<ndwsfzwl@yahoo.com.tw>, size=4348, nrcpt=10 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6B7B36497884: from=<lpmyj@yahoo.com.tw>, size=4273, nrcpt=10 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6BB8664B85DF: from=<ndwsfzwl@yahoo.com.tw>, size=3900, nrcpt=10 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6DDE8648178B: from=<uvnhbl@yahoo.com.tw>, size=3458, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 64E1B64D3C2C: from=<ndwsfzwl@yahoo.com.tw>, size=3263, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6952042F9574: from=<lpmyj@yahoo.com.tw>, size=3835, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 66DBD64EC3C4: from=<ndwsfzwl@yahoo.com.tw>, size=4420, nrcpt=10 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 66A6246DACD1: from=<uvnhbl@yahoo.com.tw>, size=4247, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 66FD66499F9A: from=<uvnhbl@yahoo.com.tw>, size=3952, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6FFF2640F966: from=<>, size=6303, nrcpt=1 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6417364882A2: from=<ndwsfzwl@yahoo.com.tw>, size=2581, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 628FE6531B2D: from=<ndwsfzwl@yahoo.com.tw>, size=4331, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6A71C64BE58F: from=<ndwsfzwl@yahoo.com.tw>, size=3180, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/qmgr[5498]: 6FF1E63453D2: from=<lpmyj@yahoo.com.tw>, size=3309, nrcpt=11 (queue active)
Apr 11 09:23:54 host2 postfix/error[6060]: 68671649374C: to=<eoody@ms1.hinet.net>, relay=none, delay=507402, delays=507376/23/0/3.1, dsn=4.0.0, status=deferred (delivery temporarily suspended: host msx-smtp4.hinet.net[168.95.5.36] refused to talk to me: 421 Too many SMTP sessions for this host)
Apr 11 09:23:54 host2 postfix/bounce[6514]: 67D43646DB5F: sender non-delivery notification: 0167A633998A
Apr 11 09:23:54 host2 postfix/error[6152]: 6559F64746E7: to=<lovemicky922@yahoo.com.tw>, relay=none, delay=521315, delays=521057/237/0/21, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mta-v4.mail.vip.tp2.yahoo.com[203.188.197.111] refused to talk to me: 421 4.7.1 [TS03] All messages from 58.64.134.102 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html)
Apr 11 09:26:29 host2 postfix/smtp[6685]: connect to msx-smtp4.hinet.net[168.95.5.35]:25: Connection timed out
Apr 11 09:26:36 host2 postfix/qmgr[5498]: 67FD064885EF: removed
Apr 11 09:26:36 host2 postfix/qmgr[5498]: 66C15648577B: from=<uvnhbl@yahoo.com.tw>, status=expired, returned to sender
Apr 11 09:26:36 host2 postfix/qmgr[5498]: 60B4E6472C2A: from=<uvnhbl@yahoo.com.tw>, status=expired, returned to sender
Apr 11 09:26:30 host2 postfix/smtp[6694]: connect to msx-smtp4.hinet.net[168.95.5.36]:25: Connection timed out
Apr 11 09:26:31 host2 postfix/smtp[6695]: connect to msx-smtp6.hinet.net[168.95.5.52]:25: Connection timed out
Apr 11 09:26:36 host2 postfix/smtp[5989]: connect to msx-smtp7.hinet.net[168.95.5.76]:25: Connection timed out
Apr 11 09:26:36 host2 postfix/qmgr[5498]: 6A974649D353: from=<lpmyj@yahoo.com.tw>, size=3959, nrcpt=11 (queue active)
Apr 11 09:26:36 host2 postfix/error[6152]: 6AD4364A9D50: to=<money169@kimo.com>, relay=none, delay=498787, delays=498778/7.4/0/1.8, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mx1.mail.tw.yahoo.com[203.188.197.119] refused to talk to me: 421 4.7.1 [TS03] All messages from 58.64.134.102 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html)
Where are the messages generated from ? It could fill up the maillog in hundred of MB size in short period of time.
I executed command postsuper -d ALL to kill all mail queues
During the duration of process the command, I read all post related postfix, mail in this forum and found this post http://www.virtualmin.com/node/23328
my smtp server issue is closed to the airshock described.
After spending a few hours, command postsuper -d ALL finished and gave me 1603623 messages removed. Now I could ensure my server problem is same as airshock.
I use postcat to open one of message queue id
*** ENVELOPE RECORDS active/00A61654E77B ***
message_size: 3914 1665 11 0 3914
message_arrival_time: Sat Apr 6 13:52:11 2013
create_time: Sat Apr 6 13:52:13 2013
named_attribute: log_ident=00A61654E77B
named_attribute: rewrite_context=remote
named_attribute: sasl_method=LOGIN
named_attribute: sasl_username=demo
sender: ndwsfzwl@yahoo.com.tw
named_attribute: log_client_name=mdh-14-177.tm.net.my
named_attribute: log_client_address=219.92.14.177
named_attribute: log_client_port=2057
named_attribute: log_message_origin=mdh-14-177.tm.net.my[219.92.14.177]
named_attribute: log_helo_name=kkxgkh.com
named_attribute: log_protocol_name=ESMTP
named_attribute: client_name=mdh-14-177.tm.net.my
named_attribute: reverse_client_name=mdh-14-177.tm.net.my
named_attribute: client_address=219.92.14.177
named_attribute: client_port=2057
named_attribute: helo_name=kkxgkh.com
named_attribute: protocol_name=ESMTP
named_attribute: client_address_type=2
named_attribute: dsn_orig_rcpt=rfc822;a1876511@yahoo.com.tw
original_recipient: a1876511@yahoo.com.tw
recipient: a1876511@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;wendy_shao1972@yahoo.com.tw
original_recipient: wendy_shao1972@yahoo.com.tw
recipient: wendy_shao1972@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;walklulu@yahoo.com.tw
original_recipient: walklulu@yahoo.com.tw
recipient: walklulu@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;bj36473647@yahoo.com.tw
original_recipient: bj36473647@yahoo.com.tw
recipient: bj36473647@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;win1@ms16.hinet.net
original_recipient: win1@ms16.hinet.net
recipient: win1@ms16.hinet.net
named_attribute: dsn_orig_rcpt=rfc822;topever@ms27.hinet.net
original_recipient: topever@ms27.hinet.net
recipient: topever@ms27.hinet.net
named_attribute: dsn_orig_rcpt=rfc822;nage0405@yahoo.com.tw
original_recipient: nage0405@yahoo.com.tw
recipient: nage0405@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;chiahua_li@yahoo.com.tw
original_recipient: chiahua_li@yahoo.com.tw
recipient: chiahua_li@yahoo.com.tw
named_attribute: dsn_orig_rcpt=rfc822;twopeichen@yahoo.com.tw
original_recipient: twopeichen@yahoo.com.tw
recipient: twopeichen@yahoo.com.tw
the header make me surprised. named_attribute: sasl_username=demo <--------- is it that the user for sending spam remotely ?
Is yes, however I went over all the virtual servers to see whether there is a user named demo, result is none. And I read the /etc/passwd and no such a user id named demo too.
I did another small test to see whether those spam message is orignated from a web script or send remotely.
I turn off incoming smtp port on the firewall and start postfix. Monitoring the /var/log/maillog for a certain period of time.............
After a few hours of monitoring the maillog, incoming smtp port being ported, there is no abnormal mail log appeared. As a conclusion, all spam mails are sending from outside and being some smtp policy restriction, those emails cannot be delivered from my server and queued
Now the problem is why is the demo (a login account ?) could pass the sasl authentication ?
I search thru file /var/log/audit/audit.log and could not find demo was logged in
Howdy,
You may want to take a look in /var/log/maillog... seeing "sasl_authenticated" suggests that a user used an SMTP authentication method (typically port 465 or 587) to login as that user.
And any user who authenticates via that method would show up in /var/log/maillog.
If you haven't already, you may want to change the password for that user though.
-Eric