[postfix-es] urgente: actividad inusitada
Synergia Computación
synergia en adsl.tie.cl
Vie Sep 26 04:23:28 CEST 2003
Hola, muchísimas gracias, espero que me puedan ayudar.
Envío las salidas que me sugieren, más la útlima parte de maillog en
/var/tmp, que está pesando más de 200 Mbs! :(((
Separo con "--------------------------------------" cada cosa, para mejor
entendimiento.
-------------------------------------- Esta es la salida de postconf -d
mail_version...
root en servidor:~# postconf -d mail_version
mail_version = 2.0.0.2
-------------------------------------- ... y esta la de postconf -n
root en servidor:~# postconf -n
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
home_mailbox = Mailbox
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/man
mydestination = $myhostname, localhost.$mydomain, $mydomain, mail.$mydomain,
www.$mydomain, ftp.$mydomain
mydomain = movimientohumanista.cl
mynetworks_style = class
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /mnt/respaldo/postfix_readme
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
unknown_local_recipient_reject_code = 450
-------------------------------------- En adelante, un extracto del
/var/tmp/maillog
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A285D31FD5:
to=<t6-j en esignal.com>, relay=none, delay=94242, status=deferred (connect to
srvrmg1.esignal.com[216.23.230.146]: Connection timed out)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: AC4983225B:
from=<ypwcntohnix en att.net>, size=1327, nrcpt=30 (queue active)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: AC4983225B:
to=<e4eka en ameritrade.com>, relay=none, delay=94054, status=deferred
(connect to smtp.ameritrade.com[199.200.9.140]: Connection timed out)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: AC4983225B: to=<npk en esignal.com>,
relay=none, delay=94054, status=deferred (connect to
srvrmg1.esignal.com[216.23.230.146]: Connection timed out)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A28973239B: from=<lob4 en juno.com>,
size=1294, nrcpt=22 (queue active)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A28973239B:
to=<e7oaa en ameritrade.com>, relay=none, delay=93967, status=deferred
(connect to smtp.ameritrade.com[199.200.9.140]: Connection timed out)
Sep 25 22:30:19 servidor postfix/smtp[7051]: connect to
sampson.customcpu.com[209.124.140.31]: Connection timed out (port 25)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A28973239B:
to=<e7ob en esignal.com>, relay=none, delay=93967, status=deferred (connect to
srvrmg1.esignal.com[216.23.230.146]: Connection timed out)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A6D86323AB: from=<tnipo en att.net>,
size=1270, nrcpt=23 (queue active)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A6D86323AB:
to=<e7ama en ameritrade.com>, relay=none, delay=93960, status=deferred
(connect to smtp.ameritrade.com[199.200.9.140]: Connection timed out)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A6D86323AB:
to=<tabba en ameritrade.com>, relay=none, delay=93960, status=deferred
(connect to smtp.ameritrade.com[199.200.9.140]: Connection timed out)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A6D86323AB:
to=<e7am en esignal.com>, relay=none, delay=93960, status=deferred (connect to
srvrmg1.esignal.com[216.23.230.146]: Connection timed out)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A4FD032343:
from=<gizicvdtn en compuserve.com>, size=1279, nrcpt=30 (queue active)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A4FD032343:
to=<e7ag en esignal.com>, relay=none, delay=93989, status=deferred (connect to
srvrmg1.esignal.com[216.23.230.146]: Connection timed out)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A2886324E3:
from=<ypphui4doygj en usa.net>, size=1373, nrcpt=24 (queue active)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A2886324E3:
to=<141c en esignal.com>, relay=none, delay=93869, status=deferred (connect to
srvrmg1.esignal.com[216.23.230.146]: Connection timed out)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A2886324E3:
to=<nqeb en esignal.com>, relay=none, delay=93869, status=deferred (connect to
srvrmg1.esignal.com[216.23.230.146]: Connection timed out)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A4F77324BB:
from=<dq7l en compuserve.com>, size=1384, nrcpt=20 (queue active)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A4F77324BB:
to=<141a en esignal.com>, relay=none, delay=93883, status=deferred (connect to
srvrmg1.esignal.com[216.23.230.146]: Connection timed out)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A4F77324BB: to=<nqe en esignal.com>,
relay=none, delay=93883, status=deferred (connect to
srvrmg1.esignal.com[216.23.230.146]: Connection timed out)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A76B02EDD5:
from=<ofs7kw72 en yahoo.com>, size=1375, nrcpt=16 (queue active)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A76B02EDD5:
to=<ltem en esignal.com>, relay=none, delay=93635, status=deferred (connect to
srvrmg1.esignal.com[216.23.230.146]: Connection timed out)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A33B432840:
from=<ogc8abuqyj en prodigy.net>, size=1330, nrcpt=29 (queue active)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A33B432840:
to=<nrcg en esignal.com>, relay=none, delay=93580, status=deferred (connect to
srvrmg1.esignal.com[216.23.230.146]: Connection timed out)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A9DAD3272D:
from=<tnibburqiaw en prodigy.net>, size=1315, nrcpt=22 (queue active)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A9DAD3272D:
to=<nrcd en esignal.com>, relay=none, delay=93665, status=deferred (connect to
srvrmg1.esignal.com[216.23.230.146]: Connection timed out)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: AED6F328A0:
from=<gi5g en attbi.com>, size=1351, nrcpt=19 (queue active)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: AED6F328A0:
to=<e_ka en esignal.com>, relay=none, delay=93556, status=deferred (connect to
srvrmg1.esignal.com[216.23.230.146]: Connection timed out)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A617032CA5:
from=<gi4rclw en prodigy.net>, size=1315, nrcpt=35 (queue active)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A617032CA5:
to=<nrsc en esignal.com>, relay=none, delay=93176, status=deferred (connect to
srvrmg1.esignal.com[216.23.230.146]: Connection timed out)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A617032CA5: to=<nrsc en ipxnet.com>,
relay=none, delay=93176, status=deferred (Name service error for
name=ipxnet.com type=MX: Host not found, try again)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A72573309F:
from=<givpz7u6 en apexmail.com>, size=1321, nrcpt=30 (queue active)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A72573309F:
to=<nscg en esignal.com>, relay=none, delay=92770, status=deferred (connect to
srvrmg1.esignal.com[216.23.230.146]: Connection timed out)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A72573309F:
to=<eagle1 en world.std.com>, relay=none, delay=92770, status=deferred
(connect to europe.std.com[192.74.137.10]: server dropped connection
without sending the initial greeting)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A587E330DE:
from=<gicwn9vc en att.net>, size=1278, nrcpt=26 (queue active)
Sep 25 22:30:19 servidor postfix/qmgr[30223]: A587E330DE:
to=<eage en esignal.com>, relay=none, delay=92745, status=deferred (connect to
srvrmg1.esignal.com[216.23.230.146]: Connection timed out)
--------------------------------------... y, finalmente, una muestra del
maldito mensaje que aparece en deferred millones de veces
3493 142 1T
1064538198A^Tmessage_origin=localS^@O^Rlonkd4liut en att.netR^Rlonkd4liut en att.netM
^O 3635N6Received: by servidor.movimientohumanista.cl (Postfix)N5
id 0D3802D78D; Thu, 25 Sep 2003 21:03:18 -0400 (CLT)N+Date: Thu, 25 Sep
2003 21:03:18 -0400 (CLT)NAFrom: MAILER-DAEMON en movimientohumanista.cl (Mail
Delivery System)N,Subject: Undelivered Mail Returned to SenderN^VTo:
lonkd4liut en att.netN^QMIME-Version: 1.0N<Content-Type: multipart/report;
report-type=delivery-status;NA
boundary="40E123112A.1064538198/servidor.movimientohumanista.cl"NGMessage-Id:
<20030926010318.0D3802D78D en servidor.movimientohumanista.cl>N^@N$This is a
MIME-encapsulated
message.N^@N7--40E123112A.1064538198/servidor.movimientohumanista.clN!Content-Description:
NotificationN^XContent-Type: text/plainN^@NDThis is the Postfix program at
host servidor.movimientohumanista.cl.N^@N9I'm sorry to have to inform you
that the message returnedN9below could not be delivered to one or more
destinations.N^@N8For further assistance, please send mail to
<postmaster>N^@N9If you do so, please include this problem report. You
canN5delete your own text
from the message returned below.N^@N^V The Postfix
programN^@NH<anndrea en geocities.com>: host mx1.mail.yahoo.com[64.156.215.6]
said: 554NL delivery error: dd Sorry your message to
anndrea en geocities.com cannot beNG delivered. This account has been
disabled or discontinued [#103]. -N? mta192.mail.scd.yahoo.com (in reply
to end of DATA
command)N^@N7--40E123112A.1064538198/servidor.movimientohumanista.clN*Content-Description:
Delivery error reportN%Content-Type:
message/delivery-statusN^@N3Reporting-MTA: dns;
servidor.movimientohumanista.clN3Arrival-Date: Wed, 24 Sep 2003 19:56:55
-0400 (CLT)N^@N.Final-Recipient: rfc822; anndrea en geocities.comN^NAction:
failedN^MStatus:5.0.0NKDiagnostic-Code: X-Postfix; host
mx1.mail.yahoo.com[64.156.215.6] said: 554NL delivery error: dd Sorry
your message to anndrea en geocities.com cannot beNG delivered. This
account has been disabled or discontinued [#103].
-N? mta192.mail.scd.yahoo.com (in reply to end of DATA
command)N^@N7--40E123112A.1064538198/servidor.movimientohumanista.clN(Content-Description:
Undelivered MessageN^\Content-Type: message/rfc822N^@N8Received: from
mx1.prodigy.net (unknown [200.75.17.186])N8
by servidor.movimientohumanista.cl (Postfix) with ESMTPN5 id
40E123112A; Wed, 24 Sep 2003 19:56:54 -0400 (CLT)N/From:
"lonkd4liut en att.net" <lonkd4liut en att.net>N+To: "lhnifscql en att.net"
<lhnifscql en att.net>N^_Subject: I always try very
hardN:Content-Type: text/plain;
charset="us-ascii";format=flowedN^_Content-Transfer-Encoding:
7bitNGMessage-Id:
<20030924235655.40E123112A en servidor.movimientohumanista.cl>N+Date: Wed, 24
Sep 2003 19:56:55 -0400 (CLT)N^@N^@N^@N^NDid you Know ,N^A N5Interest Rates
are at their lowest point in 40 years!N^@N4We help you find the best rate
for your situation byN-matching your needs with hundreds of
lenders!N^@N/Ho=me Improvement, Refinance, Second Mortg^age,N2Ho_me Equity
Loan_s,
and More! Even with less thanN9perfect credit! We will Even work with New
Ho*me Buyers.N^@N2This service is 100% F!REE to Ho%me owners and newN$home
buyers without any obligation. N^@N1Just fill out a quick, simple form and
jump-startN^Xyour future plans today!N^@N^@N$Visit
http://www.getlarge.info/mort/N^@N^@N^@N^@N
^@N^WTo leave, please
visit:N^@N#http://www.getlarge.info/mort/help/N^@N^@N^@N^@N^^xichrvxichrvxichrvxichrvxichrvNBxichrvxichrvxichrvxichrvxichrvxichrvxichrvxichrvxichrvxichrvxichrvN^^xichrvxichrvxichrvxichrvxichrvN^Xxichrvxichrv<!--OlcXk-->N^@N^@N^B**N^@N9--40E123112A.1064538198/servidor.movimientohumanista.cl--X^@r^@e^@E^@
--------------------------------------
Eso es todo, espero que me puedan ayudar con este problema. Muchas gracias,
Pablo Torrealba
movimientohumanista.cl
>Hola,
>
>¿que restricciones tenes en "mynetworks="?
>
>sería interesante que enviaras la configuración de tu postfix (postconf)
De hecho, vendría *muy bien*
Salida de:
- postconf -d mail_version
- postconf -n
ó
Salida de 'postfinger', de Simon J Mudd
y algunos extractos de Logs.
Sospecho que se ha convertido en 'open relay'.... mejor que nos demos prisa :-S
>así de esta manera podemos analizar mejor lo que está pasando.
Correcto
>Saludos
>Andrés de Barros
>Multitel - Uruguay
Un saludo,
José Luis Tallón
-
Para ENVIAR mensajes a esta lista tienes que estar SUSCRITO a ella.
.
Envía la linea "unsubscribe postfix-es" en el cuerpo de un mensaje
a majordomo en WL0.org para quitarte de la lista.
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: http://lists.wl0.org/pipermail/postfix-es/attachments/20030925/1700a39f/attachment.htm
Más información sobre la lista de distribución Postfix-es