| Linode Forum https://forum.linode.com/ |
|
| postfix maillog https://forum.linode.com/viewtopic.php?f=11&t=9648 |
Page 1 of 1 |
| Author: | jcr [ Sat Dec 22, 2012 12:34 pm ] |
| Post subject: | postfix maillog |
Hello, I am running on Centos 5, a classic postfix email server, I am getting a lot of entries like this one in/var/log/maillog Dec 22 11:10:43 li21-231 postfix/smtpd[32045]: NOQUEUE: reject: RCPT from unknown[175.180.76.219]: 504 5.5.2 <f-225224966f204>: Helo command rejected: need fully-qualified hostname; from=<info@xxxxxx.com> to=<a901065@yahoo.com.tw> proto=ESMTP helo=<f-225224966f204> I don't quite understand what is going on? If someone could educate me a little bit that would be great. Than you! |
|
| Author: | Stever [ Sat Dec 22, 2012 1:14 pm ] |
| Post subject: | Re: postfix maillog |
Someone tried to use your mailserver to relay a message to someone at yahoo.com.tw, but you rejected it because they did not give a complete hostname in their HELO. It is good that you rejected it, and it is quite normal to see lots of attempts like this - nothing to worry about. |
|
| Author: | jcr [ Sat Dec 22, 2012 2:01 pm ] |
| Post subject: | Re: postfix maillog |
That's good to hear! This maillog file is getting really big: 6.9G maillog 27M maillog.2 27M maillog.3 27M maillog.4 and I had to delete stuff in order to keep my linode up and running. What would be a good strategy to reduce the size of that log. I mean that log is an important one and I don't think I can delete it but the more I am getting hit by those guys the more it grows... |
|
| Author: | sleddog [ Sat Dec 22, 2012 4:31 pm ] |
| Post subject: | Re: postfix maillog |
Use logrotate. It is usually installed by default, but may not be for you. Try googling for examples of usage and configuration, there are many pages like http://linuxnextgen.blogspot.ca/2011/04 ... linux.html |
|
| Author: | jcr [ Sat Dec 22, 2012 10:23 pm ] |
| Post subject: | Re: postfix maillog |
Good, I am looking into that tool. Thanks. With this tool I will handle the size of my log properly. But the continuous flow will not stop... I changed the MX record associated with info@xxxxxx.com to nothing (I just deleted hat record from the zone) but the requests keep coming. What could be done? |
|
| Author: | sweh [ Sun Dec 23, 2012 11:32 am ] |
| Post subject: | Re: postfix maillog |
If you're seeing lots of attempts from small number of sites then something like fail2ban can be used to automatically firewall off these people (eg 5 failed relay attempts in a few seconds -> firewall entry). |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|