Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Email/SMTP Related Forum
  Print view Previous topic | Next topic 
Author Message
marcfest
PostPosted: Sun Jul 19, 2015 1:09 pm 
Offline
Senior Newbie

Joined: Wed Mar 13, 2013 4:19 am
Posts: 11
Hi there,

When I run
lsof -i | grep smtp

I sometimes get output like the one below. What does that mean?

Thanks in advance if you take the time to let me know.

Marc.

smtpd 13796 postfix 10u IPv4 69838 0t0 TCP li1295-168.members.linode.com:smtp->dsl-187-201-231-114-dyn.prod-infinitum.com.mx:56802 (ESTABLISHED)
smtp 13835 postfix 14u IPv4 69820 0t0 TCP li1295-168.members.linode.com:39120->antivir.kabeldeutschland.de:smtp (SYN_SENT)
smtpd 13787 postfix 10u IPv4 67519 0t0 TCP li1295-168.members.linode.com:smtp->mh5it6.metamoris.gq:53803 (ESTABLISHED)
smtpd 14593 postfix 10u IPv4 78183 0t0 TCP li1295-168.members.linode.com:smtp->wobosm03.netvigator.com:36006 (ESTABLISHED)
Top
   
Reply with quote  
marcfest
PostPosted: Sun Jul 19, 2015 1:25 pm 
Offline
Senior Newbie

Joined: Wed Mar 13, 2013 4:19 am
Posts: 11
My new linode, which is not even 24 hours old and doesn't even have Apache installed yet, also shows entries like the ones below in its mail log that seem to indicate emails (likely spam) is originating on the server. How can that be? Or am I misinterpreting these log entires?

Thanks again.

m/


Jul 19 17:03:17 li1295-168 postfix/cleanup[14595]: 38D8EF110: message-id=<20150719170317.38D8EF110@localhost>
Jul 19 17:03:17 li1295-168 postfix/bounce[14597]: 13508F0F7: sender non-delivery notification: 38D8EF110
Jul 19 17:03:17 li1295-168 postfix/qmgr[12669]: 38D8EF110: from=<>, size=3780, nrcpt=1 (queue active)
Jul 19 17:03:18 li1295-168 postfix/smtp[14636]: 38D8EF110: to=<carrieyylam@netvigator.com>, relay=imsmx1.netvigator.com[218.102.62.198]:25, delay=1.6, delays=0/0/0.69/0.9, dsn=2.0.0, status=sent (250 2.0.0 uH3H1q00G3eUWSt01H3Jds mail accepted for delivery)
Jul 19 17:03:18 li1295-168 postfix/qmgr[12669]: 38D8EF110: removed
root@li1295-168:~#
Top
   
Reply with quote  
Vance
PostPosted: Sun Jul 19, 2015 10:07 pm 
Offline
Senior Member
User avatar

Joined: Sun Jan 18, 2009 2:41 pm
Posts: 830
Quote:
smtpd 13796 postfix 10u IPv4 69838 0t0 TCP li1295-168.members.linode.com:smtp->dsl-187-201-231-114-dyn.prod-infinitum.com.mx:56802 (ESTABLISHED)

This is a connection from a host in Mexico to your mailserver (smtpd).

Quote:
smtp 13835 postfix 14u IPv4 69820 0t0 TCP li1295-168.members.linode.com:39120->antivir.kabeldeutschland.de:smtp (SYN_SENT)

This is a connection your system is in the process of establishing (SYN_SENT) to a host in Germany. It connected to the other host's SMTP port, so it is trying to send e-mail.

Quote:
smtpd 13787 postfix 10u IPv4 67519 0t0 TCP li1295-168.members.linode.com:smtp->mh5it6.metamoris.gq:53803 (ESTABLISHED)
smtpd 14593 postfix 10u IPv4 78183 0t0 TCP li1295-168.members.linode.com:smtp->wobosm03.netvigator.com:36006 (ESTABLISHED)

These are connections to your mailserver.

The good news is that your mailserver is not acting as an open relay. It's not clear exactly where the mail in your log originated from. If it follows "connect from localhost[127.0.0.1]" or "connect from localhost[::1]" then the mail was generated on your machine somehow. Usually this comes from a web form, but if you haven't installed a web server it's hard to say what the origin is.
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Email/SMTP Related Forum


Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group