| Main Archive Page > Month Archives > postfix-users archives |
Re: Receiving bounce messages back to local-host
From: CT <groups_at_nospam>Date: Mon Apr 19 2010 - 12:18:35 GMT
To: postfix users <postfix-users@postfix.org>
Noel Jones wrote:
> On 4/18/2010 4:40 PM, groups wrote:
>> Noel Jones wrote, On 04/18/2010 04:20 PM:
>>> On 4/18/2010 4:16 PM, groups wrote:
>>>>>
>>>>> Postfix logs help you know what happened to a particular message.
>>>>> Look
>>>>> in your logs for bounces (sender=<>) arriving from your relayhost,
>>>>> and
>>>>> see what postfix does with it. No need to wonder where they went.
>>>>>
>>>>>
>>>>> -- Noel Jones
>>>>
>>>> A lot of the send only hosts have only an IP (not in DNS)
>>>
>>> Look in the logs for the IP to find associated QUEUEIDs.
>>>
>>>>
>>>> Apr 18 16:01:24 mailhost postfix/qmgr[3283]: 5BE9956799: from=<>,
>>>> size=89424, nrcpt=1 (queue active)
>>>>
>>>
>>> Look in the logs for other entries with that same QUEUEID 5BE9956799
>>> to see other information associated with that transaction.
>>>
>>>
>> only 1 entry per transaction ID..
>> notthing in
>> /var/spool/postfix ...
>>
>> ok.. and found something interesting..
>>
>> Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 04C2A56799: from=<>,
>> size=83199, nrcpt=1 (queue active)
>> Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 2B54756799: from=<>,
>> size=83614, nrcpt=1 (queue active)
>> Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 4D99856799: from=<>,
>> size=84029, nrcpt=1 (queue active)
>> Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 7B1F756799: from=<>,
>> size=84444, nrcpt=1 (queue active)
>> Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 9BD4456799: from=<>,
>> size=84859, nrcpt=1 (queue active)
>> Apr 18 16:01:22 mailhost postfix/qmgr[3283]: BF6DC56799: from=<>,
>> size=85274, nrcpt=1 (queue active)
>> Apr 18 16:01:22 mailhost postfix/qmgr[3283]: E147056799: from=<>,
>> size=85689, nrcpt=1 (queue active)
>>
>> All have the same invalid recipient..
>
> These show the sender and number of recipients = 1; the recipient
> address is listed in a different log line.
>
> That seems like an awful lot of bounces in a short period of time.
> Sending lots of mail to undeliverable addresses is a red flag that
> something is wrong -- such as a badly outdated mail list, or a
> compromised machine spewing spam.
>
> One of your tasks is to investigate why there are so many bounces, and
> find a way to reduce them. Sending large amounts of undeliverable
> mail will have a bad effect on your server's reputation and may
> eventually lead to blacklisting.
>
>>
>> Almost looks like it is "ping-ponging" back and forth between the
>> *master-relay* and my relay..
>
> Messages with the null sender "<>" are never bounced, they must be
> delivered or discarded.
>
> Bounces are always sent with the null sender.
> This prevents bounces from ever looping (except in rare cases of
> stupid user tricks such as a .forward that rewrites <> to something
> else -- don't do that).
>
> Further information about those messages can be found in the logs.
>
>>
>> I have seen this invalid recipient on the old Sendmail box.. and
>> it ended up in my queue then expires.. (the sender host has been out of
>> the office when I tried to contact them)
>>
>> so it looks like I have something not right..
>> there is nothing in mailq..
>>
>> Charles
>
> You need to examine the log further. If there's a problem, postfix
> will likely tell you what it is, or at least give you a better idea of
> where to look.
>
> Postfix generates several log lines for each message. You need to
> look at *all* the lines with the same QUEUEID to see what happened to
> a message.
>
> Logs for a single message look something like this below (with my
> comments). Because postfix can process many messages in parallel,
> logs for a single message may be separated by a considerable number of
> unrelated log entries. There may be more or fewer entries depending
> on what happens with a transaction, but this is fairly typical.
>
>
> Apr 18 00:00:20 mgate2 postfix/smtpd[91955]: connect from
> private.webmail.example.org[192.168.70.47] to smtpd
> (client connected; the hostname and IP are logged)
>
> Apr 18 00:00:20 mgate2 postfix/smtpd[91955]: 1A2C779788F:
> client=private.webmail.example.org[192.168.70.47]
> (the QUEUEID "1A2C779788F" is assigned. That means there was at least
> one recipient accepted and a queue file was created. Future lines
> pertaining to this specific message will include this same QUEUEID)
>
> Apr 18 00:00:20 mgate2 postfix/cleanup[92028]: 1A2C779788F:
> message-id=<11004180000.AA11628@example.org>
> (the Message-id: header is logged. This is a helpful unique message
> identifier when searching the logs for a specific message.)
>
> Apr 18 00:00:20 mgate2 postfix/qmgr[95868]: 1A2C779788F: from=<>,
> size=382, nrcpt=1 (queue active)
> (envelope sender, size, number of recipients, which queue it's
> assigned to)
>
> Apr 18 00:00:20 mgate2 postfix/smtpd[91955]: disconnect from
> private.webmail.vbhcs.org[192.168.70.47]
> (postfix has disconnected from the client. This line can be related
> to the "connect" line above by the smtpd process id, in this case
> "91955")
>
> Apr 18 00:00:20 mgate2 postfix/local[94393]: 1A2C779788F:
> to=<njones@example.org>, relay=local, delay=0.11, delays=0.05
> /0.03/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
> (the mail was delivered to a local user)
>
> Apr 18 00:00:20 mgate2 postfix/qmgr[95868]: 1A2C779788F: removed
> (postfix completed this message, and removed the queue file)
>
>
> -- Noel Jones
Noel..
Thank you very much for the *above and beyond* explanation..
I actually *have* (personal) postfix smtp gateways but all are
configured *not* to receive email
and have worked flawlessly...
I will report back on this same thread when I have a resolution..
Very Respectfully,
Charles