|Main Archive Page > Month Archives > postfix-users archives|
On 10/27/2010 10:37 AM, Al Zick wrote:
> I hope that someone can help me. Last night I had a strange
> problem. Every email that came in was there twice. Emails that
> I would normally get 2 copies of, I received 4 copies of. Any
> ideas on what could cause this?
Careful examination of the logs will probably enlighten you.
With no information, speculation is pointless.
> Also, it seemed to be working correctly this morning, but for
> hours it duplicated messages. I think it is because of some
> spammer attempting to relay or send me spam.
Not likely. A broken alias is the first guess. What did you
> I then have postfix pass the email to procmail where it is
> filtered with bogofilter. I keep giving bogofilter more spam
> to look at, but it doesn't seem to block all the spam anymore,
> although it blocks some spam. When I first installed it,
> bogofilter worked very well.
Sounds as if bogofilter is poorly trained. Ask for help on a
bogofilter forum, or just delete the database and start over.
> The other thing that is very disturbing to me is that twice
> last week my mail server went down. I guess from all the
> repeated attempts to use it as an open relay. From everything
> I have seen in the logs, postfix successfully stops all relay
A crash is an indication that something is broken.
Normally-operating postfix (even under extreme loads) will not
cause a crash. Rejecting relay attempts or unknown recipients
places very little load on the computer; even a small server
can easily reject hundreds of attempts per second with little
Examine your logs (not just the mail log) for hints of what
caused the crash; ask for help on a forum for your operating
Make sure that security patches for your OS are applied.
> The other thing that I see in the log is attempts to send
> emails to email addresses that never existed. For example:
> firstname.lastname@example.org is a valid email address. Why do I 10,000's
> of attempts to send email to adminDD@datazap.net in my log?
> This has never been a valid email address.
These should be quickly rejected by postfix and cause very
little load. Spammers send to all kind of non-existent addresses.
> I was using other rbls. This was a mistake, way too many false
> positives, does anyone have a list of good rbl_clients?
zen.spamhaus.org is widely recommended as safe and very
effective. If you're too large for the free service, the paid
service is well worth the price.
If you have a fairly recent postfix you should also use
> One thing that I don't like it is that postfix reject all the
> emails. I think this is a mistake, because I am telling the
> spammers that it didn't work. I think it would be best to put
> those emails into a spam folder. I did install rblcheck, but I
> can't find documentation for using it with Postfix/procmail.
Bad idea. There is no evidence the spammers check their
rejects. There *is* some evidence that sites that accept any
old crap are spam attractors and tend to get much more spam
> Also, I had tried to setup Postfix so that it would just
> accept all emails. I configured it to not use it's recipient
> table and would just accept emails. I also added
> *@familysafeinternet.com for example and I did this for all my
Very bad idea. Reject mail you don't intend to deliver.
This might help:
-- Noel Jones