On Sat, 2005-04-02 at 06:22 -0330, Mike Pelley wrote: > Folks - I noticed some strange errors in my logwatch report and when I checked my maillog I found the entries below. I have SMTPS with TLS set up for authentication. Does this mean I'm being used as a relay? > > maillog:Mar 29 09:30:24 zeus postfix/smtpd[26863]: connect from unknown[216.113.195.131] > maillog:Mar 29 09:30:24 zeus postfix/smtpd[26863]: setting up TLS connection from unknown[216.113.195.131] > maillog:Mar 29 09:30:24 zeus postfix/smtpd[26863]: TLS connection established from unknown[216.113.195.131]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) > maillog:Mar 29 09:30:25 zeus postfix/smtpd[26863]: 0A1267031D: client=unknown[216.113.195.131] > maillog:Mar 29 09:30:25 zeus postfix/smtpd[26863]: 0A1267031D: reject: RCPT from unknown[216.113.195.131]: 450 <wjwwwdk@xxxxxxxxxxx>: User unknown in local recipient table; from=<> to=<wjwwwdk@xxxxxxxxxxx> proto=ESMTP helo=<email.noproblemnetworks.com> > maillog:Mar 29 09:30:27 zeus postfix/smtpd[26863]: disconnect from unknown[216.113.195.131] Looks like a failed backscatter delivery attempt (a bounce for a mail you didn't send, probably a virus/worm/spam forgery). The delivery failed because the forged sender address "wjwwwdk@xxxxxxxxxxx" doesn't exist in your domain. These happen all the time, and are nothing to worry about, though you might want to reject future bounces from the backscatter-sending host at 216.113.195.131 if your server can be configured to do that. Paul. -- Paul Howarth <paul@xxxxxxxxxxxx>
