Get alerted when assets are down, slow, or vulnerable to SSL attacks—all free for a month. Learn more

Question

Strange outgoing mail postfix CentOS

Hi All,

There are going outgoing mails from my email account on postfix to all kind of unknown emails. Can someone support me with this…

Here my MAIN.CF and below a part of the maillog file

postfix config file

uncomment for debugging if needed

soft_bounce=yes

##################################### postfix main mail_owner = postfix psetgid_group = postdrop delay_warning_time = 0

##################################### postfix paths html_directory = no command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix queue_directory = /var/spool/postfix sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.6.6/samples readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES

##################################### network settings inet_interfaces = all mydomain = mail.peteroudenes.com myhostname = mail.peteroudenes.com mynetworks = 127.0.0.1 smtpd_banner = $myhostname ESMTP (CentOS) mydestination = localhost.$mydomain, localhost relay_domains = proxy:mysql:/etc/zpanel/configs/postfix/mysql-relay_domains_maps.cf

##################################### mail delivery recipient_delimiter = +

mappings

alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases transport_maps = hash:/etc/postfix/transport #local_recipient_maps =

##################################### virtual setup virtual_alias_maps = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_alias_maps.cf, regexp:/etc/zpanel/configs/postfix/virtual_regexp virtual_mailbox_base = /var/zpanel/vmail virtual_mailbox_domains = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_mailbox_maps.cf virtual_mailbox_limit_maps = proxy:mysql:/etc/zpanel/configs/postfix/mysql-virtual_mailbox_limit_maps.cf virtual_minimum_uid = 101 virtual_uid_maps = static:101 virtual_gid_maps = static:12 virtual_transport = dovecot dovecot_destination_recipient_limit = 1

##################################### debugging debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5

##################################### authentication smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth

##################################### tls config smtp_use_tls = no smtpd_use_tls = no #smtp_tls_note_starttls_offer = yes #smtpd_tls_loglevel = 1 #smtpd_tls_received_header = yes #smtpd_tls_session_cache_timeout = 3600s #tls_random_source = dev:/dev/urandom #smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache

##################################### Change mail.example.com.* to your host name #smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key #smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.crt #smtpd_tls_CAfile = /etc/pki/tls/root.crt #smtp_tls_CAfile = $smtpd_tls_CAfile

##################################### HELO RESTRICTIONS - http://wiki.centos.org/HowTos/postfix_restrictions smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks,

reject_non_fqdn_helo_hostname, (not working with outlook mail account mom)

reject_unknown_helo_hostname, (not working with outlook mail account mom)

    permit

##################################### SENDER RESTRICTIONS - http://wiki.centos.org/HowTos/postfix_restrictions smtpd_sender_restrictions = permit_mynetworks,

reject_non_fqdn_sender, (not working with outlook mail account mom)

reject_unknown_sender_domain, (not working with outlook mail account mom)

permit

##################################### RECIPIENT RESTRICTIONS - http://wiki.centos.org/HowTos/postfix_restrictions smtpd_recipient_restrictions =

reject_unauth_pipelining, (work not at all)

reject_non_fqdn_recipient,        
permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_rbl_client sbl-xbl.spamhaus.org,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client dul.dnsbl.sorbs.net,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client zen.spamhaus.org,
      reject_rbl_client bl.spamcop.net,
      reject_rbl_client dnsbl.ahbl.org,
      reject_rbl_client dnsbl.sorbs.net,
      reject_rbl_client dsn.rfc-ignorant.org,
      reject_rbl_client psbl.surriel.com,
      reject_rbl_client dul.dnsbl.sorbs.net,
      reject_rbl_client sbl-xbl.spamhaus.org,
      reject_rbl_client cbl.abuseat.org,
      reject_rbl_client ix.dnsbl.manitu.net,
      reject_rbl_client combined.rbl.msrbl.net,
      reject_rbl_client rabl.nuclearelephant.com,
      reject_rbl_client rhsbl.sorbs.net,
      reject_rbl_client iscbl.anti-spam.org.cn,
      reject_rbl_client cbl.anti-spam.org.cn,
      reject_rbl_client cblplus.anti-spam.org.cn,
      reject_rbl_client cblless.anti-spam.org.cn,
permit

##################################### AGAIN SPAM MAILS default_destination_rate_delay = 0 default_destination_recipient_limit = 50 default_extra_recipient_limit = 1000 smtpd_recipient_limit = 1000 disable_vrfy_command = no strict_rfc821_envelopes = no data_directory = /var/lib/postfix

smtpd_error_sleep_time = 1s smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20 smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)?^?^? smtpd_client_connection_count_limit = 50 smtpd_client_connection_rate_limit = 5 smtpd_client_new_tls_session_rate_limit = 0 anvil_rate_time_unit = 60s

NOT USED VARIABLES)

#smtpd_client_restrictions =

permit_mynetworks, reject

permit

#smtpd_relay_restrictions =

permit_mynetworks,

permit_sasl_authenticated,

reject_unauth_destination

#smtpd_data_restrictions =

reject_unauth_pipelining,

reject_multi_recipient_bounce

Mar 15 17:43:18 mail postfix/qmgr[31387]: 155DF120965: from=peter@160bpm.com, size=882, nrcpt=15 (queue active) Mar 15 17:43:18 mail postfix/smtp[31481]: 5F367120964: to=brand55@pochta.ru, relay=mx.qip.ru[62.141.94.153]:25, delay=11, delays=5.4/0.02/0.57/5.4, dsn=4.0.0, status=SOFTBOUNCE (host mx.qip.ru[62.141.94.153] said: 550 No such user (in reply to RCPT TO command)) Mar 15 17:43:18 mail postfix/smtpd[31485]: NOQUEUE: reject: RCPT from unknown[200.21.57.23]: 454 4.7.1 Service unavailable; Client host [200.21.57.23] blocked using cbl.abuseat.org; Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=200.21.57.23; from=eaowwbgg578@rainbowdatainc.com to=eaowwbgg578@160bpm.com proto=ESMTP helo=<[200.21.57.23]> Mar 15 17:43:18 mail postfix/smtpd[31485]: disconnect from unknown[200.21.57.23] Mar 15 17:43:19 mail postfix/smtp[31471]: 155DF120965: host mta6.am0.yahoodns.net[98.138.112.33] said: 421 4.7.1 [TS03] All messages from 95.85.55.113 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html (in reply to MAIL FROM command) Mar 15 17:43:19 mail postfix/smtp[31471]: 155DF120965: lost connection with mta6.am0.yahoodns.net[98.138.112.33] while sending RCPT TO Mar 15 17:43:19 mail postfix/smtpd[31391]: 007D7120967: client=unknown[37.215.59.234], sasl_method=PLAIN, sasl_username=peter@160bpm.com Mar 15 17:43:19 mail postfix/smtp[31474]: 155DF120965: to=breezy14_wolf@hotmail.com, relay=mx3.hotmail.com[65.54.188.94]:25, delay=6.5, delays=5.6/0.02/0.48/0.35, dsn=4.0.0, status=SOFTBOUNCE (host mx3.hotmail.com[65.54.188.94] said: 550 Requested action not taken: mailbox unavailable (in reply to RCPT TO command)) Mar 15 17:43:19 mail postfix/smtp[31469]: 155DF120965: to=bradley.farm@sympatico.ca, relay=246620674.pamx1.hotmail.com[65.54.188.109]:25, delay=6.7, delays=5.6/0.02/0.46/0.65, dsn=2.0.0, status=sent (250 2328C90B78D275CE314C274B01703677@160bpm.com Queued mail for delivery) Mar 15 17:43:19 mail postfix/smtp[31585]: 155DF120965: to=brunobt6@gmail.com, relay=gmail-smtp-in.l.google.com[173.194.65.27]:25, delay=6.8, delays=5.6/0.02/0.05/1.1, dsn=2.0.0, status=sent (250 2.0.0 OK 1394901810 x47si8631198eel.73 - gsmtp) Mar 15 17:43:19 mail postfix/smtp[31474]: 155DF120965: to=BradCowleess@hotmail.com, relay=mx3.hotmail.com[65.54.188.94]:25, delay=6.9, delays=5.6/0.02/0.48/0.73, dsn=2.0.0, status=sent (250 2328C90B78D275CE314C274B01703677@160bpm.com Queued mail for delivery) Mar 15 17:43:19 mail postfix/smtp[31474]: 155DF120965: to=boxhead29@hotmail.com, relay=mx3.hotmail.com[65.54.188.94]:25, delay=6.9, delays=5.6/0.02/0.48/0.73, dsn=2.0.0, status=sent (250 2328C90B78D275CE314C274B01703677@160bpm.com Queued mail for delivery) Mar 15 17:43:19 mail postfix/smtp[31474]: 155DF120965: to=brayden.47@hotmail.com, relay=mx3.hotmail.com[65.54.188.94]:25, delay=6.9, delays=5.6/0.02/0.48/0.73, dsn=2.0.0, status=sent (250 2328C90B78D275CE314C274B01703677@160bpm.com Queued mail for delivery) Mar 15 17:43:19 mail postfix/smtp[31474]: 155DF120965: to=brenic901@hotmail.com, relay=mx3.hotmail.com[65.54.188.94]:25, delay=6.9, delays=5.6/0.02/0.48/0.73, dsn=2.0.0, status=sent (250 2328C90B78D275CE314C274B01703677@160bpm.com Queued mail for delivery) Mar 15 17:43:19 mail postfix/smtp[31471]: 155DF120965: to=BRE23US@YAHOO.COM, relay=mta6.am0.yahoodns.net[63.250.192.45]:25, delay=6.9, delays=5.6/0.02/1.1/0.17, dsn=4.7.1, status=deferred (host mta6.am0.yahoodns.net[63.250.192.45] said: 421 4.7.1 [TS03] All messages from 95.85.55.113 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html (in reply to MAIL FROM command)) Mar 15 17:43:19 mail postfix/smtp[31471]: 155DF120965: to=Brenda.Balcarcel@yahoo.com, relay=mta6.am0.yahoodns.net[63.250.192.45]:25, delay=6.9, delays=5.6/0.02/1.1/0.17, dsn=4.7.1, status=deferred (host mta6.am0.yahoodns.net[63.250.192.45] said: 421 4.7.1 [TS03] All messages from 95.85.55.113 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html (in reply to MAIL FROM command)) Mar 15 17:43:19 mail postfix/smtp[31471]: 155DF120965: to=brandewaldron@yahoo.com, relay=mta6.am0.yahoodns.net[63.250.192.45]:25, delay=6.9, delays=5.6/0.02/1.1/0.17, dsn=4.7.1, status=deferred (host mta6.am0.yahoodns.net[63.250.192.45] said: 421 4.7.1 [TS03] All messages from 95.85.55.113 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html (in reply to MAIL FROM command)) Mar 15 17:43:19 mail postfix/smtp[31471]: 155DF120965: to=brandy_roy2002@yahoo.com, relay=mta6.am0.yahoodns.net[63.250.192.45]:25, delay=6.9, delays=5.6/0.02/1.1/0.17, dsn=4.7.1, status=deferred (host mta6.am0.yahoodns.net[63.250.192.45] said: 421 4.7.1 [TS03] All messages from 95.85.55.113 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html (in reply to MAIL FROM command)) Mar 15 17:43:19 mail postfix/smtp[31471]: 155DF120965: to=brekelebagus@yahoo.com, relay=mta6.am0.yahoodns.net[63.250.192.45]:25, delay=6.9, delays=5.6/0.02/1.1/0.17, dsn=4.7.1, status=deferred (host mta6.am0.yahoodns.net[63.250.192.45] said: 421 4.7.1 [TS03] All messages from 95.85.55.113 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html (in reply to MAIL FROM command)) Mar 15 17:43:19 mail postfix/smtp[31471]: 155DF120965: to=brentcopacabana@yahoo.com, relay=mta6.am0.yahoodns.net[63.250.192.45]:25, delay=6.9, delays=5.6/0.02/1.1/0.17, dsn=4.7.1, status=deferred (host mta6.am0.yahoodns.net[63.250.192.45] said: 421 4.7.1 [TS03] All messages from 95.85.55.113 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html (in reply to MAIL FROM command)) Mar 15 17:43:19 mail postfix/smtpd[31486]: warning: 181.29.195.149: hostname 149-195-29-181.fibertel.com.ar verification failed: Name or service not known Mar 15 17:43:19 mail postfix/smtpd[31486]: connect from unknown[181.29.195.149] Mar 15 17:43:19 mail postfix/smtp[31470]: 155DF120965: to=britloo@aol.com, relay=mailin-02.mx.aol.com[64.12.91.195]:25, delay=7.1, delays=5.6/0.02/0.6/0.84, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 417E170000088) Mar 15 17:43:20 mail postfix/smtp[31493]: 155DF120965: to=brettandsue@westnet.com.au, relay=asav.iinet.net.au[203.59.218.120]:25, delay=7.2, delays=5.6/0.02/1.6/0, dsn=4.0.0, status=deferred (host asav.iinet.net.au[203.59.218.120] refused to talk to me: 554-icp-osb-irony-in9.iinet.net.au 554 Your access to this mail system from 95.85.55.113 has been rejected due to the sending MTA’s poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.)

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

alexdoAugust 19, 2022

Hello there,

I’ll recommend examining the logs and checking if the emails were sent via authentication.

If that is the case you will need to update all of the passwords for your email accounts. Not to mention that you will most probably need to update all passwords related to your droplet and also to your DO account.

Regards

contact808684September 29, 2014

Maybe this will help you https://www.intovps.com/client/knowledgebase/15/Yahoo-rejects-your-e-mail-messages--421-.html

peter535660March 15, 2014

My mailserver is: mail.peteroudenes.com <br> <br>I have in DNS of peteroudenes.com <br>@ TXT v=spf1 a:95.x.x.x mx:mail.peteroudenes.com +all <br> <br>and for 160bpm.com <br>@ TXT v=spf1 a:95.x.x.x mx:mail.peteroudenes.coml +all <br> <br>Where 95.x.x.x my IP of my VPS Droplet

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up