spamming mailbox ?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

spamming mailbox ?

Poliman - Serwis
I check the mail queue and the logs and this time I found some strange thing. I used command "grep -r "emailemailemail.com" /var/log/mail.log" and result is in attached .txt file. If I understand properly there is many tries to send from [hidden email] to [hidden email] but nothing happens later because of failing connection to emailemailemail.com on port 25.

--
Pozdrawiam / Best Regards
Piotr Bracha

spamming mailbox.txt (19K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: spamming mailbox ?

Tom Hendrikx


On 14-06-18 15:27, Poliman - Serwis wrote:

> I check the mail queue and the logs and this time I found some strange
> thing. I used command "grep -r "emailemailemail.com
> <http://emailemailemail.com>" /var/log/mail.log" and result is in
> attached .txt file. If I understand properly there is many tries to send
> from [hidden email] <mailto:[hidden email]> to
> [hidden email]
> <mailto:[hidden email]> but nothing
> happens later because of failing connection to emailemailemail.com
> <http://emailemailemail.com> on port 25.
>

Yes, that are many attempts to deliver the same email. Because the
receiving server does not exist, the message is kept in the queue and
retried later.

This is easily visible because all log messages show the same queue id
(9438613CE9E). This will continue until maximal_queue_lifetime (default
5d) is reached.

Kind regards,
        Tom
Reply | Threaded
Open this post in threaded view
|

Re: spamming mailbox ?

Poliman - Serwis
Thank you Tom for answer. For me is quite strange, because [hidden email] is my mailbox. I didn't send any email to [hidden email]. Btw, how do you know that receiving server does not exists - due to failing connection on 25 port?

2018-06-15 9:37 GMT+02:00 Tom Hendrikx <[hidden email]>:


On 14-06-18 15:27, Poliman - Serwis wrote:
> I check the mail queue and the logs and this time I found some strange
> thing. I used command "grep -r "emailemailemail.com
> <http://emailemailemail.com>" /var/log/mail.log" and result is in
> attached .txt file. If I understand properly there is many tries to send
> from [hidden email] <mailto:[hidden email]> to
> [hidden email]
> <mailto:[hidden email]> but nothing
> happens later because of failing connection to emailemailemail.com
> <http://emailemailemail.com> on port 25.
>

Yes, that are many attempts to deliver the same email. Because the
receiving server does not exist, the message is kept in the queue and
retried later.

This is easily visible because all log messages show the same queue id
(9438613CE9E). This will continue until maximal_queue_lifetime (default
5d) is reached.

Kind regards,
        Tom



--
Pozdrawiam / Best Regards
Piotr Bracha