2

I'm using logwatch to monitor the logs on my server and I'm trying to make sense out of the postfix report. (See the report below.)

By looking at /var/log/mail.log I saw that this mail seems to be bouncing for a long time.

How can I stop this? Also I would like to know how to lockdown this mailserver so it only can send mails to one specific mail? (E.g. mine for logwatch reports, crontabs etc)

--------------------- Postfix Begin ------------------------

 ****** Summary ******************************************

   68.397K  Bytes accepted                              70,039
   67.161K  Bytes sent via SMTP                         68,773
    1.236K  Bytes delivered                              1,266
 ========   ==================================================

        2   Accepted                                   100.00%
 --------   --------------------------------------------------
        2   Total                                      100.00%
 ========   ==================================================

        2   Removed from queue
        1   Delivered
        1   Sent via SMTP
        1   Deferred
       20   Deferrals

 ****** Detail (1) *******************************************

        1   Delivered ------------------------------------
        1      12345.myserver.net

        1   Sent via SMTP --------------------------------
        1      example.de

       20   Deferrals ------------------------------------
       20      4.1.7: Transient failure: Addressing status: Bad sender's mailbox address syntax
       20      450 4.1.7 <www-data@12345.myserver.net>: Sender address rejected...
       20      unknown-domain.de
       20           unkownname
       20               85.13.135.56     mail.unknown-domain.de

 === Delivery Delays Percentiles ============================================================
                     0%       25%       50%       75%       90%       95%       98%      100%
 --------------------------------------------------------------------------------------------
 Before qmgr       0.11 329151.25 351203.50 373258.50 386491.90 390902.00 393548.00 395312.00
 In qmgr           0.01      0.02      0.02      0.02      0.03      0.03      0.03      0.03
 Conn setup        0.00      0.09      0.21      0.31      0.37      0.94      0.98      0.99
 Transmission      0.02      0.07      0.10      0.39      0.49      0.55      0.60      0.63
 Total             0.15 329152.25 351204.00 373258.50 386491.90 390902.95 393549.00 395313.00
 ============================================================================================

 ---------------------- Postfix End -------------------------
fabianmoronzirfas
  • 153

1 Answers1

2

Can anyone explain what this means or point me to some documentation that a server-admin noob understands?

A server-admin noob should not run a public facing mail server!

Does that mean somebody is misusing our mailserver?)

Can't be answered with this amount of information.

Defering is a temproary delivery failure, e.g. unreachable destinations, temproary failures on the next hop or with local delivery. You also summarize this to a temproary reject.

Citing the manpage of postfix-logwatch:

Deferrals
Deferred
Message delivery deferrals. A single deferred message will have
one or more deferrals many times.

So one message has been deferred 20 times. The one message was undeliverable and as postfix got a temporary error code, the delivery is retried, resulting in 20 deferrals.

Have a look at the log files at /var/log/mail.log* to find out where the message is coming from and why it is rejected in detail. You can also look at the message it self using mailq (show message id) and postcat (show message).

sebix
  • 4,432