# My smtp is getting attacked?



## jubutld (Jul 21, 2011)

I keep seeing the below in my maillog.  I assume that they are trying to us my email system tp send spam? None of the domains or anything is "my" stuff.

How can I specifically block domains and IP address (my own blacklist)?


```
Jul 20 21:43:31 unix1 postfix/smtpd[20344]: timeout after END-OF-MESSAGE from napi.net-flow.com[192.220.126.136]
Jul 20 21:43:32 unix1 postfix/smtpd[20344]: disconnect from napi.net-flow.com[192.220.126.136]
Jul 20 21:44:30 unix1 postfix/qmgr[20260]: 22E187E858: from=<>, size=18088, nrcpt=1 (queue active)
Jul 20 21:44:30 unix1 postfix/qmgr[20260]: 7F9727E85E: from=<>, size=21404, nrcpt=1 (queue active)
Jul 20 21:44:30 unix1 postfix/smtp[20382]: 7F9727E85E: host eforward2.registrar-servers.com[38.101.213.202] said:
 450 4.1.1 <honeylocust@blackrimmedmania.info>: Recipient address rejected: unverified address: unknown user:
 "honeylocust@blackrimmedmania.info" (in reply to RCPT TO command)
Jul 20 21:44:30 unix1 postfix/smtp[20381]: 22E187E858: host eforward2.registrar-servers.com[38.101.213.202] said:
 450 4.1.1 <faustian@blackrimmedmania.info>: Recipient address rejected: unverified address: unknown user:
 "faustian@blackrimmedmania.info" (in reply to RCPT TO command)
Jul 20 21:44:31 unix1 postfix/smtp[20381]: 22E187E858: lost connection with eforward3.registrar-servers.com[205.251.134.191]
 while receiving the initial server greeting
Jul 20 21:44:31 unix1 postfix/smtp[20381]: 22E187E858: lost connection with eforward1.registrar-servers.com[69.160.33.82]
 while receiving the initial server greeting
Jul 20 21:44:32 unix1 postfix/smtp[20382]: 7F9727E85E: to=<honeylocust@blackrimmedmania.info>,
 relay=eforward3.registrar-servers.com[205.251.134.191]:25, delay=166867, delays=166865/0.01/2.4/0.14,
 dsn=4.1.1, status=deferred (host eforward3.registrar-servers.com[205.251.134.191] said: 450 4.1.1
 <honeylocust@blackrimmedmania.info>: Recipient address rejected: unverified address: unknown user:
 "honeylocust@blackrimmedmania.info" (in reply to RCPT TO command))
Jul 20 21:44:38 unix1 postfix/smtp[20381]: 22E187E858: to=<faustian@blackrimmedmania.info>,
 relay=eforward4.registrar-servers.com[199.204.19.103]:25, delay=170048, delays=170040/0.01/8.1/0.08,
 dsn=4.1.1, status=deferred (host eforward4.registrar-servers.com[199.204.19.103] said: 450 4.1.1
 <faustian@blackrimmedmania.info>: Recipient address rejected: unverified address: unknown user:
 "faustian@blackrimmedmania.info" (in reply to RCPT TO command))
```


----------



## fonz (Jul 21, 2011)

I can't be sure because I use sendmail instead of postfix, but from the looks of it I'd say that your system agrees to send/relay the mail but it gets rejected by the recipient domain's MX.

You may have an open relay, which is usually a very bad thing. There are open relay checks on the WWW, for example here. Others can be found with Google. You might want to try a few of those first. If your server fails these checks, at least you know _what_ the problem is and somebody who actually knows a thing or two about postfix may be able to help you further.

Hope this helps,

Fonz


----------

