# Help interpreting sendmail maillog



## drhowarddrfine (Apr 12, 2014)

I'm new using sendmail. I have /mail/sendmail set up to only transfer mail sent to mydomain.com to each user's personal email though none of the users are actual users of the system. I get a lot of traffic attempts showing up in /var/log/maillog from things like 309f451f1@mydomain.com where mydomain.com is my domain. Since there is no user by that name, it gets flagged as "User unknown" and gets silently dropped and nothing happens as far as I know. However, what bothers me the most, is every so often I get this:

```
Apr 11 04:21:15 www sm-mta[79055]: STARTTLS=client, relay=gmail-smtp-in.l.google.com., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Apr 11 04:21:15 www sm-mta[79055]: STARTTLS=client, relay=alt1.gmail-smtp-in.l.google.com., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Apr 11 04:21:17 www sm-mta[79055]: STARTTLS=client, relay=alt2.gmail-smtp-in.l.google.com., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Apr 11 04:21:19 www sm-mta[79055]: STARTTLS=client, relay=alt3.gmail-smtp-in.l.google.com., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Apr 11 04:21:20 www sm-mta[79055]: STARTTLS=client, relay=alt4.gmail-smtp-in.l.google.com., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Apr 11 04:21:21 www sm-mta[79055]: s3B8TxnY078957: to=<patrick@mydomain.com>, delay=00:51:20, xdelay=00:00:06, mailer=esmtp, pri=211323, relay=alt4.gmail-mtp-in.l.google.com. [173.194.70.27], dsn=4.0.0, stat=Deferred: 421-4.7.0 [107.XXX.XX.XXX      15] Our system has detected an unusual rate of
```
Where patrick@mydomain.com is a real user but Patrick never gets any mail with that message in it either in his mailbox or spam mail and that last system message gets cut off like that but with our IP address of 107.etc.

Googling around, that message is usually an indicator that Google is complaining about either a high rate of mail or receiving a lot of spam and, possibly, they are blocking that mail box. I once saw one message saying it would be "rate limited" but that was a week ago. However, he is receiving all his mail without issue so I'm at a loss as to what is actually happening.


----------

