Legitimate email user now bounced with NOQUEUE

9 posts / 0 new
Topic locked
Last post
#1 Sat, 03/21/2009 - 07:30
mdtiberi

Legitimate email user now bounced with NOQUEUE

Somehow this user can't receive email because of NOQUEUE as I see in the mail logs. This is the error I get:

Mar 21 09:14:05 ns1 postfix/smtpd[31952]: NOQUEUE: reject: RCPT from snt0-omc1-s3.snt0.hotmail.com[65.55.90.14]: 554 5.7.1 <user@domain.com: Relay access denied;

(italics is dummy email address for posting)

I get tons of these NOQUEUE messages from people trying to hack a user name. One apparently succeeded and got a hold of the users ID and is now trying to relay with it<br><br>Post edited by: mdtiberi, at: 2009/03/21 08:03

Sat, 03/21/2009 - 13:15
Joe
Joe's picture

I'm confused. (Happens a lot.)

So, when you send a message to this user, you get the &quot;Relay access denied&quot; error?

Are other users in this domain able to receive mail?

Is this user in the /etc/postfix/virtual map file?

--

Check out the forum guidelines!

Sat, 03/21/2009 - 13:57
mdtiberi

I get a lot of NOQUEUE: reject: messages in maillog of someone trying to guess at a user name and password that is not in the domain I guess to see if there's a hit.

I do see the users in /etc/postfix/virtual map file. Email is not accepted by any user in the domain. I also just saw this in maillog:

procmail[4345]: Renamed bogus &quot;/var/mail/user...

Sat, 03/21/2009 - 14:08 (Reply to #3)
Joe
Joe's picture

<div class='quote'>Email is not accepted by any user in the domain.</div>

OK, so either the virtual map file is broken for this domain, or the hostname or DNS is broken for this system.

Does <i>any</i> mail get delivered for anyone? If so, then it's probably a missing entry in the virtual map file.

Does the domain have an entry in the virtual map file like this:

virtulamin.com virtulamin.com

--

Check out the forum guidelines!

Sat, 03/21/2009 - 14:32
paulgit

For what it's worth I had this same problem this week, but for some reason the virtual map file had some missing entries! I suspect the root cause was when I removed a couple of domains from the server....perhaps the Virtualmin delete routine caused it?

Anyway, adding

domain.com domain.com

to the virtual map file fixed it!

Paul

Sat, 03/21/2009 - 14:46
mdtiberi

Thanks for the advice gents. I seem to be getting somewhere in all of this. But one thing I have noticed since I have been deleting users and recreating them to see if that correct things. If I delete a user their file is still in var/lib/dovecot/control and ..index. Shouldn't they also be deleted when a mail user is deleted?

All of these problems started when I tried to change the home quote for a new user from unlimited (my bad) to 50mb

Sat, 03/21/2009 - 15:07
mdtiberi

I going to verify this but I am using ossec-hids and I decided for yuks sake to disable their rules for postfix. The problem seemed to disappear after that. I'll check up on this but Joe do you think that may be possible?

Sat, 03/21/2009 - 15:57
mdtiberi

Cant edit my earlier posts, always says Ooops..bug

I now think that this issue has nothing to do with the quota size but rather adding of a new user (as Joe points out). I really am suspect of the postfix ossec-hids rules, will investigate further. Perhaps I am the only one who uses ossec but it comes bundled with ASL and I find it quite useful.

Sat, 03/21/2009 - 18:44 (Reply to #8)
andreychek

Yeah, I don't use OSSEC myself. I was under the impression that it was more of an intrusion detection system, but poking in the documentation, it appears as if it does active response as well.

Does it produce a log file of actions it performs somewhere? If so, perhaps you can see if there's anything going on at the times that you're running into problems.

And yes, this forum is crazy buggy, and you can't edit posts -- the new one Joe's working on will be up and running soon :-)
-Eric

Topic locked