Significance of NOQUEUE: reject: RCPT in Postfix log?

configuration spam postfix
13,311

"NOQUEUE" means that Postfix did not queue an incoming message.

"Reject" means that Postfix rejected an incoming message.

"RCPT" means that Postfix rejected the message after the client sent RCPT.

"454 4.7.1 Relay access denied" means that Postfix rejected the message because it was not addressed to any domain that Postfix serves. This is its default configuration, and prevents spam from being relayed.

To ensure nobody uses your mail server to relay spam, you should:

  1. Ensure that the mynetworks setting is locked down as tightly as possible. Any IP address listed there can relay through your server. By default this is only the local host.
  2. Ensure that you have configured Postfix to know what domains it serves mail for, e.g. with mydomain or virtual_mailbox_domains. By default this is the domain of the machine's hostname (which is one reason why you should never give a machine a hostname of its naked domain name).

See also Fighting Spam - What can I do as an: Email Administrator, Domain Owner, or User?

Share:
13,311

Related videos on Youtube

Tyler Durden
Author by

Tyler Durden

A wandering Diogenes in search of the perfect algorithm. A mariner on the stormy seas of computation. An impresario of shape and quantity.

Updated on September 18, 2022

Comments

  • Tyler Durden
    Tyler Durden over 1 year

    I set up brand new Postfix server last night and did not configure at all yet, just did the install. So, I logged in this morning to finish the configuration and notice that there is stuff in the log:

    Jan  8 22:31:32 hwsrv-218892 postfix/postfix-script[17415]: starting the Postfix mail system
Jan  8 22:31:32 hwsrv-218892 postfix/master[17417]: daemon started -- version 3.1.6, configuration /etc/postfix
Jan  9 05:15:15 hwsrv-218892 postfix/smtpd[20781]: connect from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108]
Jan  9 05:15:15 hwsrv-218892 postfix/smtpd[20781]: NOQUEUE: reject: RCPT from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<23.254.144.153>
Jan  9 05:15:16 hwsrv-218892 postfix/smtpd[20781]: lost connection after RCPT from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108]
Jan  9 05:15:16 hwsrv-218892 postfix/smtpd[20781]: disconnect from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108] helo=1 mail=1 rcpt=0/1 commands=2/3
Jan  9 05:15:40 hwsrv-218892 postfix/smtpd[20781]: connect from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108]
Jan  9 05:15:41 hwsrv-218892 postfix/smtpd[20781]: NOQUEUE: reject: RCPT from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<23.254.161.138>
Jan  9 05:15:41 hwsrv-218892 postfix/smtpd[20781]: lost connection after RCPT from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108]
Jan  9 05:15:41 hwsrv-218892 postfix/smtpd[20781]: disconnect from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108] helo=1 mail=1 rcpt=0/1 commands=2/3
Jan  9 05:19:01 hwsrv-218892 postfix/anvil[20784]: statistics: max connection rate 2/60s for (smtp:118.161.157.108) at Jan  9 05:15:40
Jan  9 05:19:01 hwsrv-218892 postfix/anvil[20784]: statistics: max connection count 1 for (smtp:118.161.157.108) at Jan  9 05:15:15
Jan  9 05:19:01 hwsrv-218892 postfix/anvil[20784]: statistics: max cache size 1 at Jan  9 05:15:15

    What are the NOQUEUE messages? Does that mean somebody was trying to use my server to relay spam? If so, how can I make sure that does not happen?

  • Tyler Durden
    Tyler Durden over 6 years
    Do those rejections mean that somebody was trying to use my server to relay mail, possibly for spam?
  • Michael Hampton
    Michael Hampton over 6 years
    Yes, that's exactly what happened. I'm surprised you didn't see more of them. That's just part of being on the Internet these days.
  • Tyler Durden
    Tyler Durden over 6 years
    Scary how fast they found my server, since it just went online last night.
  • Michael Hampton
    Michael Hampton over 6 years
    Maybe, but your IP address was in use by someone else just a few days ago. And malicious actors can easily try every IPv4 address on the Internet anyway.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to make spamassasin reject mail based on score?
12.04 POSTFIX openDKIM no DKIM signature
Mail delivery failed for a message I didn't send
Use postfix and spamassassin packages on CentOS 6 to reject SPAM - without custom users and scripts
X-Postfix; Mailboxes not found when mail comes from others servers
Postfix Configuration - different servers for subdomains and domain
I can't send email from my server to gmail addresses
Multi-IP address zimbra server DNS PTR records and spam
Postfix: 550 No Such Domain at this Location
smtpd_helo_restrictions = ..., reject_unknown_helo_hostname occasionally rejects mail I care about, how to handle?