Significance of NOQUEUE: reject: RCPT in Postfix log?
"NOQUEUE" means that Postfix did not queue an incoming message.
"Reject" means that Postfix rejected an incoming message.
"RCPT" means that Postfix rejected the message after the client sent RCPT.
"454 4.7.1 Relay access denied" means that Postfix rejected the message because it was not addressed to any domain that Postfix serves. This is its default configuration, and prevents spam from being relayed.
To ensure nobody uses your mail server to relay spam, you should:
- Ensure that the
mynetworks
setting is locked down as tightly as possible. Any IP address listed there can relay through your server. By default this is only the local host. - Ensure that you have configured Postfix to know what domains it serves mail for, e.g. with
mydomain
orvirtual_mailbox_domains
. By default this is the domain of the machine's hostname (which is one reason why you should never give a machine a hostname of its naked domain name).
See also Fighting Spam - What can I do as an: Email Administrator, Domain Owner, or User?
Related videos on Youtube
Tyler Durden
A wandering Diogenes in search of the perfect algorithm. A mariner on the stormy seas of computation. An impresario of shape and quantity.
Updated on September 18, 2022Comments
-
Tyler Durden over 1 year
I set up brand new Postfix server last night and did not configure at all yet, just did the install. So, I logged in this morning to finish the configuration and notice that there is stuff in the log:
Jan 8 22:31:32 hwsrv-218892 postfix/postfix-script[17415]: starting the Postfix mail system Jan 8 22:31:32 hwsrv-218892 postfix/master[17417]: daemon started -- version 3.1.6, configuration /etc/postfix Jan 9 05:15:15 hwsrv-218892 postfix/smtpd[20781]: connect from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108] Jan 9 05:15:15 hwsrv-218892 postfix/smtpd[20781]: NOQUEUE: reject: RCPT from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<23.254.144.153> Jan 9 05:15:16 hwsrv-218892 postfix/smtpd[20781]: lost connection after RCPT from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108] Jan 9 05:15:16 hwsrv-218892 postfix/smtpd[20781]: disconnect from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108] helo=1 mail=1 rcpt=0/1 commands=2/3 Jan 9 05:15:40 hwsrv-218892 postfix/smtpd[20781]: connect from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108] Jan 9 05:15:41 hwsrv-218892 postfix/smtpd[20781]: NOQUEUE: reject: RCPT from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<23.254.161.138> Jan 9 05:15:41 hwsrv-218892 postfix/smtpd[20781]: lost connection after RCPT from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108] Jan 9 05:15:41 hwsrv-218892 postfix/smtpd[20781]: disconnect from 118-161-157-108.dynamic-ip.hinet.net[118.161.157.108] helo=1 mail=1 rcpt=0/1 commands=2/3 Jan 9 05:19:01 hwsrv-218892 postfix/anvil[20784]: statistics: max connection rate 2/60s for (smtp:118.161.157.108) at Jan 9 05:15:40 Jan 9 05:19:01 hwsrv-218892 postfix/anvil[20784]: statistics: max connection count 1 for (smtp:118.161.157.108) at Jan 9 05:15:15 Jan 9 05:19:01 hwsrv-218892 postfix/anvil[20784]: statistics: max cache size 1 at Jan 9 05:15:15
What are the NOQUEUE messages? Does that mean somebody was trying to use my server to relay spam? If so, how can I make sure that does not happen?
-
Tyler Durden over 6 yearsDo those rejections mean that somebody was trying to use my server to relay mail, possibly for spam?
-
Michael Hampton over 6 yearsYes, that's exactly what happened. I'm surprised you didn't see more of them. That's just part of being on the Internet these days.
-
Tyler Durden over 6 yearsScary how fast they found my server, since it just went online last night.
-
Michael Hampton over 6 yearsMaybe, but your IP address was in use by someone else just a few days ago. And malicious actors can easily try every IPv4 address on the Internet anyway.