Returned Mail by the 1000s

Clint Savage herlo1 at gmail.com
Tue Jan 30 07:08:05 MST 2007


All of the sudden, my mail server has been inundated with mail that
apparently has failed being sent from some sort of spam bot who is spoofing
my email addresses.  It appears that some of the spam is coming through my
mail server, but I am quite certain I've configured it to not allow relay
for any domains.  However, it appears that I am attempting to send spam from
my domain anyway.  I have taken steps to curb it, but it appears that what I
know best is about blocking mail coming in, not going out from my box.

Here is a small sample of my maillog:

Jan 29 18:24:06 herlo postfix/qmgr[10046]: 1876A810AA: to=<
plusyoung at korea.com>, relay=none, delay=82539, delays=82539/0.02/0/0, dsn=
4.4.3, status=deferred (delivery temporarily suspended: Host or domain name
not found. Name service error for name=korea.com type=MX: Host not found,
try again)
Jan 29 18:24:06 herlo postfix/qmgr[10046]: 1876A810AA: to=<
plusyouq at korea.com>, relay=none, delay=82539, delays=82539/0.02/0/0, dsn=
4.4.3, status=deferred (delivery temporarily suspended: Host or domain name
not found. Name service error for name=korea.com type=MX: Host not found,
try again)
Jan 29 18:24:06 herlo postfix/qmgr[10046]: 1876A810AA: to=<
plusyouto at korea.com>, relay=none, delay=82539, delays=82539/0.04/0/0, dsn=
4.4.3, status=deferred (delivery temporarily suspended: Host or domain name
not found. Name service error for name=korea.com type=MX: Host not found,
try again)
Jan 29 18:24:06 herlo postfix/qmgr[10046]: 1876A810AA: to=<
plusyouu at korea.com>, relay=none, delay=82539, delays=82539/0.05/0/0, dsn=
4.4.3, status=deferred (delivery temporarily suspended: Host or domain name
not found. Name service error for name=korea.com type=MX: Host not found,
try again)
Jan 29 18:24:06 herlo postfix/qmgr[10046]: 1876A810AA: to=<
plusyujin at korea.com>, relay=none, delay=82539, delays=82539/0.06/0/0, dsn=
4.4.3, status=deferred (delivery temporarily suspended: Host or domain name
not found. Name service error for name=korea.com type=MX: Host not found,
try again)
Jan 29 18:24:06 herlo postfix/qmgr[10046]: 1876A810AA: to=<plusyun at korea.com>,
relay=none, delay=82539, delays=82539/0.06/0/0, dsn=4.4.3, status=deferred
(delivery temporarily suspended: Host or domain name not found. Name service
error for name=korea.com type=MX: Host not found, try again)
Jan 29 18:24:06 herlo postfix/qmgr[10046]: 1876A810AA: to=<
plusyuri at korea.com>, relay=none, delay=82539, delays=82539/0.08/0/0, dsn=
4.4.3, status=deferred (delivery temporarily suspended: Host or domain name
not found. Name service error for name=korea.com type=MX: Host not found,
try again)
Jan 29 18:24:06 herlo postfix/qmgr[10046]: 1876A810AA: to=<
pluszang at korea.com>, relay=none, delay=82539, delays=82539/0.08/0/0, dsn=
4.4.3, status=deferred (delivery temporarily suspended: Host or domain name
not found. Name service error for name=korea.com type=MX: Host not found,
try again)
Jan 29 18:24:06 herlo postfix/qmgr[10046]: 1876A810AA: to=<
pluszarkal at korea.com>, relay=none, delay=82539, delays=82539/0.09/0/0, dsn=
4.4.3, status=deferred (delivery temporarily suspended: Host or domain name
not found. Name service error for name=korea.com type=MX: Host not found,
try again)
Jan 29 18:24:06 herlo postfix/qmgr[10046]: 3FE4D81044: from=<
webmaster at herlo.org>, size=1003, nrcpt=10 (queue active)


As it appears to me, qmgr is sending mail for me without any requests on my
part.  I am wondering what my real options are.  It almost seems like my box
has somehow been compromised, but it appears to only affect mail.
Considerations I have made are related to SPF, which I don't know much
about, Netfilter/iptables, which I have put in place as much as I can see to
repair the damage, but I still need to send mail.

What other suggestions does the PLUG crowd have?

Cheers,

Clint



More information about the PLUG mailing list