Postfix: Was bedeutet dieses Log

Hallo zusammen,

ich habe einen Ubuntuserver, der bei Strato in der Cloud liegt. Auf diesem ist postfix installiert und dient als reines Mailrelay. Seit einiger Zeit, habe ich "komisch" Einträge im Log.
Kann mir jemand etwas dazu sagen?

Sep  9 10:13:18 [Servername] postfix/smtp[21666]: 03AA823EE0A8E: to=<linga@weckerder.com>, relay=none, delay=424608, delays=424578/0.01/30/0, dsn=4.4.1, status=deferred (connect to weckerder.com[184.168.221.48]:25: Connection timed out)
Sep  9 10:15:02 [Servername] postfix/smtpd[21710]: connect from unknown[146.0.77.190]
Sep  9 10:15:03 [Servername] postfix/smtpd[21713]: connect from unknown[146.0.77.190]
Sep  9 10:15:06 [Servername] postfix/smtpd[21710]: warning: SASL authentication failure: Password verification failed
Sep  9 10:15:06 [Servername] postfix/smtpd[21710]: warning: unknown[146.0.77.190]: SASL PLAIN authentication failed: authentication failure
Sep  9 10:15:07 [Servername] postfix/smtpd[21710]: lost connection after AUTH from unknown[146.0.77.190]
Sep  9 10:15:07 [Servername] postfix/smtpd[21710]: disconnect from unknown[146.0.77.190]
Sep  9 10:15:07 [Servername] postfix/smtpd[21710]: connect from unknown[146.0.77.190]
Sep  9 10:15:07 [Servername] postfix/smtpd[21713]: warning: SASL authentication failure: Password verification failed
Sep  9 10:15:07 [Servername] postfix/smtpd[21713]: warning: unknown[146.0.77.190]: SASL PLAIN authentication failed: authentication failure
Sep  9 10:15:08 [Servername] postfix/smtpd[21713]: lost connection after AUTH from unknown[146.0.77.190]
Sep  9 10:15:08 [Servername] postfix/smtpd[21713]: disconnect from unknown[146.0.77.190]
Sep  9 10:15:08 [Servername] postfix/smtpd[21713]: connect from unknown[146.0.77.190]
Sep  9 10:15:11 [Servername] postfix/smtpd[21710]: warning: SASL authentication failure: Password verification failed
Sep  9 10:15:11 [Servername] postfix/smtpd[21710]: warning: unknown[146.0.77.190]: SASL PLAIN authentication failed: authentication failure
Sep  9 10:15:11 [Servername] postfix/smtpd[21710]: lost connection after AUTH from unknown[146.0.77.190]
Sep  9 10:15:11 [Servername] postfix/smtpd[21710]: disconnect from unknown[146.0.77.190]
Sep  9 10:15:12 [Servername] postfix/smtpd[21713]: warning: SASL authentication failure: Password verification failed
Sep  9 10:15:12 [Servername] postfix/smtpd[21713]: warning: unknown[146.0.77.190]: SASL PLAIN authentication failed: authentication failure
Sep  9 10:15:12 [Servername] postfix/smtpd[21713]: lost connection after AUTH from unknown[146.0.77.190]
Sep  9 10:15:12 [Servername] postfix/smtpd[21713]: disconnect from unknown[146.0.77.190]
Sep  9 10:18:32 [Servername] postfix/anvil[21712]: statistics: max connection rate 4/60s for (smtp:146.0.77.190) at Sep  9 10:15:08
Sep  9 10:18:32 [Servername] postfix/anvil[21712]: statistics: max connection count 2 for (smtp:146.0.77.190) at Sep  9 10:15:03
Sep  9 10:18:32 [Servername] postfix/anvil[21712]: statistics: max cache size 1 at Sep  9 10:15:02
Sep  9 10:27:48 [Servername] postfix/qmgr[701]: 2937B23EE182D: from=<>, size=2765, nrcpt=1 (queue active)
Sep  9 10:28:18 [Servername] postfix/smtp[21779]: connect to doutrysfding.com[184.168.221.60]:25: Connection timed out
Sep  9 10:28:18 [Servername] postfix/smtp[21779]: 2937B23EE182D: to=<alimonfg@doutrysfding.com>, relay=none, delay=260825, delays=260795/0.01/30/0, dsn=4.4.1, status=deferred (connect to doutrysfding.com[184.168.221.60]:25: Connection timed out)
Sep  9 10:28:26 [Servername] postfix/smtpd[21786]: connect from unknown[103.89.88.109]
Sep  9 10:28:27 [Servername] postfix/smtpd[21786]: disconnect from unknown[103.89.88.109]
Sep  9 10:31:48 [Servername] postfix/anvil[21788]: statistics: max connection rate 1/60s for (smtp:103.89.88.109) at Sep  9 10:28:26
Sep  9 10:31:48 [Servername] postfix/anvil[21788]: statistics: max connection count 1 for (smtp:103.89.88.109) at Sep  9 10:28:26
Sep  9 10:31:48 [Servername] postfix/anvil[21788]: statistics: max cache size 1 at Sep  9 10:28:26
Sep  9 10:33:01 [Servername] postfix/smtpd[21816]: connect from unknown[125.129.212.198]
Sep  9 10:33:02 [Servername] postfix/smtpd[21816]: disconnect from unknown[125.129.212.198]
Sep  9 10:36:23 [Servername] postfix/anvil[21818]: statistics: max connection rate 1/60s for (smtp:125.129.212.198) at Sep  9 10:33:01
Sep  9 10:36:23 [Servername] postfix/anvil[21818]: statistics: max connection count 1 for (smtp:125.129.212.198) at Sep  9 10:33:01
Sep  9 10:36:23 [Servername] postfix/anvil[21818]: statistics: max cache size 1 at Sep  9 10:33:01
Sep  9 11:00:19 [Servername] postfix/smtpd[22277]: connect from p57ADBD88.dip0.t-ipconnect.de[87.173.189.136]
Sep  9 11:00:19 [Servername] postfix/smtpd[22277]: warning: SASL authentication failure: Password verification failed
Sep  9 11:00:19 [Servername] postfix/smtpd[22277]: warning: p57ADBD88.dip0.t-ipconnect.de[87.173.189.136]: SASL PLAIN authentication failed: authentication failure
Sep  9 11:00:19 [Servername] postfix/smtpd[22277]: disconnect from p57ADBD88.dip0.t-ipconnect.de[87.173.189.136]
Sep  9 11:03:40 [Servername] postfix/anvil[22279]: statistics: max connection rate 1/60s for (smtp:87.173.189.136) at Sep  9 11:00:19
Sep  9 11:03:40 [Servername] postfix/anvil[22279]: statistics: max connection count 1 for (smtp:87.173.189.136) at Sep  9 11:00:19
Sep  9 11:03:40 [Servername] postfix/anvil[22279]: statistics: max cache size 1 at Sep  9 11:00:19
Sep  9 11:07:48 [Servername] postfix/qmgr[701]: 1E9FB23EE0C0C: from=<>, size=2701, nrcpt=1 (queue active)
Sep  9 11:08:18 [Servername] postfix/smtp[22314]: connect to tyuounyhd.com[184.168.221.51]:25: Connection timed out
Sep  9 11:08:18 [Servername] postfix/smtp[22314]: 1E9FB23EE0C0C: to=<yamig@tyuounyhd.com>, relay=none, delay=410309, delays=410279/0.01/30/0, dsn=4.4.1, status=deferred (connect to tyuounyhd.com[184.168.221.51]:25: Connection timed out)
Sep  9 11:12:48 [Servername] postfix/qmgr[701]: 1F5B323EE1760: from=<>, size=2727, nrcpt=1 (queue active)
Sep  9 11:12:48 [Servername] postfix/qmgr[701]: 7472223EE193B: from=<>, size=2805, nrcpt=1 (queue active)
Sep  9 11:13:18 [Servername] postfix/smtp[22346]: connect to vhopyungm.com[50.63.202.37]:25: Connection timed out
Sep  9 11:13:18 [Servername] postfix/smtp[22346]: 1F5B323EE1760: to=<browngo@vhopyungm.com>, relay=none, delay=63542, delays=63512/0.01/30/0, dsn=4.4.1, status=deferred (connect to vhopyungm.com[50.63.202.37]:25: Connection timed out)
Sep  9 11:13:18 [Servername] postfix/smtp[22347]: connect to doutrysfding.com[184.168.221.52]:25: Connection timed out
Sep  9 11:13:18 [Servername] postfix/smtp[22347]: 7472223EE193B: to=<alimonfg@doutrysfding.com>, relay=none, delay=172581, delays=172551/0.01/30/0, dsn=4.4.1, status=deferred (connect to doutrysfding.com[184.168.221.52]:25: Connection timed out)
Sep  9 11:22:48 [Servername] postfix/qmgr[701]: 03AA823EE0A8E: from=<>, size=2764, nrcpt=1 (queue active)
Sep  9 11:23:19 [Servername] postfix/smtp[22410]: connect to weckerder.com[184.168.221.32]:25: Connection timed out
Sep  9 11:23:19 [Servername] postfix/smtp[22410]: 03AA823EE0A8E: to=<linga@weckerder.com>, relay=none, delay=428809, delays=428779/0.01/30/0, dsn=4.4.1, status=deferred (connect to weckerder.com[184.168.221.32]:25: Connection timed out)
Sep  9 11:37:48 [Servername] postfix/qmgr[701]: 2937B23EE182D: from=<>, size=2765, nrcpt=1 (queue active)
Sep  9 11:38:18 [Servername] postfix/smtp[22537]: connect to doutrysfding.com[184.168.221.60]:25: Connection timed out
Sep  9 11:38:18 [Servername] postfix/smtp[22537]: 2937B23EE182D: to=<alimonfg@doutrysfding.com>, relay=none, delay=265026, delays=264996/0.01/30/0, dsn=4.4.1, status=deferred (connect to doutrysfding.com[184.168.221.60]:25: Connection timed out)

Please also mark the comments that contributed to the solution of the article

Content-Key: 385990

Url: https://administrator.de/contentid/385990

Printed on: April 23, 2024 at 18:04 o'clock

4 Comments

Latest comment

Moin...

Sep  9 11:00:19 [Servername] postfix/smtpd[22277]: warning: p57ADBD88.dip0.t-ipconnect.de[87.173.189.136]: SASL PLAIN authentication failed: authentication failure 

das ist normal, das sind verbindungsversuche....
ich würde mich eher wundern, wenn das nich so wäre

allerdings

Sep  9 11:23:19 [Servername] postfix/smtp[22410]: 03AA823EE0A8E: to=<linga@weckerder.com>, relay=none, delay=428809, delays=428779/0.01/30/0, dsn=4.4.1, status=deferred (connect to weckerder.com[184.168.221.32]:25: Connection timed out) 

und

Sep  9 11:38:18 [Servername] postfix/smtp[22537]: 2937B23EE182D: to=<alimonfg@doutrysfding.com>, relay=none, delay=265026, delays=264996/0.01/30/0, dsn=4.4.1, status=deferred (connect to doutrysfding.com[184.168.221.60]:25: Connection timed out)

sagen mir, da ist was Faul ....
ich würde mal deinen Server mit mxtoolbox.com prüfen...
kann es sein das auf deinem Server irgendein WEB /CMS / PHP Mailer gehackt wurde... etc...
den Server würde ich auf jedenfall prüfen, und bis alles IO ist, vom Netz nehmen!

Frank

Zitat von @schneerunzel:

Hallo zusammen,

ich habe einen Ubuntuserver, der bei Strato in der Cloud liegt. Auf diesem ist postfix installiert und dient als reines Mailrelay. Seit einiger Zeit, habe ich "komisch" Einträge im Log.
Kann mir jemand etwas dazu sagen?
hmm

- openRelay oder mit Athentifikation ?
- wo liefert das Relay ab ? (oder nur Senderelay ?)
- wer kann (wie ?) Sendungen initiieren ? (und wie ? ...mit auth auf welchem/n User(n), via vpn ..?)

z.B. Zeile 53 deferred... schau doch einfach mal in die entsprechende Schlange rein; da liegt die Mail und harrt der Auslieferung... im Header steht von wem (IP) an wen und auch den Inhalt solltest du lesen können, wenn nötig. Gibt es das Ziel denn so überhaupt ? (kann man simpel mit telnet prüfen, ob sich da ein smtp überhaupt meldet)

Mail können auf deferred sein, wenn deine Konfiguration nicht "ganz wasserdicht" ist - siehe SPF.

Fred