Since this morning, as an admin I'm receiving MANY emails with the subject "Proxmox SMTP server: errors from unknown[xxx.xxx.xxx.xxx]".
They all contains similar stuff :
On the few thousands legitimate emails hours that work fine, it look like these are SIMILARS ip's, and the keep trying to deliver every X minutes so I'v blackllisted them to stop the email flooding.:
From what I see, the PTR of almost every IP address returns the same dns server *.exacttarget.com, and the PTR use always the same template starting with mta2.something.* like mta2.link.hellofresh.ca, or mta.e.rogersbank.com, or mta.mail.mackenzieinvestments.com.
Anyone else having issue with them today, or is it something broken in my cluster of 5 PMGs?
Thank you.
They all contains similar stuff :
Code:
Transcript of session follows.
Out: 220 pmg10.legardeur.net ESMTP Proxmox
In: EHLO mta.email.jysk.ca
Out: 250-pmg10.legardeur.net
Out: 250-PIPELINING
Out: 250-SIZE 41943040
Out: 250-VRFY
Out: 250-ETRN
Out: 250-STARTTLS
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250-SMTPUTF8
Out: 250 CHUNKING
In: STARTTLS
Out: 220 2.0.0 Ready to start TLS
In: EHLO mta.email.jysk.ca
Out: 250-pmg10.legardeur.net
Out: 250-PIPELINING
Out: 250-SIZE 41943040
Out: 250-VRFY
Out: 250-ETRN
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250-SMTPUTF8
Out: 250 CHUNKING
In: MAIL
FROM:<bounce-897_HTML-43555047-163454-526001905-13046@bounce.email.jysk.ca>
BODY=8BITMIME
Out: 250 2.1.0 Ok
In: RCPT TO:<myuser@mydomain.com>
Out: 250 2.1.5 Ok
In: DATA
Out: 354 End data with <CR><LF>.<CR><LF>
Out: 451 4.3.0 Error: queue file write error
In: QUIT
Out: 221 2.0.0 Bye
For other details, see the local mail logfile
On the few thousands legitimate emails hours that work fine, it look like these are SIMILARS ip's, and the keep trying to deliver every X minutes so I'v blackllisted them to stop the email flooding.:
Code:
161.71.69.123 foreo
161.71.38.86 hellofresh
13.110.209.11 snapfinancial
13.110.209.32 jysk
13.110.229.33 1800gotjunk
13.111.83.85 isagenix
13.111.110.27 lincoln
13.111.103.186 familiprix
13.111.34.95 itblues
13.111.56.47 sportexpert
13.111.52.28 keurig
13.111.204.1 westernunion
13.111.188.37 aloyoga
13.111.87.231 purolator
13.111.78.3 burton
136.147.138.153 netsol
136.147.185.21 pcoptimum
136.147.137.190 laura
209.85.208.43 baddesigngroup
198.245.88.33 macenzie
128.17.64.140 rogersbank
68.232.197.1 tuango
From what I see, the PTR of almost every IP address returns the same dns server *.exacttarget.com, and the PTR use always the same template starting with mta2.something.* like mta2.link.hellofresh.ca, or mta.e.rogersbank.com, or mta.mail.mackenzieinvestments.com.
Anyone else having issue with them today, or is it something broken in my cluster of 5 PMGs?
Thank you.