[CentOS] Postfix - message queue filling with Host or name not found - try again

Sun Nov 21 12:00:47 UTC 2010
Ben McGinnes <ben at adversary.org>

On 17/11/10 7:26 AM, Rob Kampen wrote:
>
>>> Examining the postfix queue with postqueue -p:  I see many
>>> (Host or domain name not found. Name service error for
>>> name=bdgiedjhea.po6e4ina.com type=MX: Host not found, try again)
>>>                                          Jake at bdgiedjhea.po6e4ina.com
>>> My question - why does this stay in the message queue - why not dumped
>>> back with message undeliverable or dropped?

What is the complete output of postqueue -p?  What is the From address
and, more to the point, is it MAILER-DAEMON?

> Agreed, however this opens a potential DoS attack vector - I'm
> trying to determine why my postfix even has these requests present
> as I'm not initiating the emails (as far as I know) and I do not
> forward emails for any other domains.
> I feel like I'm missing something......confused maybe

It could be backscatter.

Run postqueue -p and pick one of the messages, it shouldn't matter
which.  Then run:

postcat -q $MSGID | less

Where $MSGID is one of the messages in the queue.  That will show you
the message and headers.  I'd be willing to bet it's your server
trying to send a rejection/spam detection to a server.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20101121/3191f82e/attachment-0005.sig>