• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

What are all these relaylock msgs in maillog?

M

malphigian

Guest
Background: I've got Plesk 8.0.1. on FC2. I have removed drweb and psa-spamassassin. I'm going to be installing the ART spamassassin but I want to make sure I have a working qmail set up before I do.

I'm seeing a lot of these messages in my maillog:

Aug 16 12:06:40 host1 relaylock: /var/qmail/bin/relaylock: mail from 81.203.218.210:60569 (81-203-218-210.user.ono.com)
Aug 16 12:06:42 host1 relaylock: /var/qmail/bin/relaylock: mail from 201.230.203.217:3384 (not defined)
Aug 16 12:06:46 host1 relaylock: /var/qmail/bin/relaylock: mail from 206.190.52.105:38569 (mta255.mail.re2.yahoo.com)
Aug 16 12:06:47 host1 relaylock: /var/qmail/bin/relaylock: mail from 80.144.223.23:4976 (p5090df17.dip.t-dialin.net)
Click to expand...


What are these? Are these actually attempts to relay through my server? Are these emails actually getting bounced?

I do seem to be getting emails otherwise, but these messages make me nervous.

Can someone explain what they are and why they are happening?
 
A little more information:
It appears the relaylock message appears every single time an external server connects -- that is, everytime anyone anywhere connects to the SMTP server.

When it's a normal email going to a valid local address, the relaylock happens, and then a few lines later in the maillog you see the delivery. Same for an invalid local address, you see the bounce message a few lines later.

So I'm probably worrying about nothing and this is a normal message.

I am curious why there are so many of them that don't appear to result in a delivery or a bounce. The vast majority of these messages never lead to anything, just that one line with the lock. It makes me wonder what they are -- hundreds of people a day opening connections to the mail server and not sending anything?

I was able to generate this same one line message with no follow up by doing an open relay test on abuse.net -- are there really that many people trying to use my server as an open relay repeatedly. Many of the ip addresses do appear in spammer databases, but you'd think they'd give up.

I wish I could dig up a little more documentation on the relaylock program and how it works.
 
You must log in or register to reply here.

Similar threads

EnriqueR
Question Incoming mail is stored in Junk folder
Replies
6
Views
1K
EnriqueR
EnriqueR
J
Resolved Start spamassassin.service Failed with result 'timeout'.
Replies
7
Views
3K
Jelle_Timmer
J
Ehud
Question Is Plesk Email SRS fully configured, or it requires an extension?
Replies
0
Views
2K
Ehud
Ehud
A
Issue Incomming Mails from a specific sender Stuck in MailQueue
Replies
3
Views
2K
eddvond
E
J
Issue PHPMailer - X-PPP-Vhost header is changed to subscription-domain and causes DMARC reject
Replies
1
Views
5K
japjay
J
Back
Top