<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://htyp.org/mw/index.php?action=history&amp;feed=atom&amp;title=User%3AWoozle%2F2016%2F02%2F15%2FPostfix_bounce-spam%2Fmail.log_1</id>
	<title>User:Woozle/2016/02/15/Postfix bounce-spam/mail.log 1 - Revision history</title>
	<link rel="self" type="application/atom+xml" href="https://htyp.org/mw/index.php?action=history&amp;feed=atom&amp;title=User%3AWoozle%2F2016%2F02%2F15%2FPostfix_bounce-spam%2Fmail.log_1"/>
	<link rel="alternate" type="text/html" href="https://htyp.org/mw/index.php?title=User:Woozle/2016/02/15/Postfix_bounce-spam/mail.log_1&amp;action=history"/>
	<updated>2026-07-03T04:41:59Z</updated>
	<subtitle>Revision history for this page on the wiki</subtitle>
	<generator>MediaWiki 1.45.3</generator>
	<entry>
		<id>https://htyp.org/mw/index.php?title=User:Woozle/2016/02/15/Postfix_bounce-spam/mail.log_1&amp;diff=21647&amp;oldid=prev</id>
		<title>Woozle: Created page with &quot;I found this chunk by searching mail.log for the email address of the apparent target (C.Derbyshire249@BTInternet.com), then searching for the IP address...&quot;</title>
		<link rel="alternate" type="text/html" href="https://htyp.org/mw/index.php?title=User:Woozle/2016/02/15/Postfix_bounce-spam/mail.log_1&amp;diff=21647&amp;oldid=prev"/>
		<updated>2016-02-16T14:16:37Z</updated>

		<summary type="html">&lt;p&gt;Created page with &amp;quot;I found this chunk by searching &lt;a href=&quot;/Postfix/mail.log&quot; title=&quot;Postfix/mail.log&quot;&gt;mail.log&lt;/a&gt; for the email address of the apparent target (C.Derbyshire249@BTInternet.com), then searching for the IP address...&amp;quot;&lt;/p&gt;
&lt;p&gt;&lt;b&gt;New page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;I found this chunk by searching [[Postfix/mail.log|mail.log]] for the email address of the apparent target (C.Derbyshire249@BTInternet.com), then searching for the IP address of the sender (103.28.113.148). This is the complete history of cloud2&amp;#039;s interaction with that IP address:&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
Feb 16 04:06:40 cloud2 postfix/smtpd[19909]: warning: hostname host-103-28-113-148.ldp.net.id does not resolve to address 103.28.113.148: Name or service not known&lt;br /&gt;
Feb 16 04:06:40 cloud2 postfix/smtpd[19909]: connect from unknown[103.28.113.148]&lt;br /&gt;
Feb 16 04:06:45 cloud2 postfix/smtpd[19909]: warning: SASL authentication failure: Password verification failed&lt;br /&gt;
Feb 16 04:06:45 cloud2 postfix/smtpd[19909]: warning: unknown[103.28.113.148]: SASL PLAIN authentication failed: authentication failure&lt;br /&gt;
Feb 16 04:06:47 cloud2 postfix/smtpd[19911]: warning: hostname unregistered.netregistry.net does not resolve to address 202.47.1.23&lt;br /&gt;
Feb 16 04:06:47 cloud2 postfix/smtpd[19911]: connect from unknown[202.47.1.23]&lt;br /&gt;
Feb 16 04:06:48 cloud2 postfix/smtpd[19909]: warning: SASL authentication failure: Password verification failed&lt;br /&gt;
Feb 16 04:06:48 cloud2 postfix/smtpd[19909]: warning: unknown[103.28.113.148]: SASL PLAIN authentication failed: authentication failure&lt;br /&gt;
Feb 16 04:06:49 cloud2 postfix/trivial-rewrite[19912]: warning: do not list domain VBZ.NET in BOTH mydestination and virtual_alias_domains&lt;br /&gt;
Feb 16 04:06:49 cloud2 postfix/smtpd[19911]: 5DE011413C6: client=unknown[202.47.1.23]&lt;br /&gt;
Feb 16 04:06:49 cloud2 postfix/smtpd[19909]: warning: SASL authentication failure: Password verification failed&lt;br /&gt;
Feb 16 04:06:49 cloud2 postfix/smtpd[19909]: warning: unknown[103.28.113.148]: SASL PLAIN authentication failed: authentication failure&lt;br /&gt;
Feb 16 04:06:50 cloud2 postfix/cleanup[19913]: 5DE011413C6: message-id=&amp;lt;8db01f85041e467228f5383e991b3a4c@realityfurniture.com.au&amp;gt;&lt;br /&gt;
Feb 16 04:06:50 cloud2 postfix/smtpd[19909]: lost connection after AUTH from unknown[103.28.113.148]&lt;br /&gt;
Feb 16 04:06:50 cloud2 postfix/smtpd[19909]: disconnect from unknown[103.28.113.148]&lt;br /&gt;
Feb 16 04:06:52 cloud2 postfix/smtpd[19909]: warning: hostname host-103-28-113-148.ldp.net.id does not resolve to address 103.28.113.148: Name or service not known&lt;br /&gt;
Feb 16 04:06:52 cloud2 postfix/smtpd[19909]: connect from unknown[103.28.113.148]&lt;br /&gt;
Feb 16 04:06:52 cloud2 postfix/qmgr[16733]: 5DE011413C6: from=&amp;lt;eula_weaver@realityfurniture.com.au&amp;gt;, size=2577, nrcpt=1 (queue active)&lt;br /&gt;
Feb 16 04:06:52 cloud2 postfix/cleanup[19913]: 5E5E21413C8: message-id=&amp;lt;8db01f85041e467228f5383e991b3a4c@realityfurniture.com.au&amp;gt;&lt;br /&gt;
Feb 16 04:06:52 cloud2 postfix/qmgr[16733]: 5E5E21413C8: from=&amp;lt;eula_weaver@realityfurniture.com.au&amp;gt;, size=2732, nrcpt=1 (queue active)&lt;br /&gt;
Feb 16 04:06:52 cloud2 postfix/local[19914]: 5DE011413C6: to=&amp;lt;default-vbz.net@cloud2.hypertwins.net&amp;gt;, orig_to=&amp;lt;t.R@VBZ.NET&amp;gt;, relay=local, delay=3, delays=3/0.01/0/0, dsn=2.0.0, status=sent (forwarded as 5E5E21413C8)&lt;br /&gt;
Feb 16 04:06:52 cloud2 postfix/qmgr[16733]: 5DE011413C6: removed&lt;br /&gt;
Feb 16 04:06:52 cloud2 postfix/local[19914]: 5E5E21413C8: to=&amp;lt;null-hypertwins.net@cloud2.hypertwins.net&amp;gt;, orig_to=&amp;lt;t.R@VBZ.NET&amp;gt;, relay=local, delay=0, delays=0/0/0/0, dsn=2.0.0, status=sent (delivered to file: /dev/null)&lt;br /&gt;
Feb 16 04:06:52 cloud2 postfix/qmgr[16733]: 5E5E21413C8: removed&lt;br /&gt;
Feb 16 04:06:52 cloud2 postfix/smtpd[19911]: disconnect from unknown[202.47.1.23]&lt;br /&gt;
Feb 16 04:06:56 cloud2 postfix/trivial-rewrite[19912]: warning: do not list domain ownedbycats.org in BOTH mydestination and virtual_alias_domains&lt;br /&gt;
Feb 16 04:06:56 cloud2 postfix/smtpd[19909]: 93AD11413C6: client=unknown[103.28.113.148], sasl_method=PLAIN, sasl_username=harena&lt;br /&gt;
Feb 16 04:06:57 cloud2 postfix/cleanup[19913]: 93AD11413C6: message-id=&amp;lt;7F33F06B-8A94-47E0-B3A6-8B8B673EA45A@ownedbycats.org&amp;gt;&lt;br /&gt;
Feb 16 04:06:57 cloud2 postfix/qmgr[16733]: 93AD11413C6: from=&amp;lt;ckelly383@ownedbycats.org&amp;gt;, size=691, nrcpt=1 (queue active)&lt;br /&gt;
Feb 16 04:06:59 cloud2 postfix/smtpd[19909]: 291231413C8: client=unknown[103.28.113.148], sasl_method=PLAIN, sasl_username=harena&lt;br /&gt;
Feb 16 04:07:00 cloud2 postfix/cleanup[19913]: 291231413C8: message-id=&amp;lt;79816A1E-A7A3-490F-F62D-77D316B94A0D@ownedbycats.org&amp;gt;&lt;br /&gt;
Feb 16 04:07:00 cloud2 postfix/qmgr[16733]: 291231413C8: from=&amp;lt;gabsy@ownedbycats.org&amp;gt;, size=682, nrcpt=1 (queue active)&lt;br /&gt;
Feb 16 04:07:02 cloud2 postfix/smtpd[19909]: 4BC1E1413E6: client=unknown[103.28.113.148], sasl_method=PLAIN, sasl_username=harena&lt;br /&gt;
Feb 16 04:07:03 cloud2 postfix/cleanup[19913]: 4BC1E1413E6: message-id=&amp;lt;7A636FD3-85FD-42CC-A115-7DD9171DE1F3@ownedbycats.org&amp;gt;&lt;br /&gt;
Feb 16 04:07:03 cloud2 postfix/qmgr[16733]: 4BC1E1413E6: from=&amp;lt;gabsy@ownedbycats.org&amp;gt;, size=655, nrcpt=1 (queue active)&lt;br /&gt;
Feb 16 04:07:04 cloud2 postfix/smtpd[19909]: C83501413EA: client=unknown[103.28.113.148], sasl_method=PLAIN, sasl_username=harena&lt;br /&gt;
Feb 16 04:07:06 cloud2 postfix/cleanup[19913]: C83501413EA: message-id=&amp;lt;5C10A207-860D-42CC-9E58-4DA9AEC1FF1B@ownedbycats.org&amp;gt;&lt;br /&gt;
Feb 16 04:07:06 cloud2 postfix/qmgr[16733]: C83501413EA: from=&amp;lt;gabsy@ownedbycats.org&amp;gt;, size=630, nrcpt=1 (queue active)&lt;br /&gt;
Feb 16 04:07:06 cloud2 postfix/smtp[19923]: C83501413EA: to=&amp;lt;jay@cfpworldwide.com&amp;gt;, relay=ASPMX.L.GOOGLE.com[74.125.22.26]:25, delay=1.9, delays=1.3/0/0.41/0.21, dsn=2.0.0, status=sent (250 2.0.0 OK 1455613626 s65si39474105qhb.93 - gsmtp)&lt;br /&gt;
Feb 16 04:07:06 cloud2 postfix/qmgr[16733]: C83501413EA: removed&lt;br /&gt;
Feb 16 04:07:07 cloud2 postfix/smtpd[19909]: 461B71413EA: client=unknown[103.28.113.148], sasl_method=PLAIN, sasl_username=harena&lt;br /&gt;
Feb 16 04:07:07 cloud2 postfix/smtp[19922]: 4BC1E1413E6: to=&amp;lt;C.Derbyshire249@BTInternet.com&amp;gt;, relay=mx.bt.lon5.cpcloud.co.uk[65.20.0.49]:25, delay=5.6, delays=1.3/0/0.89/3.4, dsn=5.0.0, status=bounced (host mx.bt.lon5.cpcloud.co.uk[65.20.0.49] said: 554 Message rejected for policy reasons (3.2.1.1) - Please report any problems to BT via the postmaster@btinternet.com mailbox and include your sending ip address with an example header of your email (in reply to end of DATA command))&lt;br /&gt;
Feb 16 04:07:07 cloud2 postfix/cleanup[19926]: DA4491413FA: message-id=&amp;lt;20160216090707.DA4491413FA@cloud2.hypertwins.net&amp;gt;&lt;br /&gt;
Feb 16 04:07:07 cloud2 postfix/qmgr[16733]: DA4491413FA: from=&amp;lt;&amp;gt;, size=3028, nrcpt=1 (queue active)&lt;br /&gt;
Feb 16 04:07:07 cloud2 postfix/bounce[19924]: 4BC1E1413E6: sender non-delivery notification: DA4491413FA&lt;br /&gt;
Feb 16 04:07:07 cloud2 postfix/qmgr[16733]: 4BC1E1413E6: removed&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
It looks like it tried to log on via several methods which failed (no usernames listed in the log -- which may mean they were anonymous logins or may mean that the log only lists usernames for successful connections -- and then finally succeeded as user &amp;quot;harena&amp;quot;, whence it sent a small sequence of spams and then disconnected.&lt;/div&gt;</summary>
		<author><name>Woozle</name></author>
	</entry>
</feed>