Blank from fields - how to ban it?

Good day.

I do not from whence (I see no client connection from /var/log/mail.log) the
weird letters come, but I see them as:

postfix/qmgr[2589]: 4B59323B3A: from=<>, size=3751, nrcpt=1 (queue active)

latter then they are sent:

postfix/smtp[8888]: 4B59323B3A: to=< ... at yyyy dot zz>, relay=none, delay=147396, delays=147365/0.07/31/0, dsn=4.4.1, status=deferred (connect to yyyy.zz[aaa.bbb.ccc.dd]:25: Connection timed out)

So, can You please help me with the following, how I can:

- investigate (debug?) from whence it comes? and

- filter/ban it?

Thank You for Your time.


Re: Blank from fields - how to ban it?

By mouss at 10/04/2009 - 08:57

Sthu Pous a écrit :

if you don't see a connect, then it is a bounce generated by your
server. to see what message caused the bounce, grep for < ... at yyyy dot zz>.

if it's a bounce generated by your server, you need to find out what was
bounced, and block the "original" messages.

Otherwise, don't block mail from "<>" in general, because this is how
your users get bounces. you can block some backscatter though. see the

Re: Blank from fields - how to ban it?

By Wietse Venema at 10/04/2009 - 08:56

Sthu Pous:

Look at the END of the message with postcat (postcat -q 4B59323B3A).

Was this undeliverable mail for some non-existent address in your
domain? Then that is the problem. DOn't accept mail for non-existent