View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions meaning?: li1295-168.members.linode.com:smtp->wobosm03.netvigator.com:36006 (ESTABLISHED)
Log in to Ask a Question

meaning?: li1295-168.members.linode.com:smtp->wobosm03.netvigator.com:36006 (ESTABLISHED)

email

Hi there,

When I run

lsof -i | grep smtp

I sometimes get output like the one below. What does that mean?

Thanks in advance if you take the time to let me know.

Marc.

smtpd 13796 postfix 10u IPv4 69838 0t0 TCP li1295-168.members.linode.com:smtp->dsl-187-201-231-114-dyn.prod-infinitum.com.mx:56802 (ESTABLISHED)

smtp 13835 postfix 14u IPv4 69820 0t0 TCP li1295-168.members.linode.com:39120->antivir.kabeldeutschland.de:smtp (SYN_SENT)

smtpd 13787 postfix 10u IPv4 67519 0t0 TCP li1295-168.members.linode.com:smtp->mh5it6.metamoris.gq:53803 (ESTABLISHED)

smtpd 14593 postfix 10u IPv4 78183 0t0 TCP li1295-168.members.linode.com:smtp->wobosm03.netvigator.com:36006 (ESTABLISHED)

2 Replies

My new linode, which is not even 24 hours old and doesn't even have Apache installed yet, also shows entries like the ones below in its mail log that seem to indicate emails (likely spam) is originating on the server. How can that be? Or am I misinterpreting these log entires?

Thanks again.

m/

Jul 19 17:03:17 li1295-168 postfix/cleanup[14595]: 38D8EF110: message-id=<20150719170317.38D8EF110@localhost>

Jul 19 17:03:17 li1295-168 postfix/bounce[14597]: 13508F0F7: sender non-delivery notification: 38D8EF110

Jul 19 17:03:17 li1295-168 postfix/qmgr[12669]: 38D8EF110: from=<>, size=3780, nrcpt=1 (queue active)

Jul 19 17:03:18 li1295-168 postfix/smtp[14636]: 38D8EF110: to=<carrieyylam@netvigator.com>, relay=imsmx1.netvigator.com[218.102.62.198]:25, delay=1.6, delays=0/0/0.69/0.9, dsn=2.0.0, status=sent (250 2.0.0 uH3H1q00G3eUWSt01H3Jds mail accepted for delivery)

Jul 19 17:03:18 li1295-168 postfix/qmgr[12669]: 38D8EF110: removed

root@li1295-168:~#

> smtpd 13796 postfix 10u IPv4 69838 0t0 TCP li1295-168.members.linode.com:smtp->dsl-187-201-231-114-dyn.prod-infinitum.com.mx:56802 (ESTABLISHED)
This is a connection from a host in Mexico to your mailserver (smtpd).

> smtp 13835 postfix 14u IPv4 69820 0t0 TCP li1295-168.members.linode.com:39120->antivir.kabeldeutschland.de:smtp (SYNSENT)
This is a connection your system is in the process of establishing (SYNSENT) to a host in Germany. It connected to the other host's SMTP port, so it is trying to send e-mail.

> smtpd 13787 postfix 10u IPv4 67519 0t0 TCP li1295-168.members.linode.com:smtp->mh5it6.metamoris.gq:53803 (ESTABLISHED)

smtpd 14593 postfix 10u IPv4 78183 0t0 TCP li1295-168.members.linode.com:smtp->wobosm03.netvigator.com:36006 (ESTABLISHED)
These are connections to your mailserver.

The good news is that your mailserver is not acting as an open relay. It's not clear exactly where the mail in your log originated from. If it follows "connect from localhost[127.0.0.1]" or "connect from localhost[::1]" then the mail was generated on your machine somehow. Usually this comes from a web form, but if you haven't installed a web server it's hard to say what the origin is.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct