ZhangHuangbin wrote:Did you see any log with a quick filter like this:
grep -i 'rp-info@gorweb.com' /var/log/maillog
Also, the ID in first screenshot is Postfix queue ID, you can search the queue id in /var/log/maillog, it will show you some info. And please paste context log here so that others can help troubleshoot.
And, try our script "find_top_sasl_usernames.sh" below to figure out which user sent out how many emails, do the top few seem normal?
https://bitbucket.org/zhb/iredmail/src/ … ail/tools/
Thank You Zhang!
I'll try the script.
This is a partial grep log file...
Feb 28 05:53:58 posta postfix/qmgr[20530]: C67F64B7A158: from=<rp-info@gorweb.com>, size=13558, nrcpt=1 (queue active)
Feb 28 05:54:12 posta postfix/qmgr[20530]: 97B414B7A169: from=<rp-info@gorweb.com>, size=14021, nrcpt=1 (queue active)
Feb 28 05:54:12 posta amavis[315]: (00315-08) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [172.16.120.73]:52163 [212.117.61.240] <rp-info@gorweb.com> -> <info@tornabuoniarte.it>, Queue-ID: C67F64B7A158, Message-ID: <1fnqgym$vo7$1$@gorweb.com>, mail_id: 0MofO2uxr7_9, Hits: -1.562, size: 13556, queued_as: 97B414B7A169, dkim_sd=a14c:gorweb.com, 13812 ms
Feb 28 17:54:31 posta postfix/qmgr[20530]: 95F1F2D04001: from=<rp-info@gorweb.com>, size=13586, nrcpt=1 (queue active)
Feb 28 17:54:45 posta postfix/qmgr[20530]: 66A552D04002: from=<rp-info@gorweb.com>, size=14065, nrcpt=1 (queue active)
Feb 28 17:54:45 posta amavis[5153]: (05153-19) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [172.16.120.73]:57954 [212.117.61.242] <rp-info@gorweb.com> -> <t.merlini@studio.bartalena.net>, Queue-ID: 95F1F2D04001, Message-ID: <1fnco3k$vo7$1$@gorweb.com>, mail_id: j5eeGP_L5IXl, Hits: -1.562, size: 13584, queued_as: 66A552D04002, dkim_sd=a14c:gorweb.com, 13811 ms
Feb 28 17:55:28 posta postfix/qmgr[20530]: BE3292D04001: from=<rp-info@gorweb.com>, size=13587, nrcpt=1 (queue active)
Feb 28 17:55:42 posta postfix/qmgr[20530]: 889DA2D04002: from=<rp-info@gorweb.com>, size=14066, nrcpt=1 (queue active)
Feb 28 17:55:42 posta amavis[21154]: (21154-04) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [172.16.120.73]:57968 [212.117.49.28] <rp-info@gorweb.com> -> <branchetti@romanobranchetti.it>, Queue-ID: BE3292D04001, Message-ID: <1fnq3dt$vo7$1$@gorweb.com>, mail_id: ghhj6Vj6yPEy, Hits: -1.562, size: 13585, queued_as: 889DA2D04002, dkim_sd=a14c:gorweb.com, 13786 ms
Feb 29 04:20:11 posta cbpolicyd[3904]: module=Greylisting, action=pass, host=172.16.120.73, helo=sitipazzi.it, from=rp-info@gorweb.com, to=paola.repetto@thurner-pr.com, reason=auto-whitelisted
Feb 29 04:20:11 posta postfix/qmgr[20530]: 16FF24B7A15D: from=<rp-info@gorweb.com>, size=27461, nrcpt=1 (queue active)
Feb 29 04:20:24 posta postfix/qmgr[20530]: D4D844B7A158: from=<rp-info@gorweb.com>, size=27936, nrcpt=1 (queue active)
Feb 29 04:20:24 posta amavis[3835]: (03835-14) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [172.16.120.73]:35754 [212.117.54.107] <rp-info@gorweb.com> -> <paola.repetto@thurner-pr.com>, Queue-ID: 16FF24B7A15D, Message-ID: <1g0hos7$wdh$1$@gorweb.com>, mail_id: S_Btsa9ItvCL, Hits: -1.998, size: 27459, queued_as: D4D844B7A158, dkim_sd=a14c:gorweb.com, 13783 ms
Feb 29 04:21:05 posta postfix/qmgr[20530]: A4DC54B7A15D: from=<rp-info@gorweb.com>, size=27435, nrcpt=1 (queue active)
Feb 29 04:21:19 posta postfix/qmgr[20530]: 730A54B7A158: from=<rp-info@gorweb.com>, size=27896, nrcpt=1 (queue active)
Feb 29 04:21:19 posta amavis[4918]: (04918-09) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [172.16.120.73]:35767 [212.117.54.147] <rp-info@gorweb.com> -> <david.p@masimobili.it>, Queue-ID: A4DC54B7A15D, Message-ID: <1g0fxqi$wdh$1$@gorweb.com>, mail_id: Dowk3prrBWPE, Hits: -1.998, size: 27433, queued_as: 730A54B7A158, dkim_sd=a14c:gorweb.com, 13802 ms
Feb 29 04:21:53 posta postfix/qmgr[20530]: 782CD4B7A179: from=<rp-info@gorweb.com>, size=27425, nrcpt=1 (queue active)
Feb 29 04:22:07 posta postfix/qmgr[20530]: 4D1614B7A15D: from=<rp-info@gorweb.com>, size=27882, nrcpt=1 (queue active)
Feb 29 04:22:07 posta amavis[4918]: (04918-10) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [172.16.120.73]:35781 [212.117.61.170] <rp-info@gorweb.com> -> <info@ilcavatappi.it>, Queue-ID: 782CD4B7A179, Message-ID: <1g0foms$wdh$1$@gorweb.com>, mail_id: TFnWzjOjxQ7e, Hits: -1.998, size: 27423, queued_as: 4D1614B7A15D, dkim_sd=a14c:gorweb.com, 13827 ms
Feb 29 04:22:26 posta postfix/qmgr[20530]: 230DA4B7A158: from=<rp-info@gorweb.com>, size=27469, nrcpt=1 (queue active)
Feb 29 04:22:40 posta postfix/qmgr[20530]: 064D14B7A160: from=<rp-info@gorweb.com>, size=27952, nrcpt=1 (queue active)
Feb 29 04:22:40 posta amavis[4918]: (04918-12) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [172.16.120.73]:35797 [212.117.61.62] <rp-info@gorweb.com> -> <a.bartalena@studio.bartalena.net>, Queue-ID: 230DA4B7A158, Message-ID: <1g0kfon$wdh$1$@gorweb.com>, mail_id: E_9ekLR950rP, Hits: -1.998, size: 27467, queued_as: 064D14B7A160, dkim_sd=a14c:gorweb.com, 13891 ms
Feb 29 04:32:49 posta postfix/qmgr[20530]: 2BB594B7A15D: from=<rp-info@gorweb.com>, size=27453, nrcpt=1 (queue active)
Feb 29 04:33:02 posta postfix/qmgr[20530]: EFA4D4B7A04F: from=<rp-info@gorweb.com>, size=27926, nrcpt=1 (queue active)
Feb 29 04:33:02 posta amavis[5438]: (05438-18) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [172.16.120.73]:35965 [212.117.61.17] <rp-info@gorweb.com> -> <antichita@tornabuoniarte.it>, Queue-ID: 2BB594B7A15D, Message-ID: <1fys0eg$wde$1$@gorweb.com>, mail_id: MBqQogjOC37S, Hits: -1.998, size: 27451, queued_as: EFA4D4B7A04F, dkim_sd=a14c:gorweb.com, 13806 ms
Feb 29 04:33:25 posta postfix/qmgr[20530]: 62F614B7A183: from=<rp-info@gorweb.com>, size=27463, nrcpt=1 (queue active)
Feb 29 04:33:28 posta postfix/qmgr[20530]: 19B644B7A185: from=<rp-info@gorweb.com>, size=27451, nrcpt=1 (queue active)
Feb 29 04:33:30 posta postfix/qmgr[20530]: 435AB4B7A179: from=<rp-info@gorweb.com>, size=27444, nrcpt=1 (queue active)
Feb 29 04:33:39 posta postfix/qmgr[20530]: 2D5204B7A160: from=<rp-info@gorweb.com>, size=27940, nrcpt=1 (queue active)
Feb 29 04:33:39 posta amavis[6838]: (06838-11) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [172.16.120.73]:35994 [212.117.61.104] <rp-info@gorweb.com> -> <g.celano@studio.bartalena.net>, Queue-ID: 62F614B7A183, Message-ID: <1fypq8r$wde$1$@gorweb.com>, mail_id: l7UPHwY-OfBN, Hits: -1.998, size: 27461, queued_as: 2D5204B7A160, dkim_sd=a14c:gorweb.com, 13798 ms
Feb 29 04:33:41 posta postfix/qmgr[20530]: DD69F4B7A160: from=<rp-info@gorweb.com>, size=27924, nrcpt=1 (queue active)
Feb 29 04:33:41 posta amavis[6317]: (06317-15) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [172.16.120.73]:35995 [212.117.61.26] <rp-info@gorweb.com> -> <daniela@romanobranchetti.it>, Queue-ID: 19B644B7A185, Message-ID: <1fypq18$wde$1$@gorweb.com>, mail_id: Ee_ahafDzOws, Hits: -1.998, size: 27449, queued_as: DD69F4B7A160, dkim_sd=a14c:gorweb.com, 13817 ms
Feb 29 04:33:44 posta postfix/qmgr[20530]: 132FF4B7A160: from=<rp-info@gorweb.com>, size=27917, nrcpt=1 (queue active)
Feb 29 04:33:44 posta amavis[6882]: (06882-11) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [172.16.120.73]:35998 [212.117.61.183] <rp-info@gorweb.com> -> <daniele@romanobranchetti.it>, Queue-ID: 435AB4B7A179, Message-ID: <1fypprs$wde$1$@gorweb.com>, mail_id: qHUOm_yAeGNU, Hits: -1.998, size: 27442, queued_as: 132FF4B7A160, dkim_sd=a14c:gorweb.com, 13954 ms
Feb 29 04:33:54 posta postfix/qmgr[20530]: 9A2934B7A04F: from=<rp-info@gorweb.com>, size=27451, nrcpt=1 (queue active)
Feb 29 04:34:08 posta postfix/qmgr[20530]: 62D9D4B7A15D: from=<rp-info@gorweb.com>, size=27928, nrcpt=1 (queue active)
Feb 29 04:34:08 posta amavis[7678]: (07678-04) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [172.16.120.73]:36002 [212.117.61.157] <rp-info@gorweb.com> -> <info@studiolegalebarachini.it>, Queue-ID: 9A2934B7A04F, Message-ID: <1fypauu$wde$1$@gorweb.com>, mail_id: q9h27j2qjWAh, Hits: -1.998, size: 27449, queued_as: 62D9D4B7A15D, dkim_sd=a14c:gorweb.com, 13780 ms
Feb 29 04:34:38 posta postfix/qmgr[20530]: C4F334B7A18D: from=<rp-info@gorweb.com>, size=27419, nrcpt=1 (queue active)
Feb 29 04:34:52 posta postfix/qmgr[20530]: 8DECA4B7A04F: from=<rp-info@gorweb.com>, size=27876, nrcpt=1 (queue active)
Feb 29 04:34:52 posta amavis[7911]: (07911-03) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [172.16.120.73]:36011 [212.117.61.79] <rp-info@gorweb.com> -> <info@ilcavatappi.it>, Queue-ID: C4F334B7A18D, Message-ID: <1fypebm$wde$1$@gorweb.com>, mail_id: tE4w_wyypJLO, Hits: -1.998, size: 27417, queued_as: 8DECA4B7A04F, dkim_sd=a14c:gorweb.com, 13769 ms
Feb 29 04:36:15 posta postfix/qmgr[20530]: 72E504B7A15D: from=<rp-info@gorweb.com>, size=27467, nrcpt=1 (queue active)
Feb 29 04:36:29 posta postfix/qmgr[20530]: 490734B7A04F: from=<rp-info@gorweb.com>, size=27950, nrcpt=1 (queue active)
Feb 29 04:36:29 posta amavis[6340]: (06340-08) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [172.16.120.73]:36041 [212.117.61.173] <rp-info@gorweb.com> -> <a.bartalena@studio.bartalena.net>, Queue-ID: 72E504B7A15D, Message-ID: <1fyu2ci$wde$1$@gorweb.com>, mail_id: UFdOBXGa0KWu, Hits: -1.998, size: 27465, queued_as: 490734B7A04F, dkim_sd=a14c:gorweb.com, 13834 ms
Feb 29 04:39:21 posta postfix/qmgr[20530]: 426864B7A15D: from=<rp-info@gorweb.com>, size=27430, nrcpt=1 (queue active)
Feb 29 04:39:35 posta postfix/qmgr[20530]: 1229D4B7A160: from=<rp-info@gorweb.com>, size=27903, nrcpt=1 (queue active)
Feb 29 04:39:35 posta amavis[8582]: (08582-04) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [172.16.120.73]:36106 [212.117.61.115] <rp-info@gorweb.com> -> <franca@immaginidicalabro.it>, Queue-ID: 426864B7A15D, Message-ID: <1fysdyo$wde$1$@gorweb.com>, mail_id: zY0_gyyEqVtt, Hits: -1.998, size: 27428, queued_as: 1229D4B7A160, dkim_sd=a14c:gorweb.com, 13810 ms
Feb 29 04:41:34 posta postfix/qmgr[20530]: 025CB2D04001: from=<rp-info@gorweb.com>, size=27452, nrcpt=1 (queue active)
Feb 29 04:41:47 posta postfix/qmgr[20530]: CE4A14B7A160: from=<rp-info@gorweb.com>, size=27925, nrcpt=1 (queue active)
Feb 29 04:41:47 posta amavis[7680]: (07680-07) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [172.16.120.73]:36137 [212.117.61.76] <rp-info@gorweb.com> -> <antichita@tornabuoniarte.it>, Queue-ID: 025CB2D04001, Message-ID: <1g0glkn$wdh$1$@gorweb.com>, mail_id: fdPV1tjfDG8V, Hits: -1.998, size: 27450, queued_as: CE4A14B7A160, dkim_sd=a14c:gorweb.com, 13839 ms
Feb 29 04:43:11 posta postfix/qmgr[20530]: D3B9B4B7A04F: from=<rp-info@gorweb.com>, size=27450, nrcpt=1 (queue active)
Feb 29 04:43:25 posta postfix/qmgr[20530]: A369B4B7A160: from=<rp-info@gorweb.com>, size=27923, nrcpt=1 (queue active)
Feb 29 04:43:25 posta amavis[8840]: (08840-07) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [172.16.120.73]:36155 [212.117.61.74] <rp-info@gorweb.com> -> <franca@immaginidicalabro.it>, Queue-ID: D3B9B4B7A04F, Message-ID: <1fyqz08$wdh$1$@gorweb.com>, mail_id: tayiUqhhNSYw, Hits: -1.998, size: 27448, queued_as: A369B4B7A160, dkim_sd=a14c:gorweb.com, 13810 ms
Feb 29 04:49:22 posta postfix/qmgr[20530]: 4AB964B7A04F: from=<rp-info@gorweb.com>, size=26602, nrcpt=1 (queue active)
Feb 29 04:49:26 posta postfix/qmgr[20530]: A60622D04001: from=<rp-info@gorweb.com>, size=27462, nrcpt=1 (queue active)
Feb 29 04:49:36 posta postfix/qmgr[20530]: 139402D04003: from=<rp-info@gorweb.com>, size=27063, nrcpt=1 (queue active)
Feb 29 04:49:36 posta amavis[6340]: (06340-17) Passed CLEAN {RelayedOutbound}, LOCAL [212.117.61.77]:26199 [212.117.61.77] <rp-info@gorweb.com> -> <odeongrafica@idata.it>, Queue-ID: 4AB964B7A04F, Message-ID: <1fypp3u$wde$1$@gorweb.com>, mail_id: 8wzDpilAYoi2, Hits: -1.206, size: 26600, queued_as: 139402D04003, dkim_sd=a14c:gorweb.com, 13689 ms
Feb 29 04:49:40 posta postfix/qmgr[20530]: 6F4264B7A158: from=<rp-info@gorweb.com>, size=27941, nrcpt=1 (queue active)
Feb 29 04:49:40 posta amavis[7665]: (07665-14) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [172.16.120.73]:36280 [212.117.61.126] <rp-info@gorweb.com> -> <t.merlini@studio.bartalena.net>, Queue-ID: A60622D04001, Message-ID: <1fyrka9$wde$1$@gorweb.com>, mail_id: YMGDuj4p1p9L, Hits: -1.998, size: 27460, queued_as: 6F4264B7A158, dkim_sd=a14c:gorweb.com, 13781 ms
