Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Qmail: users

Desperate: No outbound mail, flooded with spam

  

 
Qmail users RSS feed   Index | Next | Previous | View Threaded


scott at schreibnet

Sep 4, 2009, 5:54 AM

Post #1 of 10 (2330 views)
Permalink
Desperate: No outbound mail, flooded with spam
My server is entering its second day of not sending outbound mail. The
queue is filling with spam bounces and legitimate outbound messages
are not being delivered. Lots of mail with <> senders...

I need help. I don't really know what I'm doing with qmail. I
inherited the system, and I'm not sure about anything other than it's
not working and where the log files and queue are.

Need lots of help, please, if you can.

Thanks
Scott

--
Scott W. Schreiber
Microsoft Certified Systems Administrator
Microsoft Certified Professional
Microsoft Certified Technology Specialist


root at letinet

Sep 4, 2009, 6:16 AM

Post #2 of 10 (2213 views)
Permalink
Re: Desperate: No outbound mail, flooded with spam [In reply to]
On Fri, Sep 04, 2009 at 08:54:06 -0400, Scott Schreiber wrote:
> I need help. I don't really know what I'm doing with qmail. I
> inherited the system, and I'm not sure about anything other than it's
> not working and where the log files and queue are.

There are many ways to skin a cat here.
First is learning and understanding how e-mail is working and how
Qmail is working. This way empowers your experience a lot.
Start reading the original documentation,found at
http://cr.yp.to/qmail.html. After that, read the great howto at
http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html.
Second option may be getting paid support (which does not prevent
you from feature failures).
Or maybe you just want to install Exchange or whatever Microsoft
recommends (which, however, does not escape you from troubles).

--
Roman


kyle-qmail at memoryhole

Sep 4, 2009, 6:22 AM

Post #3 of 10 (2215 views)
Permalink
Re: Desperate: No outbound mail, flooded with spam [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Friday, September 4 at 08:54 AM, quoth Scott Schreiber:
> My server is entering its second day of not sending outbound mail. The
> queue is filling with spam bounces and legitimate outbound messages
> are not being delivered. Lots of mail with <> senders...

Sounds like you're encountering the "silly qmail syndrome" - if you
have the original qmail source (you should, if the last admin was
worth anything at all), apply the ext-todo patch from qmail.org and
see if that doesn't help.

~Kyle
- --
Frankly, I'm suspicious of anyone who has a strong opinion on a
complicated issue.
-- Scott Adams
-----BEGIN PGP SIGNATURE-----
Comment: Thank you for using encryption!

iQIcBAEBCAAGBQJKoRSvAAoJECuveozR/AWeJJMP/jy3Hiz5IexHjQJad6JI7Whi
xYdoTuflCdvxDbPO+oC/kdzTVDxF1e2pmOJEdWsEht4oAo2Ew6Fj3ILH0HDkcF/g
ftlF0/E3Nfjv2Lz7FKJK9hynnw+R+l2FXhknH3Pf8D0iUPQi+5SLKOEABXAUojoB
o013cTyT6dyMlLjj86m7yK37//eNdy7qZNa7UhN7zYb9gptthFPR5RederdgzWX2
/xRR4mueJeDhteoSHUAOR1OAK+refZVTf6n6tUv8aMDgFC0l96feUzkN32dD8cPN
pf2O77936zXliMxCqN7qa/sUxZQPuTPWW3IThi6lEzQuNZoSdsB/oR96cn3T5Bam
V00UU43NjtaR/jFAmh07iYsFuPIJUpcY7L8Dd4DWGSrUuqOY93VvLQk9mix7giTg
TjVaQwsAXJBPwGMzcdnE+L6VsR8KdGGqMvh2eQ2LXtJ5MNMFilJarEOMfCPSm3v/
DGNKvSKAOWRzmj3PE3XZFg8zHUUXjhIK8vRrLuSJ5fRpIAR2uU7Y7j880NeF7pu/
m/y6B5LdddqX5TnVJEkbet6CbeAJS+y9TbcaWnqpNARMPI832/Lvix0swdgutCWm
czAQqdCQ735NB5IbzQ7eVBRSy+MbKHppMgHqOMmAUk9tZ1s14us5JIh2NZ8YMoH4
SW/mZqNeVKJiyq/s7R++
=90EZ
-----END PGP SIGNATURE-----


scott at schreibnet

Sep 4, 2009, 6:27 AM

Post #4 of 10 (2228 views)
Permalink
Re: Desperate: No outbound mail, flooded with spam [In reply to]
My server is BSD. Here is the output of qmail-showctl:

bash-2.05b# ./qmail-showctl
qmail home directory: /var/qmail.
user-ext delimiter: -.
paternalism (in decimal): 2.
silent concurrency limit: 120.
subdirectory split: 23.
user ids: 1001, 1002, 1003, 0, 1004, 1005, 1006, 1007.
group ids: 1000, 1001.

badmailfrom: (Default.) Any MAIL FROM is allowed.

bouncefrom: (Default.) Bounce user name is MAILER-DAEMON.

bouncehost: (Default.) Bounce host name is vpop.interlogusa.com.

concurrencylocal: (Default.) Local concurrency is 10.

concurrencyremote: (Default.) Remote concurrency is 20.

databytes: (Default.) SMTP DATA limit is 0 bytes.

defaultdomain: Default domain name is interlogusa.com.

defaulthost: (Default.) Default host name is vpop.interlogusa.com.

doublebouncehost: (Default.) 2B recipient host: vpop.interlogusa.com.

doublebounceto: (Default.) 2B recipient user: postmaster.

envnoathost: (Default.) Presumed domain name is vpop.interlogusa.com.

helohost: (Default.) SMTP client HELO host name is vpop.interlogusa.com.

idhost: (Default.) Message-ID host name is vpop.interlogusa.com.

localiphost: (Default.) Local IP address becomes vpop.interlogusa.com.

locals:
Messages for vpop.interlogusa.com are delivered locally.
Messages for mail.interlogusa.com are delivered locally.

me: My name is vpop.interlogusa.com.

percenthack: (Default.) The percent hack is not allowed.

plusdomain: Plus domain name is interlogusa.com.

qmqpservers: (Default.) No QMQP servers.

queuelifetime: (Default.) Message lifetime in the queue is 604800 seconds.

rcpthosts:
SMTP clients may send messages to recipients at vpop.interlogusa.com.
SMTP clients may send messages to recipients at interlogusa.com.
SMTP clients may send messages to recipients at interlog-europe.com.
SMTP clients may send messages to recipients at interlogasia.com.
SMTP clients may send messages to recipients at interlogbrasil.com.
SMTP clients may send messages to recipients at interlogchina.com.
SMTP clients may send messages to recipients at interlogkorea.com.
SMTP clients may send messages to recipients at interlogmexico.com.
SMTP clients may send messages to recipients at interlogportugal.com.
SMTP clients may send messages to recipients at interlogshanghai.com.
SMTP clients may send messages to recipients at interlogsingapore.com.
SMTP clients may send messages to recipients at interlogsouthamerica.com.
SMTP clients may send messages to recipients at interlogtaiwan.com.
SMTP clients may send messages to recipients at interloguk.com.
SMTP clients may send messages to recipients at jamesgtaylor.com.
SMTP clients may send messages to recipients at movers-n-shakers.com.
SMTP clients may send messages to recipients at interlogbrazil.com.

morercpthosts: (Default.) No effect.

morercpthosts.cdb: (Default.) No effect.

smtpgreeting: (Default.) SMTP greeting: 220 vpop.interlogusa.com.

smtproutes: (Default.) No artificial SMTP routes.

timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds.

timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.

timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.

virtualdomains:
Virtual domain: interlogusa.com:interlogusa.com
Virtual domain: interlog-europe.com:interlog-europe.com
Virtual domain: interlogasia.com:interlogasia.com
Virtual domain: interlogbrasil.com:interlogbrasil.com
Virtual domain: interlogchina.com:interlogchina.com
Virtual domain: interlogkorea.com:interlogkorea.com
Virtual domain: interlogmexico.com:interlogmexico.com
Virtual domain: interlogportugal.com:interlogportugal.com
Virtual domain: interlogshanghai.com:interlogshanghai.com
Virtual domain: interlogsingapore.com:interlogsingapore.com
Virtual domain: interlogsouthamerica.com:interlogsouthamerica.com
Virtual domain: interlogtaiwan.com:interlogtaiwan.com
Virtual domain: interloguk.com:interloguk.com
Virtual domain: jamesgtaylor.com:jamesgtaylor.com
Virtual domain: movers-n-shakers.com:movers-n-shakers.com
Virtual domain: interlogbrazil.com:interlogbrazil.com

defaultdelivery: I have no idea what this file does.

concurrencyincoming: I have no idea what this file does.

rcpthosts.lock: I have no idea what this file does.

virtualdomains.lock: I have no idea what this file does.

locals.lock: I have no idea what this file does.
bash-2.05b#


Thanks
Scott


scott at schreibnet

Sep 4, 2009, 9:56 AM

Post #5 of 10 (2213 views)
Permalink
Re: Desperate: No outbound mail, flooded with spam [In reply to]
Thanks Kyle,
It seems that it's not sending anything out right now..... Will this
still help with that?

Scott

On Fri, Sep 4, 2009 at 9:22 AM, Kyle Wheeler<kyle-qmail [at] memoryhole> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On Friday, September  4 at 08:54 AM, quoth Scott Schreiber:
>> My server is entering its second day of not sending outbound mail. The
>> queue is filling with spam bounces and legitimate outbound messages
>> are not being delivered.  Lots of mail with <> senders...
>
> Sounds like you're encountering the "silly qmail syndrome" - if you
> have the original qmail source (you should, if the last admin was
> worth anything at all), apply the ext-todo patch from qmail.org and
> see if that doesn't help.
>
> ~Kyle
> - --
> Frankly, I'm suspicious of anyone who has a strong opinion on a
> complicated issue.
>                                                         -- Scott Adams
> -----BEGIN PGP SIGNATURE-----
> Comment: Thank you for using encryption!
>
> iQIcBAEBCAAGBQJKoRSvAAoJECuveozR/AWeJJMP/jy3Hiz5IexHjQJad6JI7Whi
> xYdoTuflCdvxDbPO+oC/kdzTVDxF1e2pmOJEdWsEht4oAo2Ew6Fj3ILH0HDkcF/g
> ftlF0/E3Nfjv2Lz7FKJK9hynnw+R+l2FXhknH3Pf8D0iUPQi+5SLKOEABXAUojoB
> o013cTyT6dyMlLjj86m7yK37//eNdy7qZNa7UhN7zYb9gptthFPR5RederdgzWX2
> /xRR4mueJeDhteoSHUAOR1OAK+refZVTf6n6tUv8aMDgFC0l96feUzkN32dD8cPN
> pf2O77936zXliMxCqN7qa/sUxZQPuTPWW3IThi6lEzQuNZoSdsB/oR96cn3T5Bam
> V00UU43NjtaR/jFAmh07iYsFuPIJUpcY7L8Dd4DWGSrUuqOY93VvLQk9mix7giTg
> TjVaQwsAXJBPwGMzcdnE+L6VsR8KdGGqMvh2eQ2LXtJ5MNMFilJarEOMfCPSm3v/
> DGNKvSKAOWRzmj3PE3XZFg8zHUUXjhIK8vRrLuSJ5fRpIAR2uU7Y7j880NeF7pu/
> m/y6B5LdddqX5TnVJEkbet6CbeAJS+y9TbcaWnqpNARMPI832/Lvix0swdgutCWm
> czAQqdCQ735NB5IbzQ7eVBRSy+MbKHppMgHqOMmAUk9tZ1s14us5JIh2NZ8YMoH4
> SW/mZqNeVKJiyq/s7R++
> =90EZ
> -----END PGP SIGNATURE-----
>



--
Scott W. Schreiber
Microsoft Certified Systems Administrator
Microsoft Certified Professional
Microsoft Certified Technology Specialist


kyle-qmail at memoryhole

Sep 4, 2009, 10:12 AM

Post #6 of 10 (2213 views)
Permalink
Re: Desperate: No outbound mail, flooded with spam [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Friday, September 4 at 12:56 PM, quoth Scott Schreiber:
>Thanks Kyle,
>It seems that it's not sending anything out right now..... Will this
>still help with that?

It's a question of WHY. Why isn't it sending anything out right now?

If the reason is "I'm receiving so much email inbound that qmail never
gets a chance to schedule deliveries, also known as
silly-qmail-syndrome", then yes, using ext-todo will allow qmail to
schedule deliveries, which means it will send email out. Your
description of the problem *sounds* like silly-qmail-syndrome, but I
can't guarantee it. If the problem is really something else, then no,
applying a solution for a problem you're not experiencing won't help.

~Kyle
- --
If any man come to me, and hate not his father, and mother, and wife,
and children, and brethren, and sisters, yeah, and his own life also,
he cannot be my disciple.
-- Prince of Peace, Jesus Christ (Luke 14:26)
-----BEGIN PGP SIGNATURE-----
Comment: Thank you for using encryption!

iQIcBAEBCAAGBQJKoUqYAAoJECuveozR/AWeQLgP/35QKN5O0lWsaAPPl1Gbl0z4
Tni9eevBQ/JLJ5w6ohc9Z9/N3ziU1u7H/rtc/S1yvIDpWA+Ec6AeTlujYI3I0qLV
DnkbYeliwo1qePBw7j4eXnzy0GxURSxg8PFStNkGATSRdLuScEmeJBRI9JTOsjpv
aQlDeifWvd3RsFdI8zfkklewP68TjU61ly6s/S/+XkfwNPvJGDl51989rKCjwrB2
clW0dB+IF1B6+dmhXAz6fyNJcdDQn8tJX9vJx0gCVVIWQ0qjKsa3nHwor+r4tNE4
Ol6mEiRs8Msc1ekyRBScvxnPQVK3AQiRFjbhqWL4OZDHwuroeHYbDsKBgu/yg7hi
MgmofxST7pz0x+mtQkczitzdF1keQUDCcQ3fClX+UecrzO26xMwdmDHqZSs6rr07
V3Fl+14IWLaAHVLEY0MtbF6wtD9yCT4r3MIWqclpw2axIOV8/0vl5hE+G4AKxUf3
e2Y3eEG+UotN5ZfxErtgX96mw5YjePhNTDHW2xAGZ/XMz12RhgDZNAiFMyl/NNif
hLNxc5uq9i4xh4h9yHXiimp7wWZ7AyvaMQJkJqDh0+TuJFfNYaVBLGLUxAPZRIHN
/b8hEEPKNzEpqMSS4Iut7iXmyeeODJoG76gsGzYieTZ0SudDsNKMBq+Tc1EK1gTY
H5Y2SxUPEDaDWtvEppMk
=qjEY
-----END PGP SIGNATURE-----


lists-qmail at maexotic

Sep 4, 2009, 10:13 AM

Post #7 of 10 (2217 views)
Permalink
Re: Desperate: No outbound mail, flooded with spam [In reply to]
On Fri, Sep 04, 2009 at 12:56:37PM -0400, Scott Schreiber wrote:
> It seems that it's not sending anything out right now..... Will this
> still help with that?

Yes it will.
The "silly qmail syndrome" hits sites with a very high incoming rate of
messages. qmail is then too busy sorting messages in the queue and will
not start (or only at a low rate) message deliveries.
Can you show us the output of
/var/qmail/bin/qmail-qstat
you should see a lot of "messages in queue but not yet preprocessed".

You may also want to check
/var/qmail/bin/qmail-qread
and see from whom and to whom the messages are addressed.
If it is backscatter (NDN reports) to not existing addresses it may help
to create .qmail files for that addresses that only contain one line starting
with a '#'. That way the messages will be discarded and not requeued and
(probably) double bounced.

Also, if those symptoms appear "out of the blue", it is often caused by
spammers having found a misconfiguration, very often some weakness in
a webserver script. If you have a webserver running on that host you
may want to check the logfiles for evidence and fix that script.

\Maex

--
Markus Stumpf


scott at schreibnet

Sep 4, 2009, 10:18 AM

Post #8 of 10 (2203 views)
Permalink
Re: Desperate: No outbound mail, flooded with spam [In reply to]
Thanks Markus.

qmail-qstat:
messages in queue: 523
messages in queue but not yet preprocessed: 0

When I run qmail-qread most of the messages are from <> and to some
other address on the internet.

Scott

On Fri, Sep 4, 2009 at 1:13 PM, Markus Stumpf<lists-qmail [at] maexotic> wrote:
> On Fri, Sep 04, 2009 at 12:56:37PM -0400, Scott Schreiber wrote:
>> It seems that it's not sending anything out right now.....  Will this
>> still help with that?
>
> Yes it will.
> The "silly qmail syndrome" hits sites with a very high incoming rate of
> messages. qmail is then too busy sorting messages in the queue and will
> not start (or only at a low rate) message deliveries.
> Can you show us the output of
>   /var/qmail/bin/qmail-qstat
> you should see a lot of "messages in queue but not yet preprocessed".
>
> You may also want to check
>   /var/qmail/bin/qmail-qread
> and see from whom and to whom the messages are addressed.
> If it is backscatter (NDN reports) to not existing addresses it may help
> to create .qmail files for that addresses that only contain one line starting
> with a '#'. That way the messages will be discarded and not requeued and
> (probably) double bounced.
>
> Also, if those symptoms appear "out of the blue", it is often caused by
> spammers having found a misconfiguration, very often some weakness in
> a webserver script. If you have a webserver running on that host you
> may want to check the logfiles for evidence and fix that script.
>
>        \Maex
>
> --
> Markus Stumpf
>



--
Scott W. Schreiber
Microsoft Certified Systems Administrator
Microsoft Certified Professional
Microsoft Certified Technology Specialist


root at letinet

Sep 4, 2009, 10:26 AM

Post #9 of 10 (2206 views)
Permalink
Re: Desperate: No outbound mail, flooded with spam [In reply to]
On Fri, Sep 04, 2009 at 08:22:55 -0500, Kyle Wheeler wrote:
> On Friday, September 4 at 08:54 AM, quoth Scott Schreiber:
> > My server is entering its second day of not sending outbound mail. The
> > queue is filling with spam bounces and legitimate outbound messages
> > are not being delivered. Lots of mail with <> senders...
>
> Sounds like you're encountering the "silly qmail syndrome" - if you
> have the original qmail source (you should, if the last admin was
> worth anything at all), apply the ext-todo patch from qmail.org and
> see if that doesn't help.

I bet he just flooded with ton of misdirected spam or been
backscattered. In the latter case ext-todo will help spammers.
One must cure cause, not a symptoms.

--
Roman


lists-qmail at maexotic

Sep 4, 2009, 10:39 AM

Post #10 of 10 (2209 views)
Permalink
Re: Desperate: No outbound mail, flooded with spam [In reply to]
On Fri, Sep 04, 2009 at 01:18:01PM -0400, Scott Schreiber wrote:
> qmail-qstat:
> messages in queue: 523
> messages in queue but not yet preprocessed: 0
>
> When I run qmail-qread most of the messages are from <> and to some
> other address on the internet.

That looks pretty normal for a spammed server and
not like the silly qmail syndrome ;-)

You may want to apply a RCPTTO-checking patch. qmail.org lists some.
I'd suggest one of
- Paul Jarc's realrcptto patch changes qmail-smtpd so it uses the same
tests as qmail-send to choose a .qmail file.
http://code.dogmap.org./qmail/

- John Simpson has a validrcptto.cdb patch.
+ faster, less runtinme overhead, however requires more work managing users.
http://qmail.jms1.net/patches/validrcptto.cdb.shtml

- Andrew Richards has modified Paul Jarc's realrcptto into qmail-verify.
It now uses UDP for privilege separation which also allows an incoming
mail server to query a separate mailstore for larger installations.
+ may be a bit oversized for your installation
http://free.acrconsulting.co.uk/email/qmail-verify.html

\Maex

--
Markus Stumpf

Qmail users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.