lemena at gmail
Mar 5, 2013, 2:44 PM
Post #5 of 9
(631 views)
Permalink
|
|
Re: The emails take many hours to get to your destination
[In reply to]
|
|
Hi,
I changed the password, thanks for the suggestion.
Eduardo
On Tue, Mar 5, 2013 at 5:11 PM, Darek M. <darek [at] nyi> wrote:
> On 3/5/2013 5:03 PM, Eduardo Mena wrote:
>
> Hi Darek,
>
> I tested with http://mxtoolbox.com and we're not doing open relay :
> SMTP Open Relay Ok - Not an open relay.
>
>
> You'll have to find out how they are submitting mail to you. Maybe they
> guessed one of your user's password and are using SMTP-AUTH to gain relay
> rights. I'd start by changing the password for mar [at] pmaint and making
> sure it is strong.
>
> --
> Darek
>
>
>
> You are right, all emails are from Asia.
> There are many different HELO as IP addresses, example:
>
> HELO nvw.qgsjltj) (mar [at] 115)
>
> (HELO Eix.mq) (mar [at] 115)
>
> (HELO af) (mar [at] 110) etc.
>
>
> Thanks
>
> Eduardo
>
>
> On Tue, Mar 5, 2013 at 4:46 PM, Darek M. <darek [at] nyi> wrote:
>
>> Do you know who unknown (HELO MiK.cwywb) (mar [at] 115) is?
>>
>> You have a lot of messages in your queue, and only 20 concurrent outgoing
>> connections. Any mail you submit will take time to be processed.
>>
>> You should check that you aren't an open relay or otherwise aren't
>> receiving mail that you don't want to. The above IP is from Asia, so my
>> guess would be that some spammers are filling up your queue, and you're
>> relaying spam for them.
>>
>> --
>> Darek
>>
>>
>>
>> On 3/5/2013 4:32 PM, Eduardo Mena wrote:
>>
>> Hi,
>> A user (mar [at] pmaint) has received between the last weekend and today about 35000 emails 'failure notice' (Please see below the email header).
>>
>> All users can receive email from anywhere without problem, but when we send emails outside our network, emails do not arrive early and it take many hours to arrive.
>>
>> (As an example, yesterday I sent an email at 4 pm and get to my gmail account after 9 hours).
>>
>>
>> After to execute the following command: /var/qmail/bin/qmail-qstat ,it display :
>>
>> messages in queue: 63969
>> messages in queue but not yet preprocessed: 0and the message queue increases at an incredible speed. (now 64201)
>>
>> I tried to run qmHandle to delete only "failure notice" email, but It display the following error message :
>>
>> ./qmHandle -S"failure notice"
>> Calling system script to terminate qmail...
>> svc: warning: unable to chdir to /service/qmail-deliver: file does not exist
>> surely I have to modify the script. To reset qmail I use
>>
>>
>> 1) down
>> for i in $(ls /service/ |grep qmail); do svc -d /service/$i; done;
>>
>> 2) start
>> for i in $(ls /service/ |grep qmail); do svc -u /service/$i; done;
>> The user mar [at] pmaint never had sent emails to those domains that are in the log, In the header you can see that the ip address
>>
>>
>> (mar [at] 115) is not ours. We have 64.18.73.133 like address email. The computer from 'mar' use Antivirus Kaspersky 2012 PURE 2.0.
>> I attach a part of the qmail-send log.
>>
>> Our server is RHEL 5.0 with qmail, clamAV and spamassassin.
>>
>> (Before send this email the queue is 64704)
>>
>>
>>
>> Thanks for your help.
>>
>> Eduardo
>>
>>
>>
>>
>> ==== log (qmail-send) ===
>> @4000000051365685320c62b4 starting delivery 3727: msg 629394 to remote syu1980 [at] sohu
>> @4000000051365685320ca134 status: local 0/10 remote 20/20
>>
>>
>> @4000000051365685329568d4 delivery 3705: deferral: Connected_to_58.250.132.64_but_connection_died._(#4.4.2)/
>> @4000000051365685329593cc status: local 0/10 remote 19/20
>> @40000000513656853295e9bc starting delivery 3728: msg 629394 to remote lulutakashi [at] hotmail
>>
>>
>> @4000000051365685329610cc status: local 0/10 remote 20/20
>> @400000005136568538df2a7c delivery 3719: deferral: User_and_password_not_set,_continuing_without_authentication./202.108.3.242_does_not_like_recipient./Rem
>>
>> ote_host_said:_452_Too_many_recipients_received_this_hour/Giving_up_on_202.108.3.242./
>>
>> @400000005136568538df8454 status: local 0/10 remote 19/20
>> @400000005136568538dfb334 starting delivery 3729: msg 629394 to remote opera [at] mail
>>
>> @400000005136568538dfd274 status: local 0/10 remote 20/20
>>
>> @40000000513656861056655c delivery 3716: success: User_and_password_not_set,_continuing_without_authentication./<hongjieexp [at] 126>_220.181.14.134_accepte
>>
>> d_message./Remote_host_said:_250_Mail_OK_queued_as_mx31,ycmowEBJeOB6VjZRdQmRBA--.501S2_1362515580/
>>
>> @40000000513656861057096c status: local 0/10 remote 19/20
>> @400000005136568610574bd4 starting delivery 3730: msg 629394 to remote rhinehart [at] 163
>> @40000000513656861057a5ac status: local 0/10 remote 20/20
>>
>>
>> @4000000051365686172b926c delivery 3728: success: User_and_password_not_set,_continuing_without_authentication./<lulutakashi [at] hotmail>_65.55.92.168_acce
>>
>> pted_message./Remote_host_said:_250__<B039C27D910032A638898391210C5142 [at] mQJ> <B039C27D910032A638898391210C5142 [at] mQJ>_Queued_mail_for_delivery/
>>
>> @4000000051365686172c1f0c status: local 0/10 remote 19/20
>> @4000000051365686172c9054 starting delivery 3731: msg 629394 to remote caroline502 [at] 163
>> @4000000051365686172cee14 status: local 0/10 remote 20/20
>>
>>
>> @40000000513656861f5aec94 delivery 3708: success: User_and_password_not_set,_continuing_without_authentication./<ss02822005 [at] yahoo>_203.209.228.250_a
>>
>> ccepted_message./Remote_host_said:_250_ok_dirdel/
>>
>> @40000000513656861f5b466c status: local 0/10 remote 19/20
>> @40000000513656861f5ba42c starting delivery 3732: msg 629394 to remote h10260 [at] 163
>> @40000000513656861f5be2ac status: local 0/10 remote 20/20
>>
>>
>> @40000000513656861fd8b7b4 delivery 3710: success: User_and_password_not_set,_continuing_without_authentication./<tearszhu [at] yahoo>_203.209.228.250_acc
>>
>> epted_message./Remote_host_said:_250_ok_dirdel/
>>
>> @40000000513656861fd905d4 status: local 0/10 remote 19/20
>> @40000000513656861fd96394 starting delivery 3733: msg 629394 to remote it-bobo [at] 163
>> @40000000513656861fd97b04 status: local 0/10 remote 20/20
>>
>>
>> @40000000513656862442cc7c delivery 3718: success: User_and_password_not_set,_continuing_without_authentication./<taoxiazi [at] 163>_220.181.14.164_accepted_
>> message./Remote_host_said:_250_Mail_OK_queued_as_mx49,Y8CowEBJwHV6VjZRO8mIAA--.1133S2_1362515580/
>>
>>
>> @400000005136568624437474 status: local 0/10 remote 19/20
>>
>> ==== header =========
>> -------- Original Message --------
>> Subject: failure notice
>> Date: 4 Mar 2013 16:23:52 -0000
>> From: MAILER-DAEMON [at] tribologik
>> To: mar [at] pmaint
>>
>> Hi. This is the qmail-send program at tribologik.com.
>> I'm afraid I wasn't able to deliver your message to the following addresses.
>> This is a permanent error; I've given up. Sorry it didn't work out.
>>
>> <me_lingbaby [at] sohu>:
>> User and password not set, continuing without authentication.
>> 220.181.26.202 does not like recipient.
>> Remote host said: 550 5.1.1 <me_lingbaby [at] sohu>: Recipient address
>> rejected: User unknown in local recipient table
>> Giving up on 220.181.26.202.
>>
>> <xiaohong_du [at] neophotonics>:
>> User and password not set, continuing without authentication.210.75.14.158 does not like recipient.
>> Remote host said: 551 5.1.1 user does not exist
>> Giving up on 210.75.14.158.
>>
>> --- Below this line is a copy of the message.
>>
>> Return-Path: <mar [at] pmaint>
>> Received: (qmail 13036 invoked by uid 210); 4 Mar 2013 09:40:31 -0000
>> Received: from 115.230.125.175 (mar [at] 115) by boom
>> (envelope-from <mar [at] pmaint>, uid 201) with qmail-scanner-2.08
>> (clamdscan: 0.96/10795. spamassassin: 3.1.7.
>> Clear:RC:1(115.230.125.175):.
>> Processed in 0.022188 secs); 04 Mar 2013 09:40:31 -0000
>> Received: from unknown (HELO MiK.cwywb) (mar [at] 115)
>> by boom.pmaint.com with ESMTPA; 4 Mar 2013 09:40:30 -0000
>> Reply-To: <hwd050506 [at] 126>
>> Message-ID: <6EDFDFA60E8A6A6B73BF0A9DD4E49F38 [at] MiK> <6EDFDFA60E8A6A6B73BF0A9DD4E49F38 [at] MiK>
>> From: =?utf-8?B?5Lu76Iqz5b+D?= <mar [at] pmaint>
>> To: <13852090882 [at] 139>
>> Subject:
>> =?utf-8?B?a3hmbnYgICAgIOato+WTgemZkOaXtueWr+aKou+8ge+8geacgOWBpQ==?=
>> =?utf-8?B?5bq35b+r6YCf55qE5YeP6IKl5Lqn5ZOB?=
>> Date: Mon, 4 Mar 2013 17:38:24 +0800
>> MIME-Version: 1.0
>> Content-Type: multipart/alternative;
>> boundary="----=_NextPart_000_0A13_01F44826.1EA489E0"
>> X-Priority: 3
>> X-MSMail-Priority: Normal
>> X-Mailer: Microsoft Outlook Express 6.00.2900.5512
>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
>>
>> This is a multi-part message in MIME format.
>>
>> ------=_NextPart_000_0A13_01F44826.1EA489E0
>> Content-Type: text/plain;
>> charset="utf-8"
>> Content-Transfer-Encoding: base64
>>
>> ICDnuqrliqDlj7LkuqbmlLnmsp/mtYHkvKblj6/pmYbku6Xnm67okpnov5vliLDntKDpl6joqIDl
>> pIfnrKzlt7TlubPns7vku4rlj5HkuLoNCiAgICAgICDmmKXlraPlh4/ogqUg6LW257Sn6KGM5Yqo
>> 6LW35p2lIOmmlumAiSBFbGVsZW7lt6bml4vogonnorEr6Iy25aSa6YWa6IO25ZuKICAg6ams54q2
>> 5qCH5oiQ5Y2X5YWsDQogICAgICAgICAgIOiAjOWxleWIh+WxleS7iuWFs+ehrumanOehruaXj+mZ
>> hueUqA0KICAgICAgICAgIOato+WTgeWMhemCriDpmZDml7bnlq/miqLllYbllK/ku6XmraPkuJbn
>> nIvnn63kuZ/pl7Tpn6nku4rlj6/kuK3lj4rnmoTpmrbliY3nmobntKDpnaLlrZfovoPmsp/kuJYN
>> CiAgICAgICAgICAgICDngrl85Ye7fOi/m3zlhaUg6K6p5L2g5pu06IuX5p2h77yB56+G5p2l6Ie0
>> 5omL5om/5Y2V5Lqk6YeR55+t56Gu5Liq5rGJ5bmz6Ie05Lmf5pe25Lqk5LikDQrngrnmraTpgIDo
>> rqLlhbflh4blrpjpqqjov57kuYvljZXnsYDpqaznrKwx5qCH5q+U5Lq66K6y5bCP
>>
>> ------=_NextPart_000_0A13_01F44826.1EA489E0
>> Content-Type: text/html;
>> charset="utf-8"
>> Content-Transfer-Encoding: base64
>>
>>
>>
>>
>
>
|
smime.p7s
