Tcp_local channel mails
Hi,
we are using Messaging server7u3.
# imsimta qm summarize
tcp_local 63 0.4
Totals 63 0.4
there are mails with non-existent/misspelled domains in this channel
when will be these messages deleted? is there a automatic way to do this(delete them) by messaging server itself?
Thanks,
Stefan
fwiw, if you put sample output in a \{code\} ... \{code\} block (remove the '\'), it won't jam it all together:
# imsimta qm summarize
tcp_local 63 0.4
Totals 63 0.4Also, fyi, you can get more information if you use -database on summary or view database before doing the summary command:
qm.maint> sum -data
Total Total
Channel Messages = Active + Pending + Delayed Size (Mb)
tcp_local 8 0 0 8 0.0
-------------------------------- -------- -------- -------- -------- ---------Mine isn't particularly useful at the moment, but I just want to get this info out there - check out the -database view.
If you use the directory command on that channel, eg:
qm.maint> dir tcp_local
Wed, 16 Dec 2009 10:19:10 -0500 (EST)
Data gathered from the queue directory tree
Channel: tcp_local Size Queued since
1 ZQg0M2q0sHQp2.00 5 15 Dec 2009 00:30:00
2 ZIg0M1a0EDkW0.00 5 12 Dec 2009 00:30:00
3 Z9g0L0W0PBQs2.00 6 09 Dec 2009 00:30:00
4 ZCg0M0207Wkc3.00 6 10 Dec 2009 00:30:00
5 Z9g0L0W0PBQs0.00 6 09 Dec 2009 00:30:00
6 ZIg0M1a0EDkW2.00 5 12 Dec 2009 00:30:00
7 ZCg0M0207Wkc1.01 6 10 Dec 2009 00:30:00
8 ZQg0M2q0sHQp0.00 5 15 Dec 2009 00:30:00
Total size: 44
Grand total size: 44Now that you have a list of messages, you can use the qm history command on one of them to see what has happened when it has tried to relay the message.
You may also want to set LOG_FILENAME=1 in option.dat (and do imsimta cnbuild; and imsimta restart) so file names will be logged in mail.log_current. That way you could correlate the file names to events in the log file.
If the message is addressed to a completely invalid domain (no A record, no MX records, no CNAME) then attempting to lookup the hostname to try to connect to would fail and that should be a hard failure and the message should be returned to sender immediately. So I would guess they yours are addressed to domains that exist in DNS but are not reachable. Those will sit in the queue and retry until the final notices period expires. See [the notices channel option doc|http://msg.wikidoc.info/index.php/Notices,_nonurgentnotices,_normalnotices,_urgentnotices_Channel_Options].
Edited by: kellyc on Dec 16, 2009 10:21 AM
Similar Messages
-
Messages getting stuck in tcp_local Channel
Hi All
Version
Sun Java(tm) System Messaging Server 6.1 HotFix 0.01 (built Jun 24 2004)
libimta.so 6.1 HotFix 0.01 (built 12:52:04, Jun 24 2004)
SunOS dakota 5.9 Generic_112233-12 sun4u sparc SUNW,Sun-Fire-V440
Background
In the last week we've been experiencing problems with outgoing messages getting stuck in our tcp_local channel. They can stay for up to 4 hours before dequeuing. We plan to install Patch 116568 which is the latest core patch for our version of the Messaging Server.
To date we haven't experienced any DNS problems and have not made any configuration changes.
However I was just wondering if anyone had come across this type of problem before? We're hoping the patch will resolve the issue but would be interested in other alternatives.
Thanks in advance
PaulYou'll have to do more research before I can offer help. . .
It's not unusual for some messages to be retried, and depending on the destination, that may take a while.
Some outside domains are always slow. If you have many messages queued for such outside domains, they can involve the whole server, and cause mails to queue up behind them.
Many installations create a new channel, such as, "tcp_slow", and use rewrite rules to move messages addressed to these domains (aol, hotmail, earthlink, etc.) into this separate channel. You can "tune" that channel differently, and messages there won't block tcp_local. -
How to separate ims-ms and tcp_local channel
Since I have serveral domains in one mail store, now we can separate SMTP channel for each domain. But how to separate ims-ms and tcp_local channel for each domain? Now we are on version 6.0 patch 1
ThanksI'm sorry, I don't have a clue what you're looking to do. Often folks ask for a way to do something, without telling us what it is they want to do, and the method requested isn't possible.
tcp_local is the channel set up for mail to and from the internet. ims-ms is for delivery to the store. They're already separated.
Please start over, and let me know what your ultimate goal is, and perhaps then, I can help you.
There is no need to separate anything for separate domains on one mail store. . . -
Tcp_intranet & tcp_local channel
the default domain is domain.net
when [email protected] send an email to another user in the same domain the message is routed by default to the tcp_intranet channel
what can i do to route all internal mail to tcp_local channel
thanks for replyThe choice of which channel is used is made in the "internal_ip" section of the "mapping" file.
You need to make sure that all of your internal systems are included in the IP range(s) you specify there. -
Text type 'HTML' for the Channel 'Mail (Letter)'
Dear Experts,
I'm unable to use the text type 'HTML' for the Channel 'Mail (Letter)' in mail forms, as a result of which fonts like arial and images like jpeg could not be used in mail forms created for letters.
Is there a way to use HTML type or to have more font options, insert JPEG images, tables etc in mail forms for letters?
Regards,
KathirIn case, if you are using custom excel export functionality, you should use fileDownloadActionListener with in a button.
Here, you could specify the content type.
<af:commandButton text="Say Hello">
<af:fileDownloadActionListener filename="hello_txt"
contentType="text/plain; charset=utf-8"
method="#{bean.sayHello}"/>
</af:commandButton>For more details, check here:
http://docs.oracle.com/cd/E16162_01/apirefs.1112/e17491/tagdoc/af_fileDownloadActionListener.html -
Imta.cnf - had to add nameservers to tcp_local channel?
I am working through a new installation of Sun Messaging Server. I was unable to send email outside of my domain and after a fair bit of debugging, I found that the MX lookups were failing. Being unfamiliar with the imta.cnf file (only been working with this a week) I finally figured out that what I needed to edit was tcp_local.
I had to add the followint to tcp_local to get it to work...
! tcp_local
tcp_local smtp nameservers xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx ... rest of defaults here...
My question is this... when I do a nslookup from the command line, things work. So, why would I have had to add the nameservers entry into imta.cnf?
-bash-3.00# nslookup gmail.com
Server: 130.39.245.26
Address: 130.39.245.26#53
Non-authoritative answer:
Name: gmail.com
Address: 64.233.161.107
Name: gmail.com
Address: 64.233.171.107
Name: gmail.com
Address: 216.239.57.107
-bash-3.00# nslookup
set type=mx
gmail.comServer: 130.39.245.26
Address: 130.39.245.26#53
Non-authoritative answer:
gmail.com mail exchanger = 10 gsmtp83-2.google.com.
gmail.com mail exchanger = 10 gsmtp185-2.google.com.
gmail.com mail exchanger = 5 gmail-smtp-in.l.google.com.
gmail.com mail exchanger = 10 gsmtp83.google.com.
gmail.com mail exchanger = 10 gsmtp163.google.com.
gmail.com mail exchanger = 10 gsmtp185.google.com.
Authoritative answers can be found from:
gmail.com nameserver = ns1.google.com.
gmail.com nameserver = ns2.google.com.
gmail.com nameserver = ns3.google.com.
gmail.com nameserver = ns4.google.com.
However, like I say, any message I sent to myself at gmail.com (or any other domain) sat in the queue forever. If I looked at the messages in the tcp_local queue, they all complained about MX failing.
Failed MX lookup; try again later
Boundary_(ID_MUEkO506xOVmuOTx9cuOYQ)
Wed, 05 Oct 2005 00:52:58 -0500 (CDT)
Failed MX lookup; try again later
Boundary_(ID_MUEkO506xOVmuOTx9cuOYQ)
Wed, 05 Oct 2005 00:54:37 -0500 (CDT)
Failed MX lookup; try again later
Boundary_(ID_MUEkO506xOVmuOTx9cuOYQ)
Wed, 05 Oct 2005 01:17:56 -0500 (CDT)
Failed MX lookup; try again later
Boundary_(ID_MUEkO506xOVmuOTx9cuOYQ)
Wed, 05 Oct 2005 01:18:27 -0500 (CDT)
Failed MX lookup; try again later
Boundary_(ID_MUEkO506xOVmuOTx9cuOYQ)
Wed, 05 Oct 2005 01:20:14 -0500 (CDT)
Failed MX lookup; try again later
Boundary_(ID_MUEkO506xOVmuOTx9cuOYQ)
Wed, 05 Oct 2005 01:33:00 -0500 (CDT)
Failed MX lookup; try again later
Boundary_(ID_MUEkO506xOVmuOTx9cuOYQ)
Wed, 05 Oct 2005 01:33:38 -0500 (CDT)
Failed MX lookup; try again later
Boundary_(ID_MUEkO506xOVmuOTx9cuOYQ)
Wed, 05 Oct 2005 01:36:19 -0500 (CDT)
Failed MX lookup; try again later
Boundary_(ID_MUEkO506xOVmuOTx9cuOYQ)
Wed, 05 Oct 2005 01:38:52 -0500 (CDT)
Failed MX lookup; try again later
Boundary_(ID_MUEkO506xOVmuOTx9cuOYQ)
Wed, 05 Oct 2005 01:46:22 -0500 (CDT)
Failed MX lookup; try again later
and on and on....
my /etc/resolv.conf has proper entries.
my nsswitch.conf has this:
# You must also set up the /etc/resolv.conf file for DNS name
# server lookup. See resolv.conf(4).
hosts: files dns
Can anyone help me out here?Hm. I know of no such problem on Solaris. I run it on Solaris, myself, and have never seen anythikng like this.
You're sure that you had no DNS problem, that has since gone away?
You are letting nscd run? (there is a Solaris issue that running nscd works around, where if more than 256 dns lookups are done at one time, a buffer overflows)
You might want to hit
http://sunsolve.sun.com
and pull some current patches for your original release of 6.2:
118207-37
117784-10
119254-02
119345-01
118210-23
118540-10
118042-07
A couple of the above are language only, so you may not need all. -
Test channel mails not going out
hi,
i've created mailforms in the CRMD_EMAIL, then i wanted to test the e-mail if they will be sent out. So i maintained :-
1) Sender e-mails address
2) Recipient e-mail address
after i click on the "Enter" to send the e-mails out, i get the following error message "No delivery to [email protected], as recipient unknown".
Did i miss out any steps? eg. configure stmp, etc??Hi Noobie,
The E-mail which you have given to test it might not have assigned to the BP, check the Port no and Mail Host connections in the SCOT t-code.
Regards
Chandramohan
Reward points if it helps......... -
Configuring Outbound and Inbound SMTP mails with SUN Java messaging system
hi all,
i am new to Solaris i have deployed SUN java comuunication Suite. How do i configure my messaging server to send outgoing mails through existing gateway and recieve inbound mails from the same gateway?
Currently my server is connected to the internet directly i am able to send a mail to an external domain for example gmail. Can anyone help me out in understanding the default functioning of external mail routing and how do i point to a gateway?
Thanks,
ZafrulHi,
zkhan wrote:
i am new to Solaris i have deployed SUN java comuunication Suite. Welcome. Some good resources you should look at are the following:
http://www.sun.com/bigadmin/hubs/comms/overview/index.jsp
http://msg.wikidoc.info/
http://blogs.sun.com/factotum/
How do i configure my messaging server to send outgoing mails through existing gateway and recieve inbound mails from the same gateway?There is two steps to this.
To configure outgoing emails to be relayed through a gateway, you need to modify the <msg_base>/config/imta.cnf MTA configuration file and add "deamon <gateway hostname>" to your tcp_local channel configuration e.g.
! tcp_local
tcp_local smtp mx single_sys remotehost inner switchchannel identnonenumeric subdirs 20 maxjobs 7
pool SMTP_POOL maytlsserver maysaslserver saslswitchchannel tcp_auth missingrecipientpolicy 0
loopcheck daemon mygateway.com
tcp-daemonTo allow the gateway system to send emails to your host unconditionally, modify the <msg_base>/config/mappings MTA configuration fail and add the gateway's IP address to the INTERNAL_IP mapping table e.g. (where the gateway has an IP of 1.2.3.4 and your system has an IP of 192.168.1.20)
INTERNAL_IP
$(192.168.1.20/24) $Y
$(1.2.3.4/32) $Y
127.0.0.1 $Y
* $NOnce you have done this you will need to rebuild the MTA configuration cache and restart the MTA processes.
<msg_base>/sbin/imsimta cnbuild
<msg_base>/sbin/imsimta restart
Currently my server is connected to the internet directly i am able to send a mail to an external domain for example gmail. Can anyone help me out in understanding the default functioning of external mail routing and how do i point to a gateway?For the understanding, you will need to read-up the manuals. Messaging server is a flexible and powerful product for sending/processing emails, but with that flexibility comes complexity. I suggest you start by reading the Messaging Server Administration Guide:
http://docs.sun.com/app/docs/doc/819-4428
Regards,
Shane. -
Tcp_intranet channel to accept only for a specific internal IP address
I am currently using SunOne Messaging Server v5.2:
I would like to configure our MTA to only deliver emails to their proper mailstore if the emails are from 2 specific internal IP addresses. If emails that originated from the intranet are not from the above 2 IP addresses then I would like to re-route the emails to a particular MTA(port 25) for processing. Can this be done? And if so, what changes do I need to make to the imta.cnf file/mappings file?
The tcp_local channel for outgoing emails should remain the same. My guess is that I have to modify the tcp_intranet channel to only accept from specific IPaddresses, Otherwise pass the emails to another channel or MTA for processing.
Question: Can a user spoof an Email with an improper IP address. And if so, do I have to turn on reverse lookup to stop this from happening Or is reverse lookup on by default? Where is the reverse lookup setting? In the imta.cnf file?by default, we do examine the ip address of a mail sending partner. this is hard to spoof, and it's not based on "from" attribute.
However, I'm not at all sure that what you're asking for is truly something achieveable by any normal means, nor if it's truly useful ..
Perhaps you could create another channel for your specific ip addresses, and that would work. . . -
How to set MTA to accept mails from hosts on INTERNAL_IP only?
Hello,
I would like to config a messaging server with:
- this mail server will accept incoming mails from hosts on INTERNAL_IP list only without authentication.
- this mail server will accept to send mail for clients with SASL and TLS only, which means, any incoming SMTP connection will be restricted to use SASL and TLS except hosts on INTERNAL_IP list.
/opt/SUNWmsgsr/@msg# imsimta version
Sun Java(tm) System Messaging Server 6.2-7.05 (built Sep 5 2006)
libimta.so 6.2-7.05 (built 12:08:11, Sep 5 2006)
I appreciate if you can help me on this, thanks in advance.
Best regards,
RobertHello Shane,
Thanks for your reply.
From the log below, it seems incoming mails will go
to the tcp_local channel first then switch to
tcp_intranet later for sending hosts on INTERNAL_IP
list.
INTERNAL_IP
$(10.1.255.222/32) $Y
$(10.1.255.202/32) $Y <-- sending host
127.0.0.1 $Y
* $N
25-Jun-2007 11:29:18.25 46f1.39c.2830 tcp_local +
O TCP|10.1.255.222|25|10.1.255.202|6442
SMTP
5-Jun-2007 11:29:18.27 46f1.39c.2831 tcp_intranet
ims-ms E 3 [email protected]
rfc822;[email protected] 0694037@ims-ms-daemon
/opt/SUNWmsgsr/data/queue/ims-ms/007/ZZf0B4WiQpxLd.00
<A0D8A3EC90EE42E799706627282BF74C@ibm336> mailsrv
msmail.abc.com ([10.1.255.202])
25-Jun-2007 11:29:18.27 4c9c.0e48.3788 ims-ms
D 3 [email protected]
rfc822;[email protected] 0694037@ims-ms-daemon
/opt/SUNWmsgsr/data/queue/ims-ms/007/ZZf0B4WiQpxLd.00
<A0D8A3EC90EE42E799706627282BF74C@ibm336> mailsrv
My question is, if I modify the tcp_local channel
definition to "mustsaslserver" and "musttlsserver",
will sending hosts listed on INTERNAL_IP also be
blocked?
Thanks for your response. ^^No. All emails to port 25 'hit' the tcp_local channel - there is a rewrite rule to switch messages from a certain IP range (INTERNAL_IP) across to the tcp_intranet channel, at which point the tcp_intranet restrictions apply.
Regards,
Shane. -
How to Configure internet channel to a relay SMTP server
Hi men,
My problem is How to Configure internet channel(or outbound mail) sending to a relay SMTP server. I want to test my spam software.
I have search and read Sun Messaging Administration document but haven't fought the guide.
./imsimta version
Sun Java(tm) System Messaging Server 7.0-0.04 32bit (built Jun 20 2008)
Thank and Regards,
Duc Tien.tien86 wrote:
My problem is How to Configure internet channel(or outbound mail) sending to a relay SMTP server. I want to test my spam software. You can use the daemon channel keyword with the tcp_local channel e.g.
! tcp_local
tcp_local smtp nomx multiple remotehost inner switchchannel identnonenumeric \
pool SMTP_POOL maytlsserver maysaslserver saslswitchchannel tcp_auth loopcheck \
daemon relay.yourdomain.com
tcp-daemonIf the relay SMTP server only has an A record then use "nomx" instead of "mx".
http://msg.wikidoc.info/index.php/Mx%2C_nomx%2C_nodns%2C_defaultmx%2C_randommx%2C_nonrandommx%2C_nameservers%2C_defaultnameservers_Channel_Options
The "multiple" keyword instead of "single_sys" helps performance by increasing the number of emails per connection when sending to a relay system.
http://msg.wikidoc.info/index.php/Multiple%2C_addrsperfile%2C_single%2C_single_sys_Channel_Options
Regards,
Shane. -
Route mail based on email address (full address, not just host or domain)
I'm trying to test sending all mail outbound from IMS 5.2 to our email gateway that will scan the messages. I would like to first test with just one IMS email address to make sure it works. So, how would I configure IMS so that outbound mail from [email protected] is sent to a tcp_firewall channel, but all other mail from @mydomain.com is handled normally. Also, which files and configuration commands do I need to look at so that custom tcp_firewall channel works. Thanks!
Not shure why you want to route one user's mail. That's much more difficult that making the one, easy, change to route all your mails through the gateway.
Locate your imta.cnf file. Open it with a text editor.
Scroll down to the Channel Definitions section, and locate your "tcp_local" channel.
There should be three lines, starting with
!tcp_local
a bunch of stuff
tcp_daemon
add to the end of the second line:
daemon <the fully qualified name of your gateway>
like:
daemon some.machine.at.your.domain
save the file
run:
imsimta cnbuild
imsimta restart job_controller
and now, all mail going out the tcp_local channel will be routed thorugh the gateway. -
hi,
What does this dsn mean? And could it be spam?
the subject is "Undeliverable mail"
Message body:
Failed to deliver to '[email protected]'
SMTP module(domain yyyyy.com) reports:
yyyyy.com: no response
Two attachments came along with the message. One of them is:
Reporting-MTA: dns; mail.zzzzz.net
Original-Recipient: rfc822;<[email protected]>
Final-Recipient: rfc822;<[email protected]>
Action: failed
Status: 4.0.0
I checked mail.log_current and grepped for zzzzz.net:
mail.log_yesterday:07-Mar-2006 21:16:12.76 tcp_local ims-ms E 5 rfc822;[email protected] myuser@ims-ms-daemon zzzzz.net (mail.zzzzz.net [a.b.c.d])
mail.log_yesterday:07-Mar-2006 21:19:56.49 tcp_local ims-ms E 3 rfc822;[email protected] myuser@ims-ms-daemon zzzzz.net (mail.zzzzz.net [a.b.c.d])
mail.log_yesterday:07-Mar-2006 21:38:36.74 tcp_local ims-ms E 3 rfc822;[email protected] myuser@ims-ms-daemon zzzzz.net (mail.zzzzz.net [a.b.c.d])
mail.log_yesterday:07-Mar-2006 21:55:07.28 tcp_local ims-ms E 3 rfc822;[email protected] myuser@ims-ms-daemon zzzzz.net (mail.zzzzz.net [a.b.c.d])
mail.log_yesterday:07-Mar-2006 22:42:36.60 tcp_local ims-ms E 3 rfc822;[email protected] myuser@ims-ms-daemon zzzzz.net (mail.zzzzz.net [a.b.c.d])
thxthx for the explanation .Now things are clearer. Few
more questions if you don't mind Jay:
what about the E entries in the log:
mail.log_yesterday:07-Mar-2006 21:16:12.76 tcp_local
ims-ms E 5 rfc822;[email protected]
myuser@ims-ms-daemon swip.net (mailfe05.swip.net
[83.180.141.95]) "E" means, "Enqueue". That's when your server puts the message in the queue. Has nothing to do with sending a message. In fact, this log entry shows the message
Coming from the tcp_local channel (external to your systems),
and addressed to your user on the local store.
>
Does it mean that the my mail server was trying to
re-send the spam again?No
Also, when you said 'original address is bad', the
original address is [email protected]? and the
remote server checked that email address and found
out that it does not exist?No.
the address to: was "[email protected]", or whatever was there, before you changed it.
>
Finally, what about the aol and yahoo emails that I
found in the FROM and TO in the attached file?
Received: from d83-180-141-95.cust.tele2.es
([83.180.141.95] verified)
by mailfe05.swip.net (CommuniGate Pro SMTP 5.0.8)
with SMTP id 39743822; Thu, 02 Mar 2006 22:57:17
17 +0100
Message-ID: <000b01c63e01$377fa740$5f8db453@ppdtdv>
From:
=?Windows-1251?Q?=D2=E8=EC=EE=F4=E5=E9_=D2=E0=F0=E0=F1
=EE=E2=E8=F7_=CA=EE=ED=E4=E5=E5=E2?=
<[email protected]>
To:
=?Windows-1251?Q?=C1=EE=E3=E4=E0=ED_=C5=E2=E3=E5=ED=FC
=E5=E2=E8=F7_=CC=F3=F5=E0=EC=E5=E4=E8=ED=EE=E2?=
<[email protected]>
Those have nothing to do with the current mail itself. They're attached/forwarded/replied previously. -
Hi ,
In one of my customers IMS system we have a web mail server with http.smtphost settings which forwards the http/smtp traffic to one of
virus wall server for filtering. After reading the forum thred below I am also thinking of avoiding the http.smtphost method and using some other way of
http/smtp mail forwarding. Bcos this syetm carry huge http based traffic in that ISP.
web mail behaviour for unknown recipient
I can enable imta on the same web mail host and remove http.smtphost setting so that web mail server can
use its defualt for http/smtp delivery. But my problem is how can I forward "all" the channels traffic to the virus wall ( not only tcp_local)?
msg server version --> 7u3
Thanks and best regards,
...Adding the daemon option to the tcp_local channel, as Ray suggested, will route all mail enqueued to the tcp_local channel to the specified host. However, if you want to route all mail thru that host, rather than just that which would normally go thru the tcp_local channel (ie, mail submitted by webmail users and destined for other users on the same system, it will be more complicated. If that other mail all goes thru the tcp_intranet channel, you could add the daemon option to the tcp_intranet channel as well and that would be the end of it. But if this is a single-host deployment where mshttpd is running on the same system as the message store, then such local delivery would probably go directly to the ims-ms channel.
See the aliasdetourhost option in Routing After Address Validation But Before Expansion in the Admin Guide:
http://wikis.sun.com/display/CommSuite/Configuring+Channel+Definitions#ConfiguringChannelDefinitions-RoutingAfterAddressValidationButBeforeExpansion
It is also mentioned in
http://wikis.sun.com/display/CommSuite/Messaging+Server+Best+Practices+for+Fighting+Email+Spam -
Lot of SPAM mails in queue - Warnings from ISP
Hi Jay,Shane and ALL,
We are running messaging on Solaris 10 with below version.
Sun Java(tm) System Messaging Server 6.2-7.05 (built Sep 5 2006)
libimta.so 6.2-7.05 (built 12:18:44, Sep 5 2006)
Insured that no entries added to mappings (except localhost) and only "authenticated SMTP" allowed.
We implemented Separate AV/anti-spam box with aliasdetour and conversion channel which is working fine.
we could achieve >95% spam control but recently we started receiving warnings from ISP that SPAM being sent out from our mail server.
++++++++Part of mail sent by ISP+++++++++
Data received in complaint:
Return-Path: <x>
Delivered-To: x
Received: from webmail.<our-domain>.com (our_mail_server_IP) by mail.iecc.com with SMTP;
7 Sep 2007 03:29:00 -0000
Received: from User ([210.70.82.129]) by webmail.<our-domain>.com (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTPA id <x> for x; Thu,
06 Sep 2007 20:45:43 -0400 (EDT)
Date: Fri, 07 Sep 2007 08:47:54 +0800
From: Bank of America <x>
Subject: Account Information Update.
To: Undisclosed recipients: ;
Reply-to: x
Message-id: <x>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-Priority: 1
X-MSMail-priority: High
X-DCC-IECC-Metrics: tom.iecc.com 1107;
bulk Body=154 Fuz1=154 Fuz2#X-Tag: tagged by DCC
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
++++++++++++end-of-part-mail-sent-by-ISP++++++++++++
I noticed around 10K SPAM mails getting generated (added) daily in tcp_local channel queue.
+++++++++a mail in queue++++++++++
qm.maint> read 3000
Message id: 3000
Filename: /iplanet/SUNWmsgsr/data/queue/tcp_local/017/ZWf0I3dFTzue9.00
Transport layer information:
Envelope From: address: [email protected]
Envelope To: addresses: [email protected]
Message header:
Received: from User ([203.144.16.210])
by webmail.<our_domain>.com (Sun Java System Messaging Server 6.2-7.05 (built Sep
5 2006)) with ESMTPA id <0JO300B5LSZDBK10@webmail.<our_domain>.com> for
[email protected]; Sun, 09 Sep 2007 09:47:45 -0400 (EDT)
Date: Sun, 09 Sep 2007 23:49:59 +1000
From: Bank Of America <[email protected]>
Subject: Account Information Update Urgently Needed
To: Undisclosed recipients: ;
Reply-to: [email protected]
Message-id: <0JO300B5MSZFBK10@webmail.<our_domain>.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Content-type: text/html; charset=Windows-1251
Content-transfer-encoding: 7BIT
X-Priority: 3
X-MSMail-priority: Normal
qm.maint>
++++++++++++++++++++end-of-mail-in-queue++++++++++++++++++++
Wondering how these mails exist in tcp_local queue wherein none of IPs (or users) allowed to relay through our servers.
Pl help me resolve this issue.
TIA
PrvnThanks Shane.
Pl find my below answers:
Hi,
You need to track down the source of the emails by
locating the relevant mail.log lines that correspond
to the email delivery attempt. This will at least
tell you how they are getting in (whether the email
is coming in via the
tcp_local/tcp_auth/tcp_submit/tcp_intranet channel
etc.).07-Sep-2007 19:13:44.02 tcp_auth tcp_local EA 3 [email protected] rfc822;[email protected] [email protected] User ([210.70.82.129])
08-Sep-2007 16:21:44.38 tcp_auth tcp_local EA 1 [email protected] rfc822;[email protected] [email protected] User ([203.144.16.210])
>
From there you can determine (if you have enough
logging enabled such as LOG_USERNAME=1,
LOG_CONNECTION=1, LOG_MESSAGE_ID=1) why they emails
are being allowed through... After enabling the three parameters (option.dat and did cnbuild/restart),
i noticed lot of such entries in mail.log_current:
10-Sep-2007 00:04:28.59 tcp_local Q 2 [email protected] rfc822;[email protected] [email protected] <0JO400CPG2A15F00@webmail.<our-domain>.com> *admin@<our-domain>.com mailin.binghamton.edu dns;mailin.binghamton.edu (TCP|192.168.1.41|34548|128.226.7.23|25) (mail2.binghamton.edu ESMTP [7e5e6797de0c707331914caad1b54f2f]) smtp;450 <[email protected]>: Sender address rejected: Domain not found [email protected]: smtp;450 <alert@bancamerica.
I have seen cases of:
-> Incorrect mapping rules (so tcp_local->tcp_local
relaying was broken)
-> Overly large 'internal' IP mappings (so
tcp_intranet was the source channel)My Mappings file:
+++++
! MTA mappings file
! for access control and other table lookups
PORT_ACCESS
*|*|*|*|* $C$|INTERNAL_IP;$3|$Y$E
* $YEXTERNAL
INTERNAL_IP
$(192.168.1.41/32) $Y
127.0.0.1 $Y
* $N
ORIG_SEND_ACCESS
tcp_local|*|tcp_local|* $N$D30|Relaying$ not$ allowed
tcp_*|*|native|* $N
tcp_*|*|hold|* $N
tcp_*|*|pipe|* $N
tcp_*|*|ims-ms|* $N
! Block "external" submissions of explicitly source-routed "internal" addresses
tcp_local|*|tcp_intranet|@*:*.* $N$D30|Explicit$ routing$ not$ allowed
tcp_local|*|tcp_intranet|*$%*@* $N$D30|Explicit$ routing$ not$ allowed
tcp_local|*|tcp_intranet|*.*!*@* $N$D30|Explicit$ routing$ not$ allowed
tcp_local|*|tcp_intranet|"*@*"@* $N$D30|Explicit$ routing$ not$ allowed
SEND_ACCESS
tcp_*|*|*|*@[127.*] $X5.1.2|$NBad$ destination$ system
tcp_*|*|*|*@localhost.* $X5.1.2|$NBad$ destination$ system
tcp_*|*|*|*@example.com $X5.1.2|$NBad$ destination$ system
tcp_*|*|*|*@example.net $X5.1.2|$NBad$ destination$ system
tcp_*|*|*|*@example.org $X5.1.2|$NBad$ destination$ system
tcp_*|*|*|*@*.test $X5.1.2|$NBad$ destination$ system
tcp_*|*|*|*@*.example $X5.1.2|$NBad$ destination$ system
tcp_*|*|*|*@*.invalid $X5.1.2|$NBad$ destination$ system
tcp_*|*|*|*@*.localhost $X5.1.2|$NBad$ destination$ system
<IMTA_TABLE:mappings.locale
NOSCAN_IP
$(192.168.1.49/32) $Y$E
* $N
CONVERSIONS
IN-CHAN=tcp_noscan;OUT-CHAN=*;CONVERT No
IN-CHAN=tcp_local;OUT-CHAN=tcp_intranet;CONVERT No
IN-CHAN=tcp_*;OUT-CHAN=*;CONVERT Yes,Channel=tcp_scan
++++++++
-> A users username/password being hacked so
authenticated delivery was being used (tcp_auth was
the source channel with the same username each time)i will see this option but if somebody gets authenticated, i should see in logs?
Pls help me on this.....
Thanks
Prvn
Maybe you are looking for
-
Can I create a copy of Pages '09 on iMac to use a installable file on MacBook?
So, I don't like the new versions of Pages, Numbers and Keynote and have been using the '09 version. I have been right clicking and opening files with the '09 version. I tried setting '09 as default but that would not stick, default would slip back
-
How to open and read backup disc
I put the disc in drive and a window opens and I don't know how to get into contents of backup disc.
-
Macbook Pro and Toshiba HDTV Hooked up but no streaming
I hooked up the macbook to my Toshiba TV using proper cords purchased at BestBuy (Dvi and HDMI) I set the TV to HDMI and it displays the original wallapaper (the purple space scene - which is no longer my background) and that's it. I can have the net
-
help me out
-
How does the quality of service in India compare to the United States?
I am currently in India and 12 hours from the closest Apple service center in Delhi. After the monsoon rains started my computer started acting up. At first some keys seemed to stick and I was able to solve the problem by attaching a USB keyboard.