Tremendous amount of bounced mails in the mailq!

Hi! I've set up a mailserver which worked very fine for months. I used pterobytes guides for frontline spam defense which worked like a charm. But suddenly my mailserver gets overwhelmed with tons of bounced spam mails in the mailq (thus any incoming and outgoing mails get stuck).
See this log entry from mail.log:
+Apr 4 17:08:51 server postfix/smtp[56411]: DEF7D65B38D: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.4, delays=2.1/0/0.74/0.53, dsn=5.7.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject, id=56473-06 - SPAM (in reply to end of DATA command))+
I am deleting the mails in the mailq periodically with +sudo postsuper -d ALL+ which is deleting about 10k mails every hour!
Anyone knows what has happened to me? Please help! (pterobyte, please! :-)) Here is my postconf -n:
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
disablevrfycommand = yes
enableserveroptions = yes
html_directory = no
inet_interfaces = all
localrecipientmaps = proxy:unix:passwd.byname $alias_maps
luser_relay = quarantine
mail_owner = _postfix
mailboxsizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
messagesizelimit = 15728640
mydestination = $myhostname,localhost.$mydomain,localhost,kosmatschof.com,veech-vma.com
mydomain = veech-vma.com
mydomain_fallback = localhost
myhostname = server.veech-vma.com
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost = smtp.inode.at
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpsasl_passwordmaps =
smtpdclientrestrictions = permitsaslauthenticated, permit_mynetworks, rejectrblclient zen.spamhaus.org, permit
smtpddatarestrictions = permit_mynetworks, rejectunauthpipelining, permit
smtpdenforcetls = no
smtpdhelorequired = yes
smtpdhelorestrictions = permitsaslauthenticated, permit_mynetworks, checkheloaccess hash:/etc/postfix/helo_access, rejectnon_fqdnhostname, rejectinvalidhostname, permit
smtpdpw_server_securityoptions = plain,login,gssapi,cram-md5
smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
smtpdsasl_authenable = yes
smtpdsenderrestrictions = permitsaslauthenticated, permit_mynetworks, rejectnon_fqdnsender, permit
smtpdtls_certfile = /etc/certificates/Default.crt
smtpdtls_keyfile = /etc/certificates/Default.key
smtpdtlsloglevel = 0
smtpduse_pwserver = yes
smtpdusetls = no
unknownlocal_recipient_rejectcode = 550
server:log srv_adm$ postconf -n
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
disablevrfycommand = yes
enableserveroptions = yes
html_directory = no
inet_interfaces = all
localrecipientmaps = proxy:unix:passwd.byname $alias_maps
luser_relay = quarantine
mail_owner = _postfix
mailboxsizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
messagesizelimit = 15728640
mydestination = $myhostname,localhost.$mydomain,localhost,domain1*,*domain2
mydomain = veech-vma.com
mydomain_fallback = localhost
myhostname = server.veech-vma.com
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost = smtp.inode.at
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpsasl_passwordmaps =
smtpdclientrestrictions = permitsaslauthenticated, permit_mynetworks, rejectrblclient zen.spamhaus.org, permit
smtpddatarestrictions = permit_mynetworks, rejectunauthpipelining, permit
smtpdenforcetls = no
smtpdhelorequired = yes
smtpdhelorestrictions = permitsaslauthenticated, permit_mynetworks, checkheloaccess hash:/etc/postfix/helo_access, rejectnon_fqdnhostname, rejectinvalidhostname, permit
smtpdpw_server_securityoptions = plain,login,gssapi,cram-md5
smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
smtpdsasl_authenable = yes
smtpdsenderrestrictions = permitsaslauthenticated, permit_mynetworks, rejectnon_fqdnsender, permit
smtpdtls_certfile = /etc/certificates/Default.crt
smtpdtls_keyfile = /etc/certificates/Default.key
smtpdtlsloglevel = 0
smtpduse_pwserver = yes
smtpdusetls = no
unknownlocal_recipient_rejectcode = 550

1. This is spam which makes it into your system because you accept mail for unknown users:
luser_relay = quarantine
Unless you have a legal requirement, you should avoid accepting mail for unknown users. 99% of mail to unknown users is spam. The few legit mail with a wrong address should go back to sender so they know. Use Server Admin to remove it, so the setting in imapd.conf gets fixed as well.
2. You have set amavisd to bounce spam. NEVER bounce or reject spam. The sender does not exist anyway and you just drown in backscatter.
As a quick fix, edit /etc/amavisd.conf and change a few parameters to reflect the values below:
$finalvirusdestiny = D_DISCARD;
$finalbanneddestiny = D_DISCARD;
$finalspamdestiny = D_DISCARD;
$finalbad_headerdestiny = D_PASS;
$satag_leveldeflt = -999;
$satag2_leveldeflt = 3.0;
$sakill_leveldeflt = 7.0;
@localdomainsmaps = ( 1 );
Restart amavisd when done by issuing:
sudo /bin/launchctl unload /System/Library/LaunchDaemons/org.amavis.amavisd.plist
sudo /bin/launchctl load /System/Library/LaunchDaemons/org.amavis.amavisd.plist
These values are a starting point to alleviate the issues you are experiencing. Once the situation is under control, you should adjust to your liking. For more info on the values, see here:
http://www200.pair.com/mecham/spam/amavisd-settings.html
HTH,
Alex
Message was edited by: pterobyte

Similar Messages

  • Can I bounce mail from the web based mac mail?

    Am starting to get some spam and rather than download to mail and then bounce I would prefer to bounce straight from my mac account on the web. Is it possible. Have looked but can see no icon or action to do it.
    cheers

    Never bounce spam! Spammers don't use valid return addresses, and a bounced message will usually further victimize the owner of the faked address. It will never do any good.

  • How to identify bounced mails thru java mail??

    Hi everyone,
    I have a Javamail program through which I m sending and receiving mails. I want to identify bounced mails from the ones I receive. Is there a way in the Javamail API or the SMTP protocol to detect if the mail recd is a bounced one?? Some header or something???
    Any inputs will be great...

    There's no need to ask twice.
    http://forum.java.sun.com/thread.jsp?forum=43&thread=176301

  • I browse the Mail icon of my Iphone and want to get emails but cannot enter into the screen I usually get emails. Just bounce back to the Front Page. Can you help ?

    I browse the Mail icon of my Iphone 4 and want to get emails but suddenly the screen bounced back to the front page and cannot entered to the screen I usually to get emails. Tried many times and rebooted the Iphone have the same result. Can you help ?

    Did you already set the phone up "as new iphone" without using the latest backup, in case this contains corrupt data? How to back up your data and set up as a new device

  • I am trying to change my email settings but everytime I click on mail in the set up screen I get bounced back to the home screen.  Any ideas?

    I am trying to change my email settings but everytime I click on mail in the set up screen I get bounced back to the home screen.  Any ideas?

    Call Apple to help reset your Security Question.
    http://support.apple.com/kb/HT5699

  • Can you disable the Bounce Mail confirmation?

    I like the Bounce Mail function (although I wonder how effective it will be) but I hate having to confirm the command when I use it. Does anyone know if that can be disabled?

    don't think you can.
    hope this helps

  • TS3899 My iPhone & iPad mail is locked - Press mail app, the screen starts mail, freezes and bounces back to main menu. The fault occurred whilst opening a draft email created in the 'Mail 2 Group' app. Hard reset/reset all/restore backup have no effect -

    I installed the Mail 2 Group App on my iPAD, created an email which I saved to the 'Draft' folder, with something over 300 of my contacts in the bcc. On returning to this email, again in my iPad, the screen locked in mail for a few seconds and bounced bak to the main menu. This repeated on my iPhone, on which I have been carrying out my own checks - this includes deleting the Yahoo account, hard reset (red cross and two buttons), restoring a backup and Reset All in settings.
    I'm stuck !!

    Sending a message with that many addressees may have required more RAM than was available. You can clean up RAM as follows:
    Double-press the HOME button
    Kill each app by flicking its screen image up
    When all apps except the Home screen are closed press HOME
    Wait about 2 minutes for the shutdowns to finish
    Turn the phone off (hold the SLEEP button until "slide to power off" appears, and do so)
    Wait another minute
    Turn the phone back on by holding the SLEEP button until an Apple logo appears
    Now try to send the mail again. Note that you may have an unrelated problem if this works: Many ISPs (Yahoo included) limit the number of email recipients for a single message as a way to combat spam.

  • I keep getting this message: Mail can't connect to the account: "Sbcglobal". Enter the password... So I do and it opens up, but later it will happen again. It's not earth-shattering, but I have to stop what I'm doing to get rid of the bouncing Mail icon.

    I keep getting this message: Mail can't connect to the account: "Sbcglobal". Enter the password... So I do and it opens up, but later it will happen again. It's not earth-shattering, but I keep having to stop what I'm doing to get rid of the annoying bouncing Mail icon.

    If your password is accepted, and Mail connects to the account, but you're prompted for the password repeatedly, take each of the following steps that you haven't already tried. Note: these steps don't apply if the server rejects the password. That's a different problem.
    Step 1
    When prompted for the password, check the box marked Remember this password in my keychain.
    Step 2
    Check that the keychain is working.
    Step 3
    Check that the default keychain is unlocked.

  • Mail icon bounces out of the blue

    Hi there.
    I've noiticed the Mail icon bounces out of the blue in the dock.
    I'm working with other programs or browsign the internet and Mail is calling for attention.
    I open the progam, it opens properly, I close it after, and it starts to bounce again, driving me crazy.
    Any ideas how to make it stop?
    Thanks!

    Reported fixes:
    "I ended up repairing Permissions and resetting PRAM and that stopped the problem somehow"
    "I would remove the icon from the Dock and drag the application back to the Dock to create a new one. That normally corrects it."
    Other options:
    Do a Safe boot then restart normally.
    *  shutdown
    *  start the Mac and *wait* for the startup chime to sound
    *  after the sound, press and hold down the shift key
    *  keep holding and *wait* until the grey  Apple logo appears
    *  now release the shift key and just wait (it could take a few minutes)
    *  eventually the login screen appears with the words SAFE BOOT

  • Mac OS X 10.5: Mail: Using Terminal to clear the MailQ

    anyone know a command to clear the mailq through terminal? All input would be a great help.
    Thanks,
    MR Cadies

    Use sudo postsuper -d ALL
    JL

  • HT4864 When trying to update my Mail Account Mailbox Behaviours settings, when I try to close the settings pane the following messages occur: Invalid Incoming Mail Server The "Incoming Mail Server" field cannot be empty. The incoming mail server box has p

    When trying to update my Mail Account Mailbox Behaviours settings, after making the changes when I try to close the settings pane the following messages occur: Invalid Incoming Mail Server The “Incoming Mail Server” field cannot be empty. The incoming mail server box has in light grey colour: p02-imap.mail.me.com in it and I cannot edit its content. Any ideas what is going on and how to fix it?

    Hi all,
    Mattreichenbach is probably on the right track here with a reset of settings.  I think I've determined the issue has to do with cached account information and inconsistencies for the account name.  This seems to crop up when I've changed my password and it hasn't propagated fully to all the servers, devices, certificates, etc.
    Hopefully many here are on their way to restoration of service by now but it's clear that a lot of people are having the same issues.  Very frustrating and definitely something Apple needs to resolve:  incoming mail server field grayed out, incorrect autopopulation of different fields, other unanticipated behaviors.  If you're still having issues, though, here's what worked for me...
    First, head to the iCloud preferences pane in System Configuration and choose "Sign Out".  When I did this it prompted me with a number of "are you sure" type questions about retaining information on my local machine.  I chose to delete/remove the info each time simply because it should all be restored by the cloud and I didn't want to risk a massive duplication of my data... I will say, I'm back up and running with no issues so I suspect you can make the same delete/remove choices...  But use your own judgment.  I don't want you to lose any data (ie.. please use care as you do this because I cannot bear the thought of causing anyone to experience the pain of data loss).
    Once you've signed out of iCloud, restart your system.  When you get back in, head to the Mail, Contacts and Calendars section of your System Preferences and add your account back by choosing the brushed aluminum "iCloud" button.  When it asks for your account name, use your @iCloud.com email address.  I am all but certain my issue had started because one of my devices (iPhone or whatever) had been set up with an email alias specified instead of my @iCloud.com address.
    Apple, if you're reading through any of these issues (there are TONS of users having this same problem).  Take note, that your icloud service somewhat frequently is not responding and yet tells the user that the password is wrong and this prompts people to be changing their passwords unnecessarily.  This has happened to me on numerous occasions.  Also, I noticed that last week's outage corresponded to a VERY similar outage exactly one year ago to the day.  Sounds like planned maintenance to me and I think you could do a better job notifying folks so we're not wasting HUGE amounts of time troubleshooting a problem that we have no hope of fixing.
    Hope that helps some of you!
    Terry Mullane
    Washington, DC

  • I have suddenly got the following message An (SMTP) error occurred while sending mail. The server responded: Requested action aborted: This mail account has se

    Having been on Thunderbird for some years I have suddenly got the following message when trying to send mail.
    An (SMTP) error occurred while sending mail. The server responded: Requested action aborted: This mail account has sent too many messages in a short amount of time. Please try later..
    I have checked the SMTP server settings in tools, account settings and they are as they have always been. Is there something I have missed?

    Sending through web mail is totally irrelevant to using an SMTP server. The message even says it is from the server. Why do you think this is a Thunderbird problem.
    The provider has put in place measures to keep people from spamming other email recipients using thier SMTP server. You have seen the result of those measures.

  • Custom header reading of bounce mail

    Hi,
    When I send a mail to invalid mail address on gmail server, form the bounce mail able to read the custom headers using javax.mail api.
    But when I send mail to invalid user on MS Exchange server, from the bounce mail I got, not able to read the custom headers using javax.mail. But the outlook shows (by looking at the option) the custom header is present. I think I may be missing some configuration while reading the mail from mail server using javax.mail. and not reading all the headers. (but its working with other email servers like gmail)

    First, you need to understand that it's up to the
    destination server what it returns, if anything, when
    you send a message to an invalid address.
    In this case, if sounds like the destination server has
    returned a message that includes all the headers
    you want to see, but you can only see them using
    Outlook and not when using JavaMail.
    Note that Outlook typically uses a Microsoft proprietary
    protocol to talk to Exchange, so it's possible for it to
    see and do things that are not possible using the
    standard internet protocols that JavaMail uses.
    You'll probably need to consult an Exchange expert
    to see if there are configuration options that control
    what information it makes available to internet
    protocol clients in this case.

  • Osx10.7 bounced mail byte in mailbox

    i keep getting admin bounced mail notification bytes in mailbox

    Hi JCvanDamme,
    I recommend you refer to the following article and it may give you some hints :
    http://blog.kloud.com.au/2013/11/22/exchange-2013-dns-settings-cause-transport-services-to-crash/
    Note: Microsoft is providing this information as a convenience to you. The sites are
    not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from
    the above link.
    Best regards,
    Niko Cheng
    TechNet Community Support

  • I am getting a massive amount of junk mail that i never used to get.  this just started in 2012.  any suggestions?  Thanks.-Craig

    i am getting a massive amount of junk mail that i never used to get.  this just started in 2012.  any suggestions?  Thanks.-Craig

    The guy at the Genius Bar has told you absolute and utter rubbish.  It is true that Apple has stopped supporting iWeb, but it definitely DOES NOT mean that your website will stop working any time soon. 
    They should know that iWeb is an application on your Mac and as long as it is compatible with your OS - it works in Snow Leopard and Lion and will be compatible with the new Mountain Lion out this Summer, then you can still use it to build and maintain websites.
    As long as your are not publishing your site to MobileMe, then you are okay - if you are publishing to a local folder and then uploading to another host that is fine and your site will not be going anywhere in a hurry.
    You don't need to change software unless you really want to.

Maybe you are looking for

  • GL A/c Clearing

    All Members, I am having one error. i.e. If I want to clear the GL A/c through F-03, I am getting the error message u201C There are no open Items managed in account 218000u201D u2013 Message no. F5133 . But If I see in FBL3N i.e. GL Line items displa

  • Blanket purchase order and Framework order?

    Dear Gurus, what are the main differences between Blanket purchase order and Framework order? Thanks..

  • Labview and Microsoft VC++ 6.0 (MFC)

    Hello Gurus, has anyone ever tried to implement a labview panel into a MDI frame of Mirosoft VC++ 6.0 At the moment i am able to do this stuff with a dialog based application. If you have some ideas please tell me."

  • Dependent Demand Planning of commponents

    Hi Following is the BOM structure - F (Finished Good) - > S1 (1st Intermediate) - > S2 (2st Intermediate) - > R (Raw Material) I am trying to plan the finished good (F) in an external system (like say xLPO / ECC) and transfer the dependent demand of

  • Switchover/Failover to physical standby

    Hi All, I have dataguard configured between Primary and physical standby. I would like to know how can i switch over to physical stanby when the network link is down between primary and physical standby. I mean what steps I can follow to make physica