Topic: Huge backlog list on remote message queue

[steel]

During a regular checkup of a clinet server I noticed a worrying number of messages queued up in the remote message queue of Qmail. In fact it has been getting hammered and has exceeded thousands of continuous attempts at sending mail.(still going)
 I have checked to make sure it is not relaying and its fine according to the relay checker on the INternet.

Every mail has a failure notice as per below, however it is a little worrying that it's not letting up at all.

*****SNIP
This is the qmail-send program at gowrie-adelaide.com.au.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
:
Sorry, no mailbox here by that name.
******SNIP

Does anyone else have similar issues with their remote queues, or have I missed something out that could prevent this!

Box appears to be secure, SSH only allowed from my own IP, chkrootkit shows nothing.


Advice is welcome.

Steve

[CharlieBrady]

During a regular checkup of a clinet server I noticed a worrying number of messages queued up in the remote message queue of Qmail. In fact it has been getting hammered and has exceeded thousands of continuous attempts at sending mail.(still going)

What you are seeing is typical of any mail server connected to the internet which does not do recipient filtering at the SMTP level. Google for backscatter and spam to understand the problem.

You can solve the problem by upgrading to 7.0pre1, or by installing a contrib which adds the recipient filtering capability to 6.x.

 I have checked to make sure it is not relaying and its fine according to the relay checker on the INternet.

That's good

[ryan]

This just happened on a SME 6 server at my company.....IT was doing a favor and looking at a personal system.  The system turned out to be heavily infected with spyware/malware.  Since SME has a transparent SMTP proxy, it "grabbed" all the spam the infected PC sent through the gateway.  We had a backlog of 26,000+ messages within a few hours.  

I discovered this problem by inspecting the actual qmail queue files....the headers contained a LAN IP address.   It took over 24 hours for the queue to clear, but performance seemed normal when the backlog hit approx. 3000 messages.  

Ironically, we have a seperate LAN for testing....but it was quicker to simply plug the personal PC directly into the regular LAN...opps!

hope this helps....

[steel]

Is there a package designed to prevent this from happening?
I have no problem with a commercial package for SME to do this so any pointer to the right place will be welcomed.

I did have a look at the mailfront package but there is little in the way of information that I could find in a hurry that explains what it does, even the rpm -qi say nothing about its purpose.


Thanks for the reply guys it is appreaciated


Steve

[ryan]

You need to verify your qmail queue to know if the backlog is from the internet or internal.  If internal, find the system and fix it.  If you choose, search this forum for disable smtp proxy....I have seen postings on how to disable this.  

I found my qmail queue stalled after I accessed the files.....a reboot fixed it.  

Ryan