Topic: Two servers pop and smtp.

[Jean-Philippe Pialasse]

a question what is the architecture of you network ?

SME bowes are server only or is there a gateway server SME (which one SMTP one or PO one ?) , or  another gateway ?

[miguelalbore]

Both servers are as Server Only. Main is on SME 7, SMTP Server is on SME 6.0.1

[mmccarn]

I had a couple clients running SME 6.0.1 who started to get abused for spam-disguised-as-bounce-messages (more here).  Before I got things straightened out, they had each been listed with a "tarpit" system.  Any time I rebooted my email would flow OK for 2 - 10 minutes, then the "tarpit" system would attract and monopolize all outbound SMTP connections from my server, intentionally holding them open as long as possible, preventing outbound email.

I found the problem by running:
# netstat -a | grep smtp

and finding that I had lots of ESTABLISHED connections to one mail server that, when researched, claimed to belong to a tarpitting spam trap service...

Also, after installing the qmHandle contrib, running:
# qmHandle -R | grep DAEMON

listed lots of bounce messages from "MAILER-DAEMON" waiting for delivery (between 800 and 16000, depending on how long since I cleared it out...)

I ended up writing a script to stop qmail, delete everything in the remote Queue "From: MAILER-DAEMON", and reconfiguring my SME servers to deliver bounce messages to a local account instead of actually bouncing them back to the "sender".

[miguelalbore]

I'm running actually SME 7.0

However, i can see may servers connect to my smtp port.

How i can blocked this servers?

They are trying to enter to 25 port.