Topic: outgoing email issue

[katumba]

anyone help with this? SME 7.1, all updates. i've tried disabling spam and clam. Outgoing mail not working. What other logfiles can i look into? Thanks!@

summary mail queue:

Report generated: Mon 29 Jan 2007 10:43:15 AM PST

messages in queue: 174955
messages in queue but not yet preprocessed: 0

[Jean-Philippe Pialasse]

check for a computer with a mail bomb (virus) in your lan.

Thsi is not due to spamd or clamav because all have been processed.

you might find in the qmail log that the messages might be refused by other smtp server due to the large number of delivery in a short time....

so find from whom all this messges comme from (ip adress)

after you found the source and stop it you will have to sort the queue to keep the good messages.

i use tu have a script to help sorting this ... i do not find it ...

JPP

[Jean-Philippe Pialasse]

here it is : http://www.redwoodsoft.com/~dru/mailRemove/

first stop qmail
then chekc theses logs:


qpsmtp.current

search for "Accepted connection" and check if a local ip send all thes email  (use your browser search tool to find "192.168.1." if it is the beginning of your local adresses)

then cure the computer

after you can use the python script to remove the bad mails

wait somes hours before turning one your smtp service to let other smtp on the net remove you from temp blacklist

[katumba]

thanks for the quick replies!

ok. stopped qmail. looked for connections. disconnected server from WAN and all PC's from LAN. Running virus scans on all PC's. 2 internal connections and one external: 151.53.235.153

That comes back as a server in Italy.

[katumba]

actually, it's failing when trying to stop qmail.

[Jean-Philippe Pialasse]

service qmaild stop
service qpsmtpd stop
service sqpsmtpd stop

have you modified something because sme 7 is not supposed to relay mail and refuse mail from external adress which are not destined to a local user ?

[katumba]

service qmaild stop
service qpsmtpd stop
service sqpsmtpd stop

have you modified something because sme 7 is not supposed to relay mail and refuse mail from external adress which are not destined to a local user ?

haven't modified anything. Just a clean 7 install w/ updates.

qpsmtpd and sqpsmtpd worked. qmaild said not a valid service name

[Jean-Philippe Pialasse]

service qmail stop

excuse me


if it fails try
pgrep qmail
and if it returns something kill -9 the pid
 
then makes some cleaning job to the queue

then wait and restart all stoped services


JP

[katumba]

service qmail stop

excuse me


if it fails try
pgrep qmail
and if it returns something kill -9 the pid
 
then makes some cleaning job to the queue

then wait and restart all stoped services


JP

Cool. Kill'd 8 pid's, then able to stop qmail. it is now not running.
/service/qmail: down 116 seconds

Running virus scans now, and will run the python script to clear the queue. How do i find which messages in the queue for the filter to delete?

thank you very much for the help.

[JonB]

I suggest that do a search on contribs for qmhandle.

Install the qmhandle contrib from saco. It will add a new link under Administration of the server manager called Email queue management.

This will allow you to see the emails that are sitting in the local and remote queues and delete those emails. However you don't want to be deleting 175,000 emails individually so you can go to command prompt and type

Code: [Select]

qmHandle -D

Note the capital H

This will delete all emails in the local and remote queues.

You will need to reboot the server afterwards.

I suspect that you will find that rather than being spam emails that your domain has been spoofed in spam and the emails are NDR (non deliverable) notifications to non-existant addresses.

Jon

[katumba]

running -D now. thanks again for the help.

[katumba]

now that i have this great qmHandle tool, can someone please explain the remote queue to me?

Emails are now going out ok, however there are now 4 emails in the remote queue. All are being sent to valid recipients, yet they are not sending. What is the remote queue and how do i fix this?

[CharlieBrady]

if it fails try
pgrep qmail
and if it returns something kill -9 the pid

You should never use "kill -9" unless there is no alternative. Using the TERM or QUIT signals will allow processes to exit gracefully - doing cleanup before they die. Using -9 will leave you with things like corrupted databases or corrupted mail queues.

In this case, I think that:

killall qmail-remote

will be all that's required. Or just be patient - qmail will definitely stop if you've asked it to.

[CharlieBrady]

now that i have this great qmHandle tool, can someone please explain the remote queue to me?

Emails are now going out ok, however there are now 4 emails in the remote queue. All are being sent to valid recipients, yet they are not sending. What is the remote queue ...

All the workings of qmail are explained on the web. Start your reading here:

http://www.lifewithqmail.org/lwq.html

... and how do i fix this?

There's nothing that you can do to force remote sites to accept email from you. If their servers are down temporarily, then they're down. It's perfectly normal for there to be messages in your outgoing queue. That's the way that SMTP mail delivery is designed to work.

To diagnose why messages are still in the queue and are unsent, look through the mail logs analysis panel.

[katumba]

also, now that it is back up and running, it is accepting a lot more connections:

194.164.82.218
151.53.235.153
66.77.59.50
216.248.197.63 & more. what does that mean?