Koozali.org: home of the SME Server

Version 7.2 Has Killed 'Outside' Emails...

MTBone

Version 7.2 Has Killed 'Outside' Emails...
« on: July 31, 2007, 06:24:09 PM »
Was GOING to put this in Bugzilla but it won't let me create a new account (comes up with page not found).

Since the last MAJOR update (last week) when we get messages from our printers (which was working prior) we get this:

2007-07-31 10:58:56.144180500 5332 Accepted connection 0/40 from 10.254.86.40 / pc-00040.trrmc.hma.com
2007-07-31 10:58:56.145475500 5332 Connection from pc-00040.trrmc.hma.com [10.254.86.40]
2007-07-31 10:58:56.148096500 5332 running plugin (set_hooks): peers
2007-07-31 10:58:56.150186500 5332 trying to get config for peers/10.254.86
2007-07-31 10:58:56.152413500 5332 trying to get config for plugin_dirs
2007-07-31 10:58:56.153875500 5332 trying to get config for peers/10.254.86
2007-07-31 10:58:56.154904500 5332 trying to get config for plugin_dirs
2007-07-31 10:58:56.157628500 5332 peers hooking valid_auth
2007-07-31 10:58:56.158726500 5332 peers hooking set_hooks
2007-07-31 10:58:56.160093500 5332 trying to get config for plugin_dirs
2007-07-31 10:58:56.161994500 5332 logging::logterse hooking queue
2007-07-31 10:58:56.163069500 5332 logging::logterse hooking deny
2007-07-31 10:58:56.164159500 5332 trying to get config for plugin_dirs
2007-07-31 10:58:56.165613500 5332 check_relay hooking connect
2007-07-31 10:58:56.167230500 5332 trying to get config for plugin_dirs
2007-07-31 10:58:56.168621500 5332 check_norelay hooking connect
2007-07-31 10:58:56.170280500 5332 trying to get config for plugin_dirs
2007-07-31 10:58:56.172027500 5332 check_badmailfrom hooking rcpt
2007-07-31 10:58:56.173045500 5332 check_badmailfrom hooking mail
2007-07-31 10:58:56.174371500 5332 trying to get config for plugin_dirs
2007-07-31 10:58:56.175957500 5332 check_badrcptto_patterns hooking rcpt
2007-07-31 10:58:56.177289500 5332 trying to get config for plugin_dirs
2007-07-31 10:58:56.178881500 5332 check_badrcptto hooking rcpt
2007-07-31 10:58:56.180300500 5332 trying to get config for plugin_dirs
2007-07-31 10:58:56.181639500 5332 check_spamhelo hooking ehlo
2007-07-31 10:58:56.182664500 5332 check_spamhelo hooking helo
2007-07-31 10:58:56.184233500 5332 trying to get config for plugin_dirs
2007-07-31 10:58:56.185799500 5332 rcpt_ok hooking rcpt
2007-07-31 10:58:56.187210500 5332 trying to get config for plugin_dirs
2007-07-31 10:58:56.189284500 5332 tnef2mime hooking data_post
2007-07-31 10:58:56.190369500 5332 trying to get config for plugin_dirs
2007-07-31 10:58:56.192137500 5332 virus::clamav hooking data_post
2007-07-31 10:58:56.193930500 5332 trying to get config for plugin_dirs
2007-07-31 10:58:56.195788500 5332 queue::qmail_2dqueue hooking queue
2007-07-31 10:58:56.197603500 5332 Plugin peers, hook set_hooks returned DECLINED,
2007-07-31 10:58:56.198869500 5332 running plugin (connect): check_relay
2007-07-31 10:58:56.199862500 5332 trying to get config for relayclients
2007-07-31 10:58:56.201976500 5332 trying to get config for morerelayclients
2007-07-31 10:58:56.203353500 5332 Plugin check_relay, hook connect returned DECLINED,
2007-07-31 10:58:56.204194500 5332 running plugin (connect): check_norelay
2007-07-31 10:58:56.205106500 5332 trying to get config for norelayclients
2007-07-31 10:58:56.206578500 5332 Plugin check_norelay, hook connect returned DECLINED,
2007-07-31 10:58:56.207627500 5332 trying to get config for smtpgreeting
2007-07-31 10:58:56.208929500 5332 220 pbrmc-lnx-01.trrmc.hma.com ESMTP
2007-07-31 10:58:56.210149500 5332 trying to get config for timeoutsmtpd
2007-07-31 10:58:56.211130500 5332 trying to get config for timeout
2007-07-31 10:58:56.224873500 5332 dispatching HELO 10.254.86.40
2007-07-31 10:58:56.226870500 5332 running plugin (helo): check_spamhelo
2007-07-31 10:58:56.227861500 5332 trying to get config for badhelo
2007-07-31 10:58:56.229472500 5332 Plugin check_spamhelo, hook helo returned DECLINED,
2007-07-31 10:58:56.230714500 5332 trying to get config for me
2007-07-31 10:58:56.231959500 5332 250 trrmc.hma.com Hi pc-00040.trrmc.hma.com [10.254.86.40]; I am so happy to meet you.
2007-07-31 10:58:56.243016500 5332 dispatching MAIL FROM: nwradp1@PBRMC-LNX-01.TRRMC.HMA.COM
2007-07-31 10:58:56.244332500 5332 full from_parameter: FROM: nwradp1@PBRMC-LNX-01.TRRMC.HMA.COM
2007-07-31 10:58:56.245856500 5332 from email address : [nwradp1@PBRMC-LNX-01.TRRMC.HMA.COM]
2007-07-31 10:58:56.246690500 5332 501 could not parse your mail from command
2007-07-31 10:58:57.041833500 3714 cleaning up after 5332

and nothing comes across. We've also tried to manually send mail through the SMTP server (connected thru telnet) and get the same error.

What's changed?

We've also noticed that emails sent OUT from the server (thru php websites, etc hosted on this server) seem to be working ok - it's just emails that come across from outside of the box that we're trying to send to accounts that are on the box.

Offline florim

  • *
  • 8
  • +0/-0
i have the same problem
« Reply #1 on: July 31, 2007, 10:09:12 PM »
now i have disabled spamassasin and virus scaning and some mails i get some no im thinking to format drive and install sme 7.0 and disable updates. i dont see any solutions

Offline raem

  • *
  • 3,972
  • +4/-0
Re: i have the same problem
« Reply #2 on: August 01, 2007, 03:15:14 AM »
florim

You probably need to whitelist some of your external senders email addresses.
Search forums on wbl for command line instructions or install the wbl panel from the dmay contrib area
...

Offline raem

  • *
  • 3,972
  • +4/-0
...

Offline florim

  • *
  • 8
  • +0/-0
i have installed contribs its better
« Reply #4 on: August 01, 2007, 11:00:51 AM »
but now i have one another problem i have one server with 100 users and now for two days in isoqlog it shows me that i have send and recived about 17000 mails but logs are now showing that i have send and recived about 17000 and my disk space is groving, i dont know why i have all users are using pop3s

Offline raem

  • *
  • 3,972
  • +4/-0
Re: i have installed contribs its better
« Reply #5 on: August 01, 2007, 04:40:44 PM »
florim

One of your users may have a virus infection ??

Your server may have been hacked and is acting as a spam relay ??
...

MTBone

Version 7.2 Has Killed 'Outside' Emails...
« Reply #6 on: August 01, 2007, 06:18:38 PM »
We just ended up going back to 7.1.3 and running a restore and all is right with the world again. :)

Thanks for everyone's help!

Jim

Offline florim

  • *
  • 8
  • +0/-0
its possible but likley
« Reply #7 on: August 01, 2007, 11:44:21 PM »
its posible that my server is hackt but i have check histor in ssh and is not showing nothing strange in log files for isoqlog is showing more mails that i have send and recived but it does give me wich user has send so many mails

how can i check if my server was hack

best wishes
florim

Offline raem

  • *
  • 3,972
  • +4/-0
Re: its possible but likley
« Reply #8 on: August 01, 2007, 11:56:41 PM »
florim

Hackers usually delete log files so you can't see what they have been doing, but it should be obvious as other processes are usually running or web sites altered or other odd behaviour or even loss of functionality.
It doesn't sound like a hack to me although it's a possibility.

Quote
it does give me wich user has send so many mails


That's the most probable source of the emails, a virus infection on that users workstation.
...

Offline raem

  • *
  • 3,972
  • +4/-0
Re: Version 7.2 Has Killed 'Outside' Emails...
« Reply #9 on: August 02, 2007, 12:41:10 AM »
MTBone

Quote
and nothing comes across.
... it's just emails that come across from outside of the box that we're trying to send to accounts that are on the box.


What does that mean in clearer english please ?
Are your issues similar to the other poster "florim" ?
Did you try whitelisting email addresses ?
...

Offline florim

  • *
  • 8
  • +0/-0
yes its exactly the same
« Reply #10 on: August 02, 2007, 12:52:16 PM »
i think that this last update it has to do with the problem but as form me right now is situation better i can recive mails and send now i have installed the contrib email-wbl and situation is better but as for hacks this is brand new installation its running for 20 days till yesterday it workt perfektly as i was testing with one test domain but 2 days ago i have changed that domain with my company mail domain and i have updated my server with the last smeupdates i think was spamassassin
for the info i have disabled ssh access and ftp access because and i have one ibay with http forward in one another web page.

if someone wish my log files i can paste here i have try also to post in bug tracker but i cant register it gives me page not found.

p.s.
sorry for my english i have forget to write english :(

regards,
florim

Offline byte

  • *
  • 2,183
  • +2/-0
Re: yes its exactly the same
« Reply #11 on: August 02, 2007, 08:04:08 PM »
Quote from: "florim"
i have try also to post in bug tracker but i cant register it gives me page not found.


This issue is now fixed please try again and posting a bug. Thanks.
--[byte]--

Have you filled in a Bug Report over @ http://bugs.contribs.org ? Please don't wait to be told this way you help us to help you/others - Thanks!

Offline jfarschman

  • *
  • 406
  • +0/-0
Version 7.2 Has Killed 'Outside' Emails...
« Reply #12 on: August 08, 2007, 09:51:05 PM »
I believe I am having the same problem and posted bugzilla 3274
http://bugs.contribs.org/show_bug.cgi?id=3274  For me it's all about an old fax server email client not formating the MAIL FROM address properly.

  1. Email from a normal client like Outlook or Thunderbird works great because the MAIL FROM: <myemail@address.com> has the <>

  2. Email from the old third-party (faxserver) client does not work because the MAIL FROM: myemail@address.com lacks the <> characters

@4000000046ba199604134fe4 31253 dispatching MAIL FROM: myemail@address.com

The result is a "501 could not parse your mail from command "
Jay Farschman
ICQ - 60448985
jay@hitechsavvy.com