Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: katumba on January 29, 2007, 07:45:24 PM
-
anyone help with this? SME 7.1, all updates. i've tried disabling spam and clam. Outgoing mail not working. What other logfiles can i look into? Thanks!@
summary mail queue:
Report generated: Mon 29 Jan 2007 10:43:15 AM PST
messages in queue: 174955
messages in queue but not yet preprocessed: 0
-
check for a computer with a mail bomb (virus) in your lan.
Thsi is not due to spamd or clamav because all have been processed.
you might find in the qmail log that the messages might be refused by other smtp server due to the large number of delivery in a short time....
so find from whom all this messges comme from (ip adress)
after you found the source and stop it you will have to sort the queue to keep the good messages.
i use tu have a script to help sorting this ... i do not find it ...
JPP
-
here it is : http://www.redwoodsoft.com/~dru/mailRemove/
first stop qmail
then chekc theses logs:
qpsmtp.current
search for "Accepted connection" and check if a local ip send all thes email (use your browser search tool to find "192.168.1." if it is the beginning of your local adresses)
then cure the computer
after you can use the python script to remove the bad mails
wait somes hours before turning one your smtp service to let other smtp on the net remove you from temp blacklist
-
thanks for the quick replies!
ok. stopped qmail. looked for connections. disconnected server from WAN and all PC's from LAN. Running virus scans on all PC's. 2 internal connections and one external: 151.53.235.153
That comes back as a server in Italy.
-
actually, it's failing when trying to stop qmail.
-
service qmaild stop
service qpsmtpd stop
service sqpsmtpd stop
have you modified something because sme 7 is not supposed to relay mail and refuse mail from external adress which are not destined to a local user ?
-
service qmaild stop
service qpsmtpd stop
service sqpsmtpd stop
have you modified something because sme 7 is not supposed to relay mail and refuse mail from external adress which are not destined to a local user ?
haven't modified anything. Just a clean 7 install w/ updates.
qpsmtpd and sqpsmtpd worked. qmaild said not a valid service name
-
service qmail stop
excuse me
if it fails try
pgrep qmail
and if it returns something kill -9 the pid
then makes some cleaning job to the queue
then wait and restart all stoped services
JP
-
service qmail stop
excuse me
if it fails try
pgrep qmail
and if it returns something kill -9 the pid
then makes some cleaning job to the queue
then wait and restart all stoped services
JP
Cool. Kill'd 8 pid's, then able to stop qmail. it is now not running.
/service/qmail: down 116 seconds
Running virus scans now, and will run the python script to clear the queue. How do i find which messages in the queue for the filter to delete?
thank you very much for the help.
-
I suggest that do a search on contribs for qmhandle.
Install the qmhandle contrib from saco. It will add a new link under Administration of the server manager called Email queue management.
This will allow you to see the emails that are sitting in the local and remote queues and delete those emails. However you don't want to be deleting 175,000 emails individually so you can go to command prompt and type
qmHandle -D
Note the capital H
This will delete all emails in the local and remote queues.
You will need to reboot the server afterwards.
I suspect that you will find that rather than being spam emails that your domain has been spoofed in spam and the emails are NDR (non deliverable) notifications to non-existant addresses.
Jon
-
running -D now. thanks again for the help.
-
now that i have this great qmHandle tool, can someone please explain the remote queue to me?
Emails are now going out ok, however there are now 4 emails in the remote queue. All are being sent to valid recipients, yet they are not sending. What is the remote queue and how do i fix this?
-
if it fails try
pgrep qmail
and if it returns something kill -9 the pid
You should never use "kill -9" unless there is no alternative. Using the TERM or QUIT signals will allow processes to exit gracefully - doing cleanup before they die. Using -9 will leave you with things like corrupted databases or corrupted mail queues.
In this case, I think that:
killall qmail-remote
will be all that's required. Or just be patient - qmail will definitely stop if you've asked it to.
-
now that i have this great qmHandle tool, can someone please explain the remote queue to me?
Emails are now going out ok, however there are now 4 emails in the remote queue. All are being sent to valid recipients, yet they are not sending. What is the remote queue ...
All the workings of qmail are explained on the web. Start your reading here:
http://www.lifewithqmail.org/lwq.html
... and how do i fix this?
There's nothing that you can do to force remote sites to accept email from you. If their servers are down temporarily, then they're down. It's perfectly normal for there to be messages in your outgoing queue. That's the way that SMTP mail delivery is designed to work.
To diagnose why messages are still in the queue and are unsent, look through the mail logs analysis panel.
-
also, now that it is back up and running, it is accepting a lot more connections:
194.164.82.218
151.53.235.153
66.77.59.50
216.248.197.63 & more. what does that mean?