Koozali.org: home of the SME Server
Contribs.org Forums => General Discussion => Topic started by: steve288 on October 31, 2008, 04:38:49 PM
-
I have version 6.0 of SME. I tell you that not because this is necessarily a 6.0 questions (this is after all the general newsgroup) but just so you know what I'm working with.
I really don't understand many of the mail logs. I hope that some might help me to understand what the reports are telling me.
When I look at the mail reports I see odd things. Perhaps they are completely normal, I know mail programs do things that are far beyond what you might expect, and we don't have any problems. Our organization has about 50 users.
Take for example the list of outgoing mail and recipients
It lists like this...
26 Oct 2008 13:43:51 GMT #164178 1516
remote 303389498@removingthepast.net
31 Oct 2008 12:51:26 GMT #164155 15663 <>
remote support@awesomedailydeal.com
28 Oct 2008 15:13:03 GMT #164431 1567
remote noreply@rideatnight.info
31 Oct 2008 00:38:59 GMT #164110 94873 <>
remote stqvcc@messengerssupply.com
31 Oct 2008 11:34:10 GMT #164133 7648 <>
remote AgelessSkinCare@starkea.com
31 Oct 2008 12:58:07 GMT #164156 1527
remote support@awesomedailydeal.com
28 Oct 2008 17:19:09 GMT #164225 1560
remote noreply@wi-ficoffeeshop.com
27 Oct 2008 14:16:06 GMT #164386 1589
remote noreply@thegigbooker.com
29 Oct 2008 13:54:08 GMT #164409 1542
remote 303389498@establishedpeople.net
31 Oct 2008 00:55:23 GMT #164111 147485 <>
remote DeliveryConfirmation@eastwesttechgroup.com
31 Oct 2008 12:12:34 GMT #164134 4743 <>
remote 303389498@nevertriedit.com
31 Oct 2008 12:57:50 GMT #164157 15663 <>
remote support@awesomedailydeal.com
26 Oct 2008 21:45:28 GMT #164180 1554
Some of these addresses seem a bit odd. I find it hard to believe that anyone is emailing to awesomedailydeal.com or establishedpeople.net. So what is this telling me, what is remote mail anyway? I have tried to search the net but cant find any info on what this remote means ??
Then there is "Reasons for deferral" list
1 31.89 207.155.254.15 does not like recipient./Remote host said: 450 <seamstressesdfz@myevas.com>: Recipient address rejected: Valid DNS required on connecting IP (74.13.219.91) [17GC6CSBAH00]/Giving up on 207.155.254.15./
1 42.89 207.155.254.8 does not like recipient./Remote host said: 450 <dwvismanm@visman.com>: Recipient address rejected: Valid DNS required on connecting IP (74.13.219.91) [17FGKTS2E200]/Giving up on 207.155.254.8./
1 103.19 207.155.254.8 does not like recipient./Remote host said: 450 <root@bellandleggiollp.com>: Recipient address rejected: Valid DNS required on connecting IP (74.13.219.91) [17G6I1PLAG00]/Giving up on 207.155.254.8./
1 42.64 207.155.254.9 does not like recipient./Remote host said: 450 <strjohdg@bodyrubinc.com>: Recipient address rejected: Valid DNS required on connecting IP (74.13.219.91) [17G41QQA5Q00]/Giving up on 207.155.254.9./
1 2.88 207.156.43.81 does not like recipient./Remote host said: 450 cuda nsu <empress@floridabuilding.org>: Recipient address rejected: User unknown in local recipient table/Giving up on 207.156.43.81./
Again they seem a bit odd eg root@bell... Im fairly certain no one is emailing to root and other addresses.
Also
Recipient Hosts
7820 1 1 4.63 037.silvermailings.com
8139 1 1 1.63 038.silvermailings.com
7306 2 2 1.32 03.asp020.com
0 1 1 0.00 0402460492.com
8256 1 1 0.71 040.silvermailings.com
4752 2 2 8.18 044.qcx.net
7315 1 1 0.83 044.silvermailings.com
0 2 10 0.00 0451.com
0 0 43 0.00 04561.com
5323 2 2 3.37 046.qcx.net
7313 1 1 1.13 046.silvermailings.com
8222 1 1 1.95 04.asp020.com
6890 2 2 1.22 051.mx03.net
8335 1 1 1.08 052.silvermailings.com
0 0 2 0.00 0541.com
4784 2 2 2.12 054.qcx.net
8265 1 1 1.11 056.silvermailings.com
8712 1 1 0.72 059.silvermailings.com
8255 1 1 1.42 061.silvermailings.com
7316 1 1 0.83 063.silvermailings.com
15625 2 2 1.72 064.silvermailings.com
19197 3 3 10.34 06.asp060.com
7197 1 1 0.00 06.you2q.com
All seems a bit odd all the silvermailings.com
I don't believe we are being used to send out spam. When I look at the log I don't see 100's of 1000's of messages. perhaps 100's some seem valid some not valid. Is it something about mail that I don't understand.
While my system is version 6.0 it doesn't bog down and we don't get any indication that there are any problems. Its just these messages are odd. As well as some 100 to 400 messages in the mail queue. Right now it says
messages in queue: 164
messages in queue but not yet preprocessed: 0
Which seems to mean that everything is going out. Yesterday I used qmHandle to delete about 300. That were noreplys and some spam.
Can anyone give me some educated answers to my inquiry to understand waht these logs mean and perhaps what mail is doing?
Regards
-
I have version 6.0 of SME.
Well you shouldn't.
-
31 Oct 2008 12:51:26 GMT #164155 15663 <>
remote support@awesomedailydeal.com
That is a bounce message.
-
Are you saying that the messages that seem questionable are bounced messages.
I asume there are various kinds of bounced messages, but the only type I can think of are messages that I or a user here sends out and then it cant find the intended recipent and it bounces back to the original sender. I suppose it could be someone out in the world using our domain as a fake return address and when it cant find the intended recipent it bounces back to us. Do you mean either of these or something else can you clarify?
Regards
-
And is that what all remote messages are ??
-
I'm sorry, but I stopped supporting SME 6 years ago, as did everyone else.
-
Looks like spam messages originating from infected pc's on your LAN;
Shutdown your server or disconnect all pc's from it and run AV software on all the pc's, then
as you have scanned and cleaned each, allow it back onto the lan, check your mail queue / logs.
but as Charlie says, please upgrade to the latest version:
see the following also re upgrading :
http://wiki.contribs.org/UpgradeDisk (http://wiki.contribs.org/UpgradeDisk)
http://forums.contribs.org/index.php?topic=30745.0 (http://forums.contribs.org/index.php?topic=30745.0)
-
They seemed to be a bounce back messages to the remote sender trying to send mails to invalid users in your domains. They are mostly SPAM trying to get through. In SME 6.0 systems, there are two things that can minimize the problem.
1) Forward those emails either to admin or other email accounts so that the bounced back SPAMS won't be forwarded to legitimate mail servers. Unless done, this can even probably lead your IP to be blacklisted.
# /sbin/e-smith/config set EmailUnknownUser admin2
# /sbin/e-smith/config setprop qmail DoubleBounceTo admin2
# /sbin/e-smith/signal-event email-update
2) Activate rblsmtpd by editing your /var/service/smtpfront-qmail/run
exec 2>&1
exec /usr/bin/env - \
/usr/local/bin/envuidgid qmaild \
/usr/local/bin/tcpserver\
-U \
-R \
-x /etc/tcprules/tcp.smtp.cdb \
-l 0 \
0 smtp \
/usr/local/bin/rblsmtpd -b -r sbl-xbl.spamhaus.org -r cbl.abuseat.org \
/usr/local/bin/envdir ./env \
/usr/bin/smtpfront-qmail
# svc -t /service/smtpfront-qmail
-
akhilmathema thanks for your helpfull comments and answering my question. I will look into what you have mentioned.
Regards
-
steve288
In case you get uppity, this is answering your question, it's just not the answer you are expecting or wanting.
Why are you worried about a few bounce messages when you should be worried about connecting an insecure sme v6.x server to the Internet ?
Do us all a favour and remove your insecure server from the Net. Please upgrade it to sme 7.3, as that version has much improved email handling & so much more etc etc etc.
You may be surprised to see that the default sme7.3 resolves many of your bounce issues.
It's a free download and will still run on all but the oldest equipment you may be using for sme6.x.
I have sme7.3 running on a P333 box with 256Mb RAM. Server manager functions are slow, but web access is acceptable. I'm not promoting that as recommended practise, just saying that sme7.x will run on older hardware, especially where only light duty is being done.
-
Mary,
Im not sure I know what you mean ?? The person gave me a some good insights?
Sorry am I missing something :)
-
steve288
Please upgrade your insecure sme6.x server to sme 7.3. You will then have much improved email handling and a secure server that has regular updates released for it.
If your sme 6 server gets hacked (which is a distinct possibility), then other Internet email & web server administrators suffer to some small degree ie your server generates additional spam & viruses & acts as an open relay server to attack others from.
Please upgrade asap rather than patching your sme6 to work a bit better in one aspect.