Postfix - increase of deffered email

Discussion in 'Server Operation' started by Hans, Dec 10, 2006.

Thread Status:
Not open for further replies.
  1. Hans

    Hans Moderator ISPConfig Developer

    Since this week the amount of deffered email has increased a lot.
    To make my self clear what is happening i've attached two graphs which are created my Munin.

    I ask myself how is this possible and is it something to worry about?
     

    Attached Files:

  2. falko

    falko Super Moderator ISPConfig Developer

  3. Hans

    Hans Moderator ISPConfig Developer

    Falko,

    The server is not blacklisted, i've checked at http://www.mxtoolbox.com/ and everything looks ok.

    Within the attachement you find some lines from my mail.log & warn.mail files, i do not thrust.
    What do you think it means?
     

    Attached Files:

    Last edited: Dec 10, 2006
  4. tycho

    tycho New Member

    Having looked at your maillog.txt, I suspect your server is bouncing spam. There are a lot of impossible destinations like ol.com and yhoo.com. These addresses will most likely cause the problem.
     
    Last edited: Dec 11, 2006
  5. Hans

    Hans Moderator ISPConfig Developer

    Thanks for your reply!
    I think it must be something like that indeed.
    After some investigation and Goole-ing, i came to the same conclusion.

    The problem now is that i do not know, how i can avoid this.
    Can anyone give me advise?
     
  6. tycho

    tycho New Member

    Did you change anything, like main.cf, just before you encountered the problem?
    What's your antispam routine? (Like using procmail, amavis or mailscanner)
     
  7. Hans

    Hans Moderator ISPConfig Developer

    I did not change my main.cf.
    Within the attachment you find a copy of my Postfix main.cf file.
    I am using Debian Linux i.c.w. ISPConfig and Spamassassin.
     

    Attached Files:

    Last edited: Dec 11, 2006
  8. tycho

    tycho New Member

    Hmm, lets see, nothing wrong here and you're using procmail. Do you use Usermin as well? Because one of your users might have set up some bouncing rules. I take it that you did not do it yourself, if it happened at all.
     
  9. Hans

    Hans Moderator ISPConfig Developer

    No, i do not use Usermin.
    One of my clients had setup a Joomla site this week.
    He also used some guestbook and mailingsoftware.
    Last night i put the whole Joomla site within the recycle bin to see if the deffered mail was reducing.
    After that, i had a look to Mumins output again. But there was no difference.

    I really want to know how i can stop the SPAM bouncing.
    Any advise is welcome.
     
  10. tycho

    tycho New Member

    Do you actually need the line
    relay_domains = $mydestination
    in main.cf?
     
  11. HoUsECAt

    HoUsECAt New Member

    Have a look in your /etc/amavisd/amavisd.conf

    There are a couple of lines which you can check, mine are:

    $final_virus_destiny = D_REJECT; # (defaults to D_BOUNCE)
    $final_banned_destiny = D_REJECT; # (defaults to D_BOUNCE)
    $final_spam_destiny = D_PASS; # (defaults to D_REJECT)
    $final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested
     
  12. Hans

    Hans Moderator ISPConfig Developer

    No i do not need it.
    I think, you suggest to comment it out and restart Postfix.
    I will do it now and wait if it takes effect.
    Thanks again for your support.
     
  13. HoUsECAt

    HoUsECAt New Member

    No i mean you have to check if they are on BOUNCE

    i suggest you set them like mine and then restart postfix

    Also check if your postfix que isn't filling up with these bounces

    check with:

    PHP:
    mailq
    and release or delete them with the postsuper command

    PHP:
    postsuper -*QUEUE ID* (for releasing one)
    postsuper -r ALL (for releasing ALL)
    postsuper -*QUEUE ID* (for deleting one)
    postsuper -d ALL (for deleting ALL)
     
  14. Hans

    Hans Moderator ISPConfig Developer

    Sorry i was "talking"to tycho.

    Thanks for your help.
    The point is that at this moment i do not use Amavis, which means i can not edit/add the lines you have mentioned.
    My server has been setup according Falko's Perfect howto so i only use Procmail / SpamAssassin.
    I do not have any experience with Amavis.

    Are there any other possibilities?
     
  15. tycho

    tycho New Member

    Well, I'm still not sure about the origin of the spam, so I suggest turning off the directive and restart postfix. Also I have to know about the complete route of these spams. Not just where they get deferred, have to track it from the moment of first contact with the server.
    Also flush the que
     
    Last edited: Dec 11, 2006
  16. Hans

    Hans Moderator ISPConfig Developer

    This is what i have done:

    i gave an mailq PHP command
    I saw that there where 36 reffered mails there.
    I stopped Postfix with /etc/init.d/postfix stop
    I gave a postsuper -d ALL command.
    Finally i started postfix again with /etc/init.d/postfix start

    This was the solution for now (i do not know for how long)
    You can have a look at Munin's graph now.

    Thank you both for the advise!
    I really appreaciate it.
     

    Attached Files:

  17. tycho

    tycho New Member

    Oh, forgot: how many nic's does your server have?
    If one, add that network to mynetworks in main.cf like this:
    mynetworks = 127.0.0.0/8, 192.168.1.0/24
    If two nic's add eth1's network.
     
  18. Hans

    Hans Moderator ISPConfig Developer

    @tycho,

    The suggested lines are within my main.cf file.
    Thanks a lot!
     
  19. falko

    falko Super Moderator ISPConfig Developer

    Tycho is right:
    The mails are bounced before they even reach procmail/amavisd/whatever, so finetuning that makes no sense.

    But I think you should check your web applications (guestbooks, forum software, etc.) if there are forms (contact forms, etc.) that spammers could abuse for sending spam. Other than that I don't think you can do much about it.
     
  20. Hans

    Hans Moderator ISPConfig Developer

    @Falko,

    I've contacted the client already.
    He had some guestbook & mailingsoftware installed within Joomla.


    I've told him to remove them and he did.

    Thanks for your reaction.
     
Thread Status:
Not open for further replies.

Share This Page