On Thu, Dec 14, 2000 at 01:52:04PM -0600, Sam Laffere wrote:
> Help, I've been mail flooded to invalid users. My apologies for the length
> of this, but I'm trying to be complete. The background is as follows.
>
> My qmail server is the secondary MX for domain tri.net.
> mx1.tri.net got flooded with about 28,000 invalid user emails, which
> overflowed onto my qmail secondary server, mx2.tri.net.
(As an aside. This re-raises the question of whether it is good
practise to be a secondary MX for another site. I generally think it's
a bad idea...)
> My qstat does not seem to be getting smaller. My qread looks as follows.
It is actually. The number of "done" entries are increasing.
>
> ----clip ----
> 12 Dec 2000 21:58:59 GMT #53728 15374 <>
> remote [EMAIL PROTECTED]
> 12 Dec 2000 22:24:01 GMT #53751 15462 <>
> remote [EMAIL PROTECTED]
> 12 Dec 2000 12:53:05 GMT #53774 1146 <[EMAIL PROTECTED]> bouncing
> remote [EMAIL PROTECTED]
> remote [EMAIL PROTECTED]
> remote [EMAIL PROTECTED]
> remote [EMAIL PROTECTED]
> remote [EMAIL PROTECTED]
> remote [EMAIL PROTECTED]
> done remote [EMAIL PROTECTED]
> remote [EMAIL PROTECTED]
> done remote [EMAIL PROTECTED]
> done remote [EMAIL PROTECTED]
> done remote [EMAIL PROTECTED]
> done remote [EMAIL PROTECTED]
> done remote [EMAIL PROTECTED]
> 13 Dec 2000 00:18:33 GMT #54073 33878 <[EMAIL PROTECTED]>
> remote [EMAIL PROTECTED]
> ----clip ----
>
>
> My questions are as follows.
>
> Because of the 'giving_up' message, is it still retrying the same bad
> address again?
No. What's happened is that each email has many recipients so it's
going thru each recipient trying to delivery it. Ultimately your
system will try and send bounces back to the (probably forged) sender.
You are best to remove them if you can.
> Is there a 'filter' I can install to prevent qmail-remote from sending the
> emails from '[EMAIL PROTECTED]' on to mx1.tri.net?
Not a filter. But you can remove the queue entries with rm - and there
are tools on www.qmail.org that do that I believe.
> What does the 'done' mean on some of the messages in the qread dump? And
"done" means precisely what you'd expect. Delivery of that mail to
that recipient is complete (either success or permanent failure). But
in your case there are other recipients in the mail so it stays in the
queue.
> will they clean out automagicly?
Yes. Ultimately as bounces.
> Any help will be appreciated. Some 'good' email has been trapped in the
> queue, such as the last entry in the qread dump. But if I have to, I could
> completely dump the queue as a last resort.
Depending on how bad your queue is, it might be easier to trash it and
rebuild it with a make setup.
Regards.
