some wierdness with qmail - rbl/rss - dnscache
Something very weird started happening yesterday, and I have been trying to figure out what it might be, and I was unable to narrow it down. I have been running qmail with rbl/rss and also running dnscache on the same machine for a while without any problems. Yesterday my dnscache log started filling up with these error messages: @40003b574c21126fcb94 query 27874 7f01:e77a:701d 1 150.68.39.208.relays.mail-abuse.org. @40003b574c21126ff2a4 cached nxdomain 150.68.39.208.relays.mail-abuse.org. @40003b574c2112700dfc sent 27874 53 @40003b574c2113c47684 query 27875 7f01:fccb:eebc 12 2.110.10.209.in-addr.arpa. @40003b574c2113c5ce44 cached 12 2.110.10.209.in-addr.arpa. @40003b574c2113c69d4c sent 27875 78 @40003b574c2113eb6744 query 27876 7f01:fccb:eebc 16 150.68.39.208.blackholes.mail-abuse.org. @40003b574c2113ecb734 cached nxdomain 150.68.39.208.blackholes.mail-abuse.org. @40003b574c2113ed72b4 sent 27876 57 @40003b574c2113f087c4 query 27877 7f01:e77a:701d 1 150.68.39.208.relays.mail-abuse.org. @40003b574c2113f16e3c cached nxdomain 150.68.39.208.relays.mail-abuse.org. @40003b574c2113f2124c sent 27877 53 about 20 or so requests like this a second... about 95% of them are for 150.68.39.208.relays.mail-abuse.org/150.68.39.208.blackholes.mail-abuse.org which is (web01.dc.intira.com, not my server) and the other 5% are for 2.110.10.209.in-addr.arpa (my server) my qmail-smtp and qmail-send logs don't show anything interesting... My antivirus program (kaspersky's) didn't like this at all and was generating this error: Current object: 4Jul 19 14:01:31:XXX Sector Objects : 0 Known viruses : 0 Files : 0 Virus bodies : 0 Folders : 0Disinfected : 0 Archives : 0Deleted : 0 Packed : 0 Warnings : 0 Suspicious : 0 Speed (Kb/sec) : 0 Corrupted : 0 Scan time : 276546:01:31 I/O Errors : 0 Query for the tests: 4Jul 19 14:01:31:XXX I cant find object XXX (error string: No such file or directory). And maillog was filling up with this error: mail avpkeeper[23221]: Invalid message format I have totally disabled the Anti-Virus program, since I though that maybe it was the culprit. Turns out that my dnscache still continues to have the same error and nothing else has any interesting error messages... this is my /service/smtp/run #!/bin/sh PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin export PATH QMAILUID=`id -u qmaild` NOFILESGID=`id -g qmaild` exec softlimit -m 1 -t600 tcpserver -S -R -H -c100 -x /home/vpopmail/etc/tcp.smtp.cdb -u $QMAILUID -g $NOFILESGID 0 smtp rblsmtpd \ -r blackholes.mail-abuse.org \ -r 'relays.mail-abuse.org:Open relay problem - see http://www.mail-abuse.com/cgi-bin/nph-rss?%IP%' \ qmail-smtpd splogger smtpd 21 My qmail setup is done according to Matt Simerson's qmail-vpopmail-freebsd toaster. RBL and RSS tests shows that everything is working fine... So the only thing that I can think of that might be different is that MAPS changed something? I know I haven't changed anything for over a month now (and this is a fairly busy server). The thing that really freaks me out is that I worked on Deloitte Consulting's web site around a year ago, and now my dnscache is filling up with requests for 150.68.39.208.blackholes.mail-abuse.org which the IP address is for web01.dc.intira.com... I hope the two are not related in anyway. But the fact that it's there makes it at least strange. Any help/info/ideas would be really appreciated. Thanks! __ Kris.
problem with ezmlm
Hi, I know this might be a bit off-topic, and I apologize, but I don't know where else to turn to. I have a small mailing list, 260 members. I have sent out one email to the list with a attachment of 638kb. I have plenty of bandwidth, I also have 768MB Ram on the system, my qmail concurrencyremote was set to 255. Only the first 150 of list members received the email. I checked the logs, and it shows that qmail sent out only 150 emails. I got no errors, no nothing, and the remaining 110 members didn't receive anything... So my question is, what could it be? I am really lost here... So I am grabbing at straws, could it be that my databytes was set to 1 and 150 emails with 638kb attachment come out to ~97996800? I am running ezmlml-0.53+ezmlm-idx-0.40 and qmail1.03 Can anyone give me some pointers as to what it might be or where I should look for answers? Thanks! __ Kris.
Re: problem with ezmlm
No. databytes applies only to incoming SMTP mail. That is what I thought too. You should look in the logs. You'll find there the reasons for the deferral= s. (I know you said that there's nothing in the logs that indicates a problem,= but if you sent mail to 260 recipients and it was delivered to only 150 of them, there will be something in the logs telling you why.) Chris I did check the logs. According to the logs, there were only 150 emails sent. There were no deferrals. It's like as if the list was made out of only 150 members. I have tripple checked and the list does in fact have 260 members. When it started the delivery of 150th email, this is what I had in my log, @40003af6a3f40f5aafdc status: local 1/10 remote 153/255, the three other deliveries were of just some other email sends. And then after this, no errors and no deferrals, just delivery success messages for the first 150 emails. Also, the 150emails that were sent are the first 150 emails from the 260... It's actually in order. I have dumped the list from the mailing list, and created another list with just the remaining 110, and sent out my email that way, which of course went out without a problem. Maillog shows just the first 150 emails sent out, also no errors. I also checked messages log and dmesg log, nothing in there either... __ Kris.
Re: Can MX record be CNAME?
At 03:37 PM 5/4/2001 -0400, you wrote: BINDthinkers cannot just jump blindly into djbdnsthink. There are going to be a few posts now and again where someone is going to show a few zone records to clarify their point while they transition into qmail/djbdns/etc. Such zone file excerpts should be prefaced with an apology. If no apology is included, offenders should not be surprised if people point out their faux pas. -Dave Um guys... All I wanted to know was why you can't use CNAME for a MX record. The question has been answered, and maybe this topic can be dropped now? Or should we continue on giving our opinions on what should and shouldn't be posted and how it should be posted, etc... Second, I just wanted to point out that this is qmail list, not djdns or bind list. So asking a question related to qmail, and using a format of bind or djdns zone files to give further explanation of what is the question/problem should be ok. If bind zone files offend you, I think you might have a bigger problem to worry about. It's like saying inetd startup script for qmail offends me because I use tcpserver... Come on, give it a break. And giving an apology for posting relevant info? Maybe you should also put in an apology, every time you write something that might offend someone... The questions have been asked and answered, lets just move on with our lives now and end this thread. On an ending note, I appreciate everyone that responded to my question and gave me relevant info. I have fixed it on our servers, and am very happy that I am now RFC compliant. __ Kris.
Re: Can MX record be CNAME?
At 08:34 AM 5/3/2001 -0600, you wrote: Unfortunately I do not control my PTR records so I have to do the dns name change with CNAME. My questions are: Can MX record point to a CNAME? No, never. Charles, Why can't it be a CNAME? Is there a reason for this? I am currently using it as a CNAME and it's been working fine for a year or so... If there is a good reason for it, I sure would like to know so I can make changes. Thanks, __ Kris.
Re: Can MX record be CNAME?
At 08:34 AM 5/3/2001 -0600, you wrote: Unfortunately I do not control my PTR records so I have to do the dns name change with CNAME. My questions are: Can MX record point to a CNAME? No, never. Charles, Why can't it be a CNAME? Is there a reason for this? I am currently using it as a CNAME and it's been working fine for a year or so... If there is a good reason for it, I sure would like to know so I can make changes. Oh I have this currently: IN NS ns1.webgoku.com. IN NS ns2.webgoku.com. IN MX 10 mail.swishmail.com. $ORIGIN swishmail.com. ; ; Setup forward DNS for all hosts IN A 63.165.246.3 www IN A 63.165.246.3 ftp IN CNAME swishmail.com. mailIN CNAME swishmail.com. Or did you mean that you can't have something like this: IN MX 10 mail IN A 63.165.246.3 www IN A 63.165.246.3 mailIN CNAME swishmail.com. Thanks, __ Kris.
Re: Can MX record be CNAME?
At 11:09 AM 5/3/2001 -0700, you wrote: This means that pointing MX, NS, and SOA (at least) at a CNAME is not recommended. Personally, I hate CNAME, and I almost never use it. I can think of only one specialized use where CNAME comes in handy (third-party hosting). Nearly everything else can be done more efficiently with multiple A records IMHO. So, having multiple A records pointing to the same IP is ok then, when it comes to MX? like this: IN MX 10 mail.swishmail.com. $ORIGIN swishmail.com. ; Setup forward DNS for all hosts IN A 63.165.246.3 www IN A 63.165.246.3 mailIN A 63.165.246.3 ftp IN A 63.165.246.3 pop3IN CNAME swishmail.com. Or should MX mail.swishmail.com point to an IP address that nothing else points to? like for example: IN MX 10 mail.swishmail.com. $ORIGIN swishmail.com. ; Setup forward DNS for all hosts IN A 63.165.246.3 www IN A 63.165.246.3 mailIN A 63.165.246.5 ftp IN A 63.165.246.3 pop3IN CNAME swishmail.com. The reason why I am asking is would mail.swishmail.com be considered FQDN with the first example? Since mail.swishmail.com would resolve to 63.165.246.3, but 63.165.246.3 would resolve to swishmail.com. With the second example, forward and reverse would give you mail.swishmail.com - 63.165.256.5 and 63.165.256.5 - mail.swishmail.com __ Kris.
Re: report qmail log
Eko Yulianto don't be SO overly helpful... That's like telling people if they want to see the report of their website traffic to just look at the raw logs of apache or something... Raw logs are not "REPORTS" If you don't want to help someone, don't be a smart ass. "One" check out http://www.qmail.org/top.html and search for "logs" or "mrtg" on the page. I used http://qmaillog.byteaction.de/ it's pretty nice. http://www.enderunix.org/isoqlog/ I haven't tried it, but sounds promising. __ Kris. At 10:39 AM 4/9/2001 +0700, you wrote: just simply link your /var/log/maillog to your web directory as a text file - Original Message - From: "ONE" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 09, 2001 10:29 AM Subject: report qmail log Hi, all What software for use report qmail log on web page? ONE. _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Weird problem... X-MS-TNEF-Correlator
Hi, One of our users complained that one of her email accounts received an email with Word Doc attachment, and the attachment went through fine, while a her second account which was cc'ed just like the first one, received it all messed up and with a X-MS-TNEF-Correlator tag.. I was wondering if anyone else experienced this problem before or what the problem might be. We are running qmail, while the mail server the email came from is running Microsoft Exchange 5.5 I assume. Obviously this is weird because one person sent out email to couple cc'ed people and one received it fine, while the other didn't... Here are the headers of both of the emails, names and emails have been changed. The first cc'ed local account that accepted the message is [EMAIL PROTECTED] and received the attachment correctly. The second email is to [EMAIL PROTECTED] and received the attachment wrong. Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 32430 invoked from network); 24 Mar 2001 20:32:18 - Received: from unknown (HELO mail1.weyerhaeuser.com) (208.247.148.1) by localdomain.com with SMTP; 24 Mar 2001 20:32:18 - Received: by mail1.weyerhaeuser.com with Internet Mail Service (5.5.2650.21) id G9DS5QR4; Sat, 24 Mar 2001 12:22:45 -0800 Message-ID: [EMAIL PROTECTED] From: "Some, User" [EMAIL PROTECTED] To: "Another Person'" [EMAIL PROTECTED] Cc: "Person 2'" [EMAIL PROTECTED], "JNELSON'" [EMAIL PROTECTED], "PERSON 3'" [EMAIL PROTECTED], "PERSON 4'" [EMAIL PROTECTED], "JHAMM'" [EMAIL PROTECTED], "PERSON5'" [EMAIL PROTECTED], "PERSON6" [EMAIL PROTECTED] Subject: Contact: Me Date: Sat, 24 Mar 2001 12:22:44 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/mixed; boundary="_=_NextPart_000_01C0B4A0.2EFD58FA" This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --_=_NextPart_000_01C0B4A0.2EFD58FA Content-Type: text/plain DuPont St_.doc Another Person, email message Thanks, Some User --_=_NextPart_000_01C0B4A0.2EFD58FA Content-Type: application/msword; name="DuPont St_.doc" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="DuPont St_.doc" 0M8R4KGxGuEAPgADAP7/CQAGAAABMwAA EAAANQEAAAD+ADIAAAD/ CUT OFF Second email: Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 32423 invoked from network); 24 Mar 2001 20:32:18 - Received: from unknown (HELO mail1.weyerhaeuser.com) (208.247.148.1) by localdomain.com with SMTP; 24 Mar 2001 20:32:18 - Received: by mail1.weyerhaeuser.com with Internet Mail Service (5.5.2650.21) id G9DS5QRV; Sat, 24 Mar 2001 12:22:45 -0800 Message-ID: [EMAIL PROTECTED] From: "Some, User" [EMAIL PROTECTED] To: "Another Person'" [EMAIL PROTECTED] Cc: "Person 2'" [EMAIL PROTECTED], "JNELSON'" [EMAIL PROTECTED], "PERSON 3'" [EMAIL PROTECTED], "PERSON 4'" [EMAIL PROTECTED], "JHAMM'" [EMAIL PROTECTED], "PERSON5'" [EMAIL PROTECTED], "PERSON6" [EMAIL PROTECTED] Subject: Contact: Me Date: Sat, 24 Mar 2001 12:22:44 -0800 X-MS-TNEF-Correlator: [EMAIL PROTECTED] MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/mixed; boundary="_=_NextPart_000_01C0B4A0.2EFD58FA" This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --_=_NextPart_000_01C0B4A0.2EFD58FA Content-Type: text/plain Another Person, email message Thanks, Some User --_=_NextPart_000_01C0B4A0.2EFD58FA Content-Type: application/ms-tnef Content-Transfer-Encoding: base64 eJ8+Ii4UAQaQCAAEAAABAAEAAQeQBgAI5AQAAADoAAEIgAcAGElQTS5NaWNy b3NvZnQgTWFpbC5Ob3RlADEIAQuAAQAhMkQwQTQ0MkRGMTFGRDUxMTk0QjUwMDgwNUZCQjVG CUT OFF __ Kris.