Hi again Pete,
I realized after sending my message that I hadn't fully answered your
question.
I have to assume that James is setup to use MySQL for storage and the
MySQL database is called 'maildb'. If that is the case then log into
MySQL as a user with permission to modify the maildb database from the
command line and run: -
mysql> use maildb;
If you want to list all the messages in the spool (there shouldn't be
too many): -
mysql> select message_name, repository_name, message_state, sender,
recipients, last_updated, error_message from spool;
Pay attention to the the message_name field of the message you want to
delete (I'm assuming it looks like
Mail1358498306551-20313-to-xxxxxxxxxx.co.uk) and then run this command
to remove it from the spool queue: -
mysql> delete from spool where message_name =
'Mail1358498306551-20313-to-xxxxxxxxxx.co.uk' and repository_name = 'spool';
That should do it.
Regards,
David Legg
On 22/01/13 22:17, David Legg wrote:
Hi Pete,
I had a similar incident last Thursday (17th Jan). When I looked at
the smtp server log file I noticed one particular address was
performing a connection every couple of seconds for hours: -
17/01/13 11:10:14 INFO smtpserver: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:21 INFO smtpserver: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:23 INFO smtpserver: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:30 INFO smtpserver: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:33 INFO smtpserver: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:35 INFO smtpserver: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:42 INFO smtpserver: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:44 INFO smtpserver: Connection from 118.69.70.252
(118.69.70.252)
I was alerted to it because a user said they were having trouble
receiving email. It turned out that this culprit was also attacking
the pop server at the same time with thousands of entries like this: -
17/01/13 11:10:00 INFO pop3server: Connection for ag...@co.uk from
118.69.70.252 (118.69.70.252) closed.
17/01/13 11:10:01 INFO pop3server: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:02 INFO pop3server: Connection for ag...@co.uk from
118.69.70.252 (118.69.70.252) closed.
17/01/13 11:10:08 INFO pop3server: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:10 INFO pop3server: Connection for a...@co.uk from
118.69.70.252 (118.69.70.252) closed.
17/01/13 11:10:11 INFO pop3server: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:12 INFO pop3server: Connection for a...@co.uk from
118.69.70.252 (118.69.70.252) closed.
17/01/13 11:10:13 INFO pop3server: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:14 INFO pop3server: Connection for a...@co.uk from
118.69.70.252 (118.69.70.252) closed.
17/01/13 11:10:20 INFO pop3server: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:21 INFO pop3server: Connection for ak...@co.uk from
118.69.70.252 (118.69.70.252) closed.
17/01/13 11:10:22 INFO pop3server: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:23 INFO pop3server: Connection for al...@co.uk from
118.69.70.252 (118.69.70.252) closed.
17/01/13 11:10:24 INFO pop3server: Connection from 118.69.70.252
(118.69.70.252)
Like you I began noticing a remotedelivery error over and over: -
17/01/13 12:35:30 INFO James.Mailet: RemoteDelivery: Could not
connect to SMTP host: xxx.xxx.120.220, port: 25
17/01/13 12:35:30 INFO James.Mailet: RemoteDelivery: Temporary
exception delivering mail
(Mail1358418045851-7090-!310867-to-t-mobile.co.uk:
17/01/13 12:35:30 INFO James.Mailet: RemoteDelivery: Storing message
Mail1358418045851-7090-!310867-to-t-mobile.co.uk into outgoing after 5
retries
17/01/13 12:35:30 INFO James.Mailet: RemoteDelivery: Attempting
delivery of Mail1358423703286-7128-!505926-to-t-mobile.co.uk to host
one2one.t-mobile.co.uk. a
t xxx.xxx.120.220 for addresses [miniski...@t-mobile.co.uk]
I began to be concerned that the culprits had somehow managed to
coerce James into forwarding email.
As a temporary measure I blocked all packets from 118.69.70.252 for
five minutes and that was enough to make it move on to someone else.
After my retry period timed out (I have it set to a few hours and not
the recommended 3 days because my users want to know if an email
couldn't be delivered as soon as possible) all was well again.
I'm still wondering if the bot had found a weakness in my settings but
this server has been up for years and I've not had many problems.
Hope that helps,
David Legg
On 22/01/13 18:20, Pete Williams wrote:
Hi
I'm a long time James user. No problem since 2010 until now.
James has started to drop this error into the mailet logs many times
a second:
22/01/13 17:49:22 INFO James.Mailet: RemoteDelivery: Attempting
delivery of Mail1358498306551-20313-to-xxxxxxxxxx.co.uk to host
xxxxxxxx.com. at 207.126.147.10 for addresses [xxxxxxxxxxxxxxxxx.co.uk]
22/01/13 17:49:22 INFO James.Mailet: RemoteDelivery: Exception
caught in RemoteDelivery.run()
java.lang.OutOfMemoryError: Java heap space
The result is that James is utilising loads of server processor
resource.
It seems to be this particular email. I'd like to get rid of it to
see if that fixes the problem. How can I do that?
Version of James is 2.3.2 running on Windows. Upgrade planned for
May, but right now I just want to fix this problem.
I have started and stopped James.
Thanks, Pete
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
