Jeff: Thanks very much for the details. It will take me a bit to get
through these suggestions, but they all sound very reasonable. I'll get
back with results if all goes well, questions if they don't.
Regards,
Gary
Jeff Koch wrote:
Gary:
I have seen most of these errors only on very heavily loaded
mailservers that cannot keep up with the mail load. In those cases the
pop3 and smtp concurrency goes through the roof, pop3 sessions start
timing out and users can get the same email two and three times. You
are also apparently getting hit with backscatter bounce-backs from
spammers that have forged the email addresses of your users. Spamming,
backscatter, etc have increased dramatically over the last month and
you are feeling the result.
Things to look for and fix that we have found to be effective:
1. Search for any domain using a global catch-all, change it to
'catch-all bounced' and then change the ownership of that
.qmail-default file so they can't change it back. (prevents dictionary
attacks)
2. Increase the SA scores on bounces, shorten the rbl timeout:
whitelist_bounce_relays mail.gbco.us
rbl_timeout 8
add_header all Report _REPORT_
score BOUNCE_MESSAGE MTA 1.0
score ANY_BOUNCE_MESSAGE 1.0
3. Consider paying for a real blocking list like spamhaus.org's sbl
and xbl. That along with qmail's rblsmtpd program and our own RBL
mirror has eliminated over 75% of the spammer load on the mailserver.
At 05:16 PM 4/14/2008, you wrote:
I've been using the toaster for quite some time, with great results
(thanks Bill for all the hard work!). I'm running the latest versions
(although my clamAV may be out of date as that happens frequently).
My system is a CentOS with the latest updates. I use most of the "add
ons" such as spamassassin, clamav, ripmine, simscan, tmda, and
qmailmrtg. I host about 15 domains, but not too many users per
domain, the largest is about 40 users.
Unfortunately I seem to recently be experiencing some strange
problems and am not sure of the best way to sort them out.
- Emails with large attachments are typically being delivered twice
to the end user.
- Lots of spam, even though I have tweaked and tweaked on
spamassassin, the spam has more than doubled in the past month.
- Users receiving failure notices even though the message is actually
received properly.
- Users receiving failure notices from emails they didn't actually send.
- Some users get failures that say "protocol error" with not much
detail.
I've searched qmail logs and seem to only find the standard things
I've always seen. I have run queue repair routines which all say
there are no problems.
I'm pretty much at a loss as to what to do next. Any helpful
suggestions on things to run, errors to look for, or experiences
would be greatly appreciated.
Thanks,
Gary
Best Regards,
Jeff Koch, Intersessions
