Some how our server is being over run by outgoing emails, which we think are spam. We normally use plesk to administer it but it is currently crashing. How do we identify why this mail queue is so big? Im guessing it could be a compromised PHP script on one of the domains or something like that. Can someone give us an indication of where to start looking to get to the bottom of this. I realise this is a massively open ended question but any direction would be greatly appreciated.
If you find one traffic source and can't get the underlying fix made quickly, getting a block in ASAP, either via application configuration or iptables. Keep it a priority though, because whatever one spammer finds, another one will in short order.
Have you looked at the mail content directly? Watch to see who's sending messages and where they're being sent. Look at the IP addresses of message senders to see if they are coming from a single source. Are you using rblsmtp as part of your qmail-smtp pipeline? If the messages aren't coming from SMTP or they're coming from the localhost because your web pages are posting through SMTP, take a look at your web server logs to see if you can ascertain which IP address es are sending the messages.
Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? However, the recipients probably expect to see a proper header, as described in qmail-header 5. It exits 0 if it has successfully queued the message. It exits between 1 and 99 if it has failed to queue the message. All qmail-queue error codes between 11 and 40 indicate permanent errors: 11 Address too long.
Not used by qmail-queue , but can be used by programs offering the same interface. All other qmail-queue error codes indicate temporary errors: 51 Out of memory. Any problems reported by make check indicate that the queue is corrupt damaged or inconsistent. You should shut qmail down until you have corrected the problem. If you're seeing unusual errors from qmail-send , you might want to run this script to identify or rule out queue corruption. Modifying the Queue qmail automatically manages the queue, but occasional situations may require human intervention.
For example, one of your users sends a message with a megabyte attachment to a few hundred of his closest friends. Or maybe junk mailers pollute your queue with mass mailings. Or even worse, a junior system administrator tries to manipulate the queue and ends up corrupting it.
The longer a message has been in the queue, the less frequently qmail tries to deliver it. The actual retry schedule is documented in Appendix A, "How qmail Works. A message's age is the current time minus the creation time of the info file. Using the touch command to adjust this creation time, the mail administrator can prematurely age a message, causing it to be retried less frequently and bounce sooner, or give it a sip from the fountain of youth, causing it to be retried more frequently and delaying it from bouncing.
With the default queuelifetime of one week, setting a message's age to at least a week will mark it for one final delivery attempt. For example, to age the message with queue ID , which resides in the 0 split directory, do this:. Likewise, to grant the message with queue ID a temporary reprieve, the administrator could lower its age by doing this:. Removing Selected Messages from the Queue OK, so there are messages in the queue that have to be removed before qmail delivers them.
The first thing you should do is stop qmail-send using either the qmailctl stop command or svc — d , like this:. Otherwise, qmail-send 's internal knowledge of the queue won't match the actual queue on disk. This will result in qmail-send logging errors about the messages that were deleted behind its back. Once qmail-send has been stopped, the queue files associated with the messages you want to remove can be deleted. But before you can do that, you'll need to find the queue IDs of the messages you want to remove using the logs, qmail-qread , or by grep ing the mess queue files.
For example, to search the queue for all messages containing a string, for example, "warez," use a find command:. Once you've identified the queue IDs of the target messages, use find to locate and remove the files:. Repeat the find command as necessary until all of the files associated with the target message are removed.
Once qmail is restarted, check the end of the qmail-send log file for any messages about problems with the queue:. Whichever approach you use, stop qmail-send first. Using qmailctl , do this:. Both of these methods will remove all messages from the queue immediately and without generating bounces. Using the rebuild method, the old queue can be preserved for extracting and re-injecting important messages.
Making a Corrupt Queue Consistent If qmail-send generates error messages about missing queue files or the inability to read or write queue files, the problem is likely to be queue corruption, which is usually caused by system or mail administrators directly manipulating the queue.
0コメント