RE: [qmailtoaster] messages stuck in the queue

[Steve Ingraham]

Steve Ingraham wrote: I am seeing a large number of messages stuck in the queue everyday.  Each morning I am seeing over 500 messages in the queue.  With very few exceptions they all are spam messages that the postmaster account has stopped delivery on because the spam message is trying to deliver to an account that does not exist in our domain.  What is directing mail to go to the queue?  Where are the settings for this?  What can I do to stop these messages from going to the queue?  I am currently going into the qmail queue and deleting all the messages that are spam and leaving any legitimate messages in the queue which then get delivered once the spam messages are deleted.  Is there something else I should be doing to keep this spam from collecting in the queue?     Jake Vickers wrote: There's not a whole lot you can do. What the spammers are doing is sending an email to your domain (bad address), with a different return address (usually also bad), so your machine is trying to bounce the message back to the sender, which as I said is also invalid. I set my queuelifetime to something reasonable like 2 or 3 hours, which helps clean them out of the queue faster. It's also a good idea for businesses, since if they send a message and there is an error they get a message back in 2-3 hours, instead of 5 days like the default. Gives them a chance to see their error, and send the message again after correcting. Other than that, some good BLs is about the best you can really do.   Steve Ingraham wrote: Thank you Jake for the reply, so decreasing the time a message sits in the queue is about the extent of what I can do?  Can you tell me where I can set the queuelifetime?  Also, what do you mean by “BLs”?  Are you referring to “blacklists”?  Jake Vickers wrote: The queue lifetime controls how long a message sits in the queue before it gets sent to /dev/null. It's controlled by the /var/qmail/control/queuelifetime file, and needs to have a value in it of how long you'd like the threshold to be. This number is in seconds. I'm using 10800 for a value on one of my machines (I happened to be logged into it while typing this). And yes, I meant blacklists. While not extremely effective, they will stop SOME spammer's bad IP addresses from connecting. It's a little bit of work, but you may check your logs to see what IP addresses the messages are coming from. I've found that whenever I got a "storm" like this, 80%-90% would be from a single IP trying to relay through me and I just add an entry in my iptables to deny connections.   Thanks again, this information has been very helpful, Steve Ingraham