eric was right about our router/firewall (we do not used qmail firewall) ... i create rules for exsclude qmail server IP, (port 25), and now its work
but, huge but, ... we used other mail server on this IP, over 5 years. we did not change firewall rules for mail IP i think last 1 year. i change this old mail server with qmail, and stay on same IP, there is no firewall rules change. how is posible, one mail server work, other not ... with same firewall rules ? also, why yahoo, gmail, facebook, etc ... work without exclude qmail IP in firewall ? is there some port or other stuff, witch qmail used to communication with other mail server ? we block port: ssh, telnet, mysql ... service witch not direcly used in smtp communication. do you have some idea about this ? , marko ----- Original Message ----- From: Jake Vickers To: [email protected] Sent: Friday, May 13, 2011 3:48 PM Subject: Re: [qmailtoaster] Re: status 256 On 05/12/2011 02:36 PM, MAKSNET D.O.O. Beograd wrote: - this is our log - clamav-toaster 0.97.0-1.3.41 - blacklist, b.barracudacentral.org bl.spamcop.net cbl.abuseat.org dnsbl.njabl.org dnsbl.sorbs.net dynablock.njabl.org list.dsbl.org opm.blitzed.org sbl.spamhaus.org If you drop sorbs.net, does this get better? From sorbs.net's website: IMPORTANT NOTICE: SORBS has recently experienced issues which may have impacted you. We would like to reiterate that it is our ongoing goal to create the most reliable and secure system on the market. While this is our aim, our efforts in a complete rewrite of the system over the past year have not come along as fast as we had predicted. Over the past few weeks SORBS has experienced technical issues at a small number of datacenters and these issues have led to deterioration in the quality of service and responsiveness. To address this issue, we have added two new datacenters and this will provide us with redundancy and failover systems in the event of further Denial of Service (DDOS) attacks. Furthermore, additional security measures have been implemented to minimize the risk of the SORBS service being compromised. <--end snip--> Remember that rmblsmtp looks up addresses in a serial method, so if one of those blacklists is taking a long time it will hold up the entire process. If you remove some of the blacklists, does it get better? You may try adding a -t option to your control file to specify a timeout. By default it uses 60 seconds. You also indicate that it only comes from one IP address - in the interim you could allow that IP to skip these checks in the tcp.smtp file, but you will still eventually want to fix the issue that is causing it in the first place.
