On 02/13/2012 04:27 PM, Robert Van Dresar wrote:
On Mon, Feb 13, 2012 at 5:19 PM, Robert Van Dresar
<[email protected] <mailto:[email protected]>> wrote:
On Mon, Feb 13, 2012 at 5:09 PM, Eric Shubert <[email protected]
<mailto:[email protected]>> wrote:
On 02/13/2012 03:47 PM, Robert Van Dresar wrote:
You are right, all of our users have to authenticate to send
email, I
believe that's the default behavior of a stock QMT, so does
that mean I
can add our domains to the blacklist-senders file??
Yes, by all means. Records in that file should look like:
@mydomain.com <http://mydomain.com>
I've tested for open relay, and that test returns OK. The
failure
notices I receive in the postmaster account point to one of
our users,
but it says the offending email is from
"[email protected]@__some-random-ip-address", and
bounces back
to about 50 other email addresses.
I'm not quite sure what you mean here. A specific example with
headers would help. Try to leave as much data intact as you can,
but user and domain names can be substituted consistently if you
want to.
Her computer was off all weekend,
and we virus scanned it this morning and nothing. I really
didn't think
of her password being compromised that's easy enough to
change. I guess
I'll try that, especially since we're listed on five block
lists now.
Sounds as though that's the culprit then. You should attempt to
find out how her password was compromised.
It can (and does occasionally) happen by network traffic
sniffing if her configuration sends a password in clear text
anywhere (I've seen it happen, once). This could be via webmail
w/out https (the stock QMT unfortunately allows this), or via a
client program that's not using TLS, such as a remote Outlook03
client. If you have remote clients using Outlook03, you should
set up QMT to handle smtps (port 465), and configure those
clients to use SSL accordingly.
If possible, all clients should use TLS for their smtp
submissions, whether on port 25 or 587. Unfortunately, QMT
cannot yet enforce use of TLS. Such a feature has been requested
to be added to spamdyke, and may (if we're lucky) be included in
the next spamdyke release.
Please keep us posted.
--
-Eric 'shubes'
Here's the "evidence" from one of the block lists:
Return-Path: <[email protected] <mailto:[email protected]>>
X-Original-To: [email protected]
Received: frommail.airplexus.com <http://mail.airplexus.com>
(mail.airplexus.com <http://mail.airplexus.com> [65.245.57.15])
bymail.ixlab.de <http://mail.ixlab.de> (Spamtrap) with ESMTP
for [email protected]; Mon, 13 Feb 2012 21:38:50 +0100 (CET)
Received: (qmail 9460 invoked by uid 89); 13 Feb 2012 18:16:22 -0000
Received: by simscan 1.4.0 ppid: 8048, pid: 9438, t: 0.7778s
scanners: attach: 1.4.0 clamav: 0.97.3
/m:54/d:14401
Received: from184-82-61-166.static.hostnoc.net <http://184-82-61-166.static.hostnoc.net>
(HELO User) ("email address removed"@[email protected]
<mailto:[email protected]>)
bymail.airplexus.com <http://mail.airplexus.com> with ESMTPA; 13 Feb
2012 18:16:22 -0000
Reply-To:<[email protected] <mailto:[email protected]>>
From:"Rose Brown"<[email protected] <mailto:[email protected]>>
Subject: Offers : Marks& Spencer
Date: Mon, 13 Feb 2012 19:16:18 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-NiX-Spam-Hash2: d36eed170eb389bf1a5ab832cf972a4b
X-NiX-Spam-Source-IP:65.245.57.15
X-NiX-Spam-MX:mail.ixlab.de <http://mail.ixlab.de>
X-NiX-Spam-Listed: yes
I've left our mail server stuff intact, but removed her email address
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com <http://www.vickersconsulting.com>)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them
today!
------------------------------__------------------------------__---------------------
Please visit qmailtoaster.com <http://qmailtoaster.com> for
the latest news, updates, and packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscribe@__qmailtoaster.com
<mailto:[email protected]>
For additional commands, e-mail:
qmailtoaster-list-help@__qmailtoaster.com
<mailto:[email protected]>
Sorry, I meant /var/log/qmail/send/current:
Here's a snippet from tail -f
/www.google.com/mail/help/bulk_mail.html/421_4.7.0_to_review_our_Bulk_Email_Senders_Guidelines._x3si1699355oeb.22/
<http://www.google.com/mail/help/bulk_mail.html/421_4.7.0_to_review_our_Bulk_Email_Senders_Guidelines._x3si1699355oeb.22/>
@400000004f399b773829fbac status: local 0/10 remote 59/60
@400000004f399b77382a037c starting delivery 6158346: msg 111052977 to
remote [email protected] <mailto:[email protected]>
@400000004f399b77382a0764 status: local 0/10 remote 60/60
<snip>
You appear to have a backlog in your remote (outbound) queue.
# qmHandle -l
will give you a count.
If you still have a lot of messages there, you'll want to stop qmail and
clean them out manually. You can use qmHandle for that. Hopefully
there's a constant in the subject or from string that you can use with
the -tX option of qmHandle to delete the junk messages. If you run the
qmHandle command with no options, it will show you what the options are.
Looks like you'll have a few blacklists to get removed from once you get
things squared away. Let us know how you make out.
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
