On Mon, Feb 13, 2012 at 5:52 PM, Eric Shubert <[email protected]> wrote:
> On 02/13/2012 04:27 PM, Robert Van Dresar wrote: > >> >> >> On Mon, Feb 13, 2012 at 5:19 PM, Robert Van Dresar >> <[email protected] >> <mailto:rvandresar@airplexus.**com<[email protected]>>> >> wrote: >> >> >> >> On Mon, Feb 13, 2012 at 5:09 PM, Eric Shubert <[email protected] >> <mailto:[email protected]>> wrote: >> >> On 02/13/2012 03:47 PM, Robert Van Dresar wrote: >> >> You are right, all of our users have to authenticate to send >> email, I >> believe that's the default behavior of a stock QMT, so does >> that mean I >> can add our domains to the blacklist-senders file?? >> >> >> Yes, by all means. Records in that file should look like: >> @mydomain.com <http://mydomain.com> >> >> >> >> I've tested for open relay, and that test returns OK. The >> failure >> notices I receive in the postmaster account point to one of >> our users, >> but it says the offending email is from >> "[email protected]@**__some-random-ip-address", and >> >> bounces back >> to about 50 other email addresses. >> >> >> I'm not quite sure what you mean here. A specific example with >> headers would help. Try to leave as much data intact as you can, >> but user and domain names can be substituted consistently if you >> want to. >> >> >> Her computer was off all weekend, >> and we virus scanned it this morning and nothing. I really >> didn't think >> of her password being compromised that's easy enough to >> change. I guess >> I'll try that, especially since we're listed on five block >> lists now. >> >> >> Sounds as though that's the culprit then. You should attempt to >> find out how her password was compromised. >> >> It can (and does occasionally) happen by network traffic >> sniffing if her configuration sends a password in clear text >> anywhere (I've seen it happen, once). This could be via webmail >> w/out https (the stock QMT unfortunately allows this), or via a >> client program that's not using TLS, such as a remote Outlook03 >> client. If you have remote clients using Outlook03, you should >> set up QMT to handle smtps (port 465), and configure those >> clients to use SSL accordingly. >> >> If possible, all clients should use TLS for their smtp >> submissions, whether on port 25 or 587. Unfortunately, QMT >> cannot yet enforce use of TLS. Such a feature has been requested >> to be added to spamdyke, and may (if we're lucky) be included in >> the next spamdyke release. >> >> Please keep us posted. >> >> -- >> -Eric 'shubes' >> >> >> >> Here's the "evidence" from one of the block lists: >> >> Return-Path: <[email protected] <mailto:[email protected]>> >> >> X-Original-To: [email protected] >> >> >> Received: frommail.airplexus.com <http://mail.airplexus.com> ( >> mail.airplexus.com <http://mail.airplexus.com> [65.245.57.15]) >> bymail.ixlab.de <http://mail.ixlab.de> (Spamtrap) with ESMTP >> >> >> >> for [email protected]; Mon, 13 Feb 2012 21:38:50 +0100 (CET) >> Received: (qmail 9460 invoked by uid 89); 13 Feb 2012 18:16:22 -0000 >> Received: by simscan 1.4.0 ppid: 8048, pid: 9438, t: 0.7778s >> >> >> scanners: attach: 1.4.0 clamav: 0.97.3 >> /m:54/d:14401 >> Received: >> from184-82-61-166.static.**hostnoc.net<http://from184-82-61-166.static.hostnoc.net> >> < >> http://184-82-61-166.static.**hostnoc.net<http://184-82-61-166.static.hostnoc.net>> >> (HELO User) ("email address >> removed"@[email protected].**61.166<[email protected]> <mailto: >> [email protected].**61.166 <[email protected]>>) >> >> >> bymail.airplexus.com <http://mail.airplexus.com> with ESMTPA; 13 >> Feb 2012 18:16:22 -0000 >> Reply-To:<emma.thompson67@**ymail.com <[email protected]> <mailto: >> emma.thompson67@ymail.**com <[email protected]>>> >> >> From:"Rose Brown"<[email protected] <mailto:[email protected]>> >> >> Subject: Offers : Marks& Spencer >> >> Date: Mon, 13 Feb 2012 19:16:18 -0800 >> MIME-Version: 1.0 >> Content-Type: text/plain; >> charset="Windows-1251" >> Content-Transfer-Encoding: 7bit >> X-Priority: 3 >> >> >> X-MSMail-Priority: Normal >> X-Mailer: Microsoft Outlook Express 6.00.2600.0000 >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 >> X-NiX-Spam-Hash2: d36eed170eb389bf1a5ab832cf972a**4b >> X-NiX-Spam-Source-IP:65.245.**57.15 >> >> >> X-NiX-Spam-MX:mail.ixlab.de <http://mail.ixlab.de> >> >> X-NiX-Spam-Listed: yes >> >> >> I've left our mail server stuff intact, but removed her email address >> >> >> ------------------------------**------------------------------** >> --------------------- >> Qmailtoaster is sponsored by Vickers Consulting Group >> (www.vickersconsulting.com >> <http://www.vickersconsulting.**com<http://www.vickersconsulting.com> >> >) >> >> Vickers Consulting Group offers Qmailtoaster support and >> installations. >> If you need professional help with your setup, contact them >> today! >> ------------------------------**__----------------------------** >> --__--------------------- >> Please visit qmailtoaster.com <http://qmailtoaster.com> for >> >> the latest news, updates, and packages. >> To unsubscribe, e-mail: >> qmailtoaster-list-unsubscribe@**__qmailtoaster.com >> >> <mailto:qmailtoaster-list-**[email protected]<[email protected]> >> > >> For additional commands, e-mail: >> qmailtoaster-list-help@__qmail**toaster.com<http://qmailtoaster.com> >> >> <mailto:qmailtoaster-list-**[email protected]<[email protected]> >> > >> >> >> >> >> Sorry, I meant /var/log/qmail/send/current: >> >> Here's a snippet from tail -f >> >> >> /www.google.com/mail/help/**bulk_mail.html/421_4.7.0_to_** >> review_our_Bulk_Email_Senders_**Guidelines._x3si1699355oeb.22/<http://www.google.com/mail/help/bulk_mail.html/421_4.7.0_to_review_our_Bulk_Email_Senders_Guidelines._x3si1699355oeb.22/> >> <http://www.google.com/mail/**help/bulk_mail.html/421_4.7.0_** >> to_review_our_Bulk_Email_**Senders_Guidelines._**x3si1699355oeb.22/<http://www.google.com/mail/help/bulk_mail.html/421_4.7.0_to_review_our_Bulk_Email_Senders_Guidelines._x3si1699355oeb.22/> >> > >> >> @400000004f399b773829fbac status: local 0/10 remote 59/60 >> @400000004f399b77382a037c starting delivery 6158346: msg 111052977 to >> remote [email protected] <mailto:rhenderson@** >> reviewjournal.com <[email protected]>> >> >> @400000004f399b77382a0764 status: local 0/10 remote 60/60 >> > <snip> > > You appear to have a backlog in your remote (outbound) queue. > # qmHandle -l > will give you a count. > > If you still have a lot of messages there, you'll want to stop qmail and > clean them out manually. You can use qmHandle for that. Hopefully there's a > constant in the subject or from string that you can use with the -tX option > of qmHandle to delete the junk messages. If you run the qmHandle command > with no options, it will show you what the options are. > > Looks like you'll have a few blacklists to get removed from once you get > things squared away. Let us know how you make out. > > -- > -Eric 'shubes' > > > > Eric, What's the syntax for the qmHandle -ts command?? I keep getting Subject: -ts not found in queue when I execute qmHandle -ts 'string'?? > ------------------------------**------------------------------** > --------------------- > Qmailtoaster is sponsored by Vickers Consulting Group ( > www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and installations. > If you need professional help with your setup, contact them today! > ------------------------------**------------------------------** > --------------------- > Please visit qmailtoaster.com for the latest news, updates, and > packages. > To unsubscribe, e-mail: qmailtoaster-list-unsubscribe@** > qmailtoaster.com <[email protected]> > For additional commands, e-mail: qmailtoaster-list-help@** > qmailtoaster.com <[email protected]> > > >
