On Mon, Feb 13, 2012 at 6:04 PM, Robert Van Dresar <[email protected] > wrote:
> > > On Mon, Feb 13, 2012 at 5:52 PM, Eric Shubert <[email protected]> wrote: > >> On 02/13/2012 04:27 PM, Robert Van Dresar wrote: >> >>> >>> >>> On Mon, Feb 13, 2012 at 5:19 PM, Robert Van Dresar >>> <[email protected] >>> <mailto:rvandresar@airplexus.**com<[email protected]>>> >>> wrote: >>> >>> >>> >>> On Mon, Feb 13, 2012 at 5:09 PM, Eric Shubert <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> On 02/13/2012 03:47 PM, Robert Van Dresar wrote: >>> >>> You are right, all of our users have to authenticate to send >>> email, I >>> believe that's the default behavior of a stock QMT, so does >>> that mean I >>> can add our domains to the blacklist-senders file?? >>> >>> >>> Yes, by all means. Records in that file should look like: >>> @mydomain.com <http://mydomain.com> >>> >>> >>> >>> I've tested for open relay, and that test returns OK. The >>> failure >>> notices I receive in the postmaster account point to one of >>> our users, >>> but it says the offending email is from >>> "[email protected]@**__some-random-ip-address", >>> and >>> >>> bounces back >>> to about 50 other email addresses. >>> >>> >>> I'm not quite sure what you mean here. A specific example with >>> headers would help. Try to leave as much data intact as you can, >>> but user and domain names can be substituted consistently if you >>> want to. >>> >>> >>> Her computer was off all weekend, >>> and we virus scanned it this morning and nothing. I really >>> didn't think >>> of her password being compromised that's easy enough to >>> change. I guess >>> I'll try that, especially since we're listed on five block >>> lists now. >>> >>> >>> Sounds as though that's the culprit then. You should attempt to >>> find out how her password was compromised. >>> >>> It can (and does occasionally) happen by network traffic >>> sniffing if her configuration sends a password in clear text >>> anywhere (I've seen it happen, once). This could be via webmail >>> w/out https (the stock QMT unfortunately allows this), or via a >>> client program that's not using TLS, such as a remote Outlook03 >>> client. If you have remote clients using Outlook03, you should >>> set up QMT to handle smtps (port 465), and configure those >>> clients to use SSL accordingly. >>> >>> If possible, all clients should use TLS for their smtp >>> submissions, whether on port 25 or 587. Unfortunately, QMT >>> cannot yet enforce use of TLS. Such a feature has been requested >>> to be added to spamdyke, and may (if we're lucky) be included in >>> the next spamdyke release. >>> >>> Please keep us posted. >>> >>> -- >>> -Eric 'shubes' >>> >>> >>> >>> Here's the "evidence" from one of the block lists: >>> >>> Return-Path: <[email protected] <mailto:[email protected]>> >>> >>> X-Original-To: [email protected] >>> >>> >>> Received: frommail.airplexus.com <http://mail.airplexus.com> ( >>> mail.airplexus.com <http://mail.airplexus.com> [65.245.57.15]) >>> bymail.ixlab.de <http://mail.ixlab.de> (Spamtrap) with ESMTP >>> >>> >>> >>> for [email protected]; Mon, 13 Feb 2012 21:38:50 +0100 (CET) >>> Received: (qmail 9460 invoked by uid 89); 13 Feb 2012 18:16:22 -0000 >>> Received: by simscan 1.4.0 ppid: 8048, pid: 9438, t: 0.7778s >>> >>> >>> scanners: attach: 1.4.0 clamav: 0.97.3 >>> /m:54/d:14401 >>> Received: >>> from184-82-61-166.static.**hostnoc.net<http://from184-82-61-166.static.hostnoc.net> >>> < >>> http://184-82-61-166.static.**hostnoc.net<http://184-82-61-166.static.hostnoc.net>> >>> (HELO User) ("email address >>> removed"@[email protected].**61.166<[email protected]> <mailto: >>> [email protected].**61.166 <[email protected]>>) >>> >>> >>> bymail.airplexus.com <http://mail.airplexus.com> with ESMTPA; >>> 13 Feb 2012 18:16:22 -0000 >>> Reply-To:<emma.thompson67@**ymail.com <[email protected]> >>> <mailto: >>> emma.thompson67@ymail.**com <[email protected]>>> >>> >>> From:"Rose Brown"<[email protected] <mailto:[email protected]>> >>> >>> Subject: Offers : Marks& Spencer >>> >>> Date: Mon, 13 Feb 2012 19:16:18 -0800 >>> MIME-Version: 1.0 >>> Content-Type: text/plain; >>> charset="Windows-1251" >>> Content-Transfer-Encoding: 7bit >>> X-Priority: 3 >>> >>> >>> X-MSMail-Priority: Normal >>> X-Mailer: Microsoft Outlook Express 6.00.2600.0000 >>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 >>> X-NiX-Spam-Hash2: d36eed170eb389bf1a5ab832cf972a**4b >>> X-NiX-Spam-Source-IP:65.245.**57.15 >>> >>> >>> X-NiX-Spam-MX:mail.ixlab.de <http://mail.ixlab.de> >>> >>> X-NiX-Spam-Listed: yes >>> >>> >>> I've left our mail server stuff intact, but removed her email address >>> >>> >>> ------------------------------**------------------------------** >>> --------------------- >>> Qmailtoaster is sponsored by Vickers Consulting Group >>> (www.vickersconsulting.com >>> <http://www.vickersconsulting.**com<http://www.vickersconsulting.com> >>> >) >>> >>> Vickers Consulting Group offers Qmailtoaster support and >>> installations. >>> If you need professional help with your setup, contact them >>> today! >>> ------------------------------**__----------------------------** >>> --__--------------------- >>> Please visit qmailtoaster.com <http://qmailtoaster.com> for >>> >>> the latest news, updates, and packages. >>> To unsubscribe, e-mail: >>> qmailtoaster-list-unsubscribe@**__qmailtoaster.com >>> >>> <mailto:qmailtoaster-list-**[email protected]<[email protected]> >>> > >>> For additional commands, e-mail: >>> qmailtoaster-list-help@__qmail**toaster.com<http://qmailtoaster.com> >>> >>> <mailto:qmailtoaster-list-**[email protected]<[email protected]> >>> > >>> >>> >>> >>> >>> Sorry, I meant /var/log/qmail/send/current: >>> >>> Here's a snippet from tail -f >>> >>> >>> /www.google.com/mail/help/**bulk_mail.html/421_4.7.0_to_** >>> review_our_Bulk_Email_Senders_**Guidelines._x3si1699355oeb.22/<http://www.google.com/mail/help/bulk_mail.html/421_4.7.0_to_review_our_Bulk_Email_Senders_Guidelines._x3si1699355oeb.22/> >>> <http://www.google.com/mail/**help/bulk_mail.html/421_4.7.0_** >>> to_review_our_Bulk_Email_**Senders_Guidelines._**x3si1699355oeb.22/<http://www.google.com/mail/help/bulk_mail.html/421_4.7.0_to_review_our_Bulk_Email_Senders_Guidelines._x3si1699355oeb.22/> >>> > >>> >>> @400000004f399b773829fbac status: local 0/10 remote 59/60 >>> @400000004f399b77382a037c starting delivery 6158346: msg 111052977 to >>> remote [email protected] <mailto:rhenderson@** >>> reviewjournal.com <[email protected]>> >>> >>> @400000004f399b77382a0764 status: local 0/10 remote 60/60 >>> >> <snip> >> >> You appear to have a backlog in your remote (outbound) queue. >> # qmHandle -l >> will give you a count. >> >> If you still have a lot of messages there, you'll want to stop qmail and >> clean them out manually. You can use qmHandle for that. Hopefully there's a >> constant in the subject or from string that you can use with the -tX option >> of qmHandle to delete the junk messages. If you run the qmHandle command >> with no options, it will show you what the options are. >> >> Looks like you'll have a few blacklists to get removed from once you get >> things squared away. Let us know how you make out. >> >> -- >> -Eric 'shubes' >> >> >> >> Eric, > > What's the syntax for the qmHandle -ts command?? I keep getting Subject: > -ts not found in queue when I execute qmHandle -ts 'string'?? > > > > Never mind, I figured it out. Now when I restart qmail I get "unable to acquire send/supervise/lock: temporary failure" > ------------------------------**------------------------------** >> --------------------- >> Qmailtoaster is sponsored by Vickers Consulting Group ( >> www.vickersconsulting.com) >> Vickers Consulting Group offers Qmailtoaster support and installations. >> If you need professional help with your setup, contact them today! >> ------------------------------**------------------------------** >> --------------------- >> Please visit qmailtoaster.com for the latest news, updates, and >> packages. >> To unsubscribe, e-mail: qmailtoaster-list-unsubscribe@** >> qmailtoaster.com <[email protected]> >> For additional commands, e-mail: qmailtoaster-list-help@** >> qmailtoaster.com <[email protected]> >> >> >> >
