Re: [qmailtoaster] Re: odd messages
Hi Eric Eric. I have same issue in my send log - big difference is though that I do have known mailadresses in between the (e.g. n...@mailaddr.dk) - only happens when sending outgoing mails - all outgoing mails. This seems to have been a known issue with qmail back in 2006 according to findings on the net - there was entry made in bugzilla then, but I cannot find it anymore. Regards, Finn Den 26-02-2014 02:07, Eric Shubert skrev: On 02/25/2014 04:04 PM, Eric Broch wrote: Hello list, I have messages in my 'send' log with the following format: 2014-02-25 15:36:30.091878500 new msg 2884020 2014-02-25 15:36:30.091879500 info msg 2884020: bytes 4379 from qp 21937 uid 7796 2014-02-25 15:36:30.095577500 starting delivery 8072: msg 2884020 to remote debbiet...@att.net 2014-02-25 15:36:30.095578500 status: local 0/10 remote 1/60 2014-02-25 15:36:31.196274500 delivery 8072: success: User_and_password_not_set,_continuing_without_authentication./debbiet...@att.net_204.127.208.75_accepted_message./Remote_host_said:_250_ok_;_id=20140225223629s0300l57ooe/ 2014-02-25 15:36:31.196278500 status: local 0/10 remote 0/60 2014-02-25 15:36:31.196279500 end msg 2884020 The odd part is from the 2nd line: 'from ' And corresponding message in my queue: messages in queue: 1 messages in queue but not yet preprocessed: 0 25 Feb 2014 22:31:05 GMT #2884150 2145 debbiet...@att.net bouncing done remote wildwestlady1...@msn.com remote sherry.fe...@sodexhousa.com done remote sherrylaw...@msn.com done remote buddecha...@yahoo.com done remote she...@whimsicalplace.com done remote shi...@zoominternet.net done remote shipshewanash...@aol.com done remote shm...@bellsouth.net done remote shopgenerati...@gmail.com Does anyone know what this means, that is, is my server being used as a relay somehow? Eric - Peculiar all right. I looked for ' from ' in my send log and found a few entries. Then I found corresponding double-bounce messages in my postmaster account. Turns out, they were submitted with authentication for an account that's hardly ever used (if at all). I changed the password (was pretty weak) and I expect things will be ok now. Generally speaking, I'd look for corresponding messages in the the smtp/submission queues to see how the message entered the host. Chances are there's a breach. Might be worth looking for ' from ' occasionally in the send logs to see what might be going on. Thanks EB! - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: odd messages
Just finalized some more tracing and look what I found in Qmail Wiki : I see a message in my smtp log that states User_and_password_not_set,_continuing_without_authentication. What is going on? That message is just the remote-auth patch saying that the destination did not have a username/password set in smtproutes, which is usually the intended behavior. This is a diagnosis tool for people who actually set artificial routes that require login/password. This is not an error message and can be safely ignored. So nothing to worry abot then ? Cheers, Finn Den 26-02-2014 11:23, Finn Buhelt skrev: Hi Eric Eric. I have same issue in my send log - big difference is though that I do have known mailadresses in between the (e.g. n...@mailaddr.dk) - only happens when sending outgoing mails - all outgoing mails. This seems to have been a known issue with qmail back in 2006 according to findings on the net - there was entry made in bugzilla then, but I cannot find it anymore. Regards, Finn Den 26-02-2014 02:07, Eric Shubert skrev: On 02/25/2014 04:04 PM, Eric Broch wrote: Hello list, I have messages in my 'send' log with the following format: 2014-02-25 15:36:30.091878500 new msg 2884020 2014-02-25 15:36:30.091879500 info msg 2884020: bytes 4379 from qp 21937 uid 7796 2014-02-25 15:36:30.095577500 starting delivery 8072: msg 2884020 to remote debbiet...@att.net 2014-02-25 15:36:30.095578500 status: local 0/10 remote 1/60 2014-02-25 15:36:31.196274500 delivery 8072: success: User_and_password_not_set,_continuing_without_authentication./debbiet...@att.net_204.127.208.75_accepted_message./Remote_host_said:_250_ok_;_id=20140225223629s0300l57ooe/ 2014-02-25 15:36:31.196278500 status: local 0/10 remote 0/60 2014-02-25 15:36:31.196279500 end msg 2884020 The odd part is from the 2nd line: 'from ' And corresponding message in my queue: messages in queue: 1 messages in queue but not yet preprocessed: 0 25 Feb 2014 22:31:05 GMT #2884150 2145 debbiet...@att.net bouncing done remote wildwestlady1...@msn.com remote sherry.fe...@sodexhousa.com done remote sherrylaw...@msn.com done remote buddecha...@yahoo.com done remote she...@whimsicalplace.com done remote shi...@zoominternet.net done remote shipshewanash...@aol.com done remote shm...@bellsouth.net done remote shopgenerati...@gmail.com Does anyone know what this means, that is, is my server being used as a relay somehow? Eric - Peculiar all right. I looked for ' from ' in my send log and found a few entries. Then I found corresponding double-bounce messages in my postmaster account. Turns out, they were submitted with authentication for an account that's hardly ever used (if at all). I changed the password (was pretty weak) and I expect things will be ok now. Generally speaking, I'd look for corresponding messages in the the smtp/submission queues to see how the message entered the host. Chances are there's a breach. Might be worth looking for ' from ' occasionally in the send logs to see what might be going on. Thanks EB! - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] More odd messages
Hello list...Again, Below are 1) the smtp log and 2) the send log of a message that started looping (whatever that is). I tracked the beginning of the message (from christoph...@tysoncentral.net) in SMTP and it tried (I guess) to send it to one of my valid users, but never could. Then Qmail responded to the account which subsequently bounced. At the far bottom is the bounced email. I'm kinda in the dark as to what this looping message is. Any help would be appreciated. Eric 2014-02-26 01:38:38.952644500 CHKUSER accepted sender: from christoph...@tysoncentral.net:: remote net-93-149-60-132.cust.vodafonedsl.it:unknown:93.149.60.132 rcpt : sender accepted 2014-02-26 01:38:39.504956500 CHKUSER accepted rcpt: from christoph...@tysoncentral.net:: remote net-93-149-60-132.cust.vodafonedsl.it:unknown:93.149.60.132 rcpt valid_u...@mydomain.com : found existing recipient 2014-02-26 01:38:39.504960500 policy_check: remote christoph...@tysoncentral.net - local valid_u...@mydomain.com (UNAUTHENTICATED SENDER) 2014-02-26 01:38:46.113695500 simscan:[6446]:CLEAN (6.20/12.00):5.9962s:***SPAM***[sa] Get 55% off NOW.:93.149.60.132:christoph...@tysoncentral.net:valid_u...@mydomain.com 2014-02-26 01:38:46.188582500 spamdyke[6445]: ALLOWED from: christoph...@tysoncentral.net to: valid_u...@mydomain.com origin_ip: 93.149.60.132 origin_rdns: net-93-149-60-132.cust.vodafonedsl.it auth: (unknown) encryption: (none) reason: 250_ok_1393403926_qp_6448 2014-02-26 01:31:34.188141500 status: local 1/10 remote 0/60 2014-02-26 01:31:37.008195500 delivery 10: success: did_0+0+1/ 2014-02-26 01:31:37.008197500 status: local 0/10 remote 0/60 2014-02-26 01:31:37.008198500 end msg 2883656 2014-02-26 01:38:46.192822500 new msg 2883656 2014-02-26 01:38:46.192824500 info msg 2883656: bytes 31080 from christoph...@tysoncentral.net qp 6454 uid 89 2014-02-26 01:38:46.200715500 starting delivery 11: msg 2883656 to local mydomain.com-valid_u...@mydomain.com 2014-02-26 01:38:46.200718500 status: local 1/10 remote 0/60 2014-02-26 01:38:51.827443500 delivery 11: failure: mail_is_looping/ 2014-02-26 01:38:51.831348500 status: local 0/10 remote 0/60 2014-02-26 01:38:51.836223500 bounce msg 2883656 qp 6460 2014-02-26 01:38:51.836250500 end msg 2883656 2014-02-26 01:38:51.859164500 new msg 2884145 2014-02-26 01:38:51.859190500 info msg 2884145: bytes 31612 from qp 6461 uid 7796 2014-02-26 01:38:51.861707500 starting delivery 12: msg 2884145 to remote christoph...@tysoncentral.net 2014-02-26 01:38:51.861735500 status: local 0/10 remote 1/60 2014-02-26 01:38:54.460042500 delivery 12: failure: User_and_password_not_set,_continuing_without_authentication./74.220.207.133_does_not_like_recipient./Remote_host_said:_550_No_Such_User_Here/Giving_up_on_74.220.207.133./ 2014-02-26 01:38:54.460213500 status: local 0/10 remote 0/60 2014-02-26 01:38:54.465588500 bounce msg 2884145 qp 6463 2014-02-26 01:38:54.465590500 end msg 2884145 Hi. This is the qmail-send program at mail.mydomain.com. I tried to deliver a bounce message to this address, but the bounce bounced! christoph...@tysoncentral.net: User and password not set, continuing without authentication. 74.220.207.133 does not like recipient. Remote host said: 550 No Such User Here Giving up on 74.220.207.133. --- Below this line is the original bounce. Return-Path: Received: (qmail 6461 invoked for bounce); 26 Feb 2014 08:38:51 - Date: 26 Feb 2014 08:38:51 - From: mailer-dae...@mail.mydomain.com To: christoph...@tysoncentral.net Subject: failure notice Hi. This is the qmail-send program at mail.mydomain.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. valid_u...@mydomain.com: mail is looping --- Below this line is a copy of the message. Return-Path: christoph...@tysoncentral.net Received: (qmail 6454 invoked by uid 89); 26 Feb 2014 08:38:46 - Received: by simscan 1.4.0 ppid: 6446, pid: 6448, t: 5.9972s scanners: attach: 1.4.0 clamav: 0.98.1/m:55/d:18516 spam: 3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mail.mydomain.com X-Spam-Flag: YES X-Spam-Level: ** X-Spam-Status: Yes, score=6.2 required=5.0 tests=BAYES_99,HELO_DYNAMIC_IPADDR, HTML_IMAGE_ONLY_32,HTML_MESSAGE,RDNS_NONE autolearn=no version=3.3.2 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.] * 0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.0 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr * 1) Received: from unknown (HELO net-93-149-60-132.cust.vodafonedsl.it) (93.149.60.132) by mail.mydomain.com with SMTP; 26 Feb 2014 08:38:40 - Received-SPF: neutral (mail.mydomain.com: 93.149.60.132 is neither permitted
[qmailtoaster] Re: odd messages
Yes, this messsage is nothing to worry about. I am still a little curious about messages with nothing in the from portion though. I expect these are bounce related, but I haven't confirmed that entirely. I'd appreciate someone looking into this in more detail (I'm kinda swamped at the moment). -- -Eric 'shubes' On 02/26/2014 03:31 AM, Finn Buhelt wrote: Just finalized some more tracing and look what I found in Qmail Wiki : I see a message in my smtp log that states User_and_password_not_set,_continuing_without_authentication. What is going on? That message is just the remote-auth patch saying that the destination did not have a username/password set in smtproutes, which is usually the intended behavior. This is a diagnosis tool for people who actually set artificial routes that require login/password. This is not an error message and can be safely ignored. So nothing to worry abot then ? Cheers, Finn Den 26-02-2014 11:23, Finn Buhelt skrev: Hi Eric Eric. I have same issue in my send log - big difference is though that I do have known mailadresses in between the (e.g. n...@mailaddr.dk) - only happens when sending outgoing mails - all outgoing mails. This seems to have been a known issue with qmail back in 2006 according to findings on the net - there was entry made in bugzilla then, but I cannot find it anymore. Regards, Finn Den 26-02-2014 02:07, Eric Shubert skrev: On 02/25/2014 04:04 PM, Eric Broch wrote: Hello list, I have messages in my 'send' log with the following format: 2014-02-25 15:36:30.091878500 new msg 2884020 2014-02-25 15:36:30.091879500 info msg 2884020: bytes 4379 from qp 21937 uid 7796 2014-02-25 15:36:30.095577500 starting delivery 8072: msg 2884020 to remote debbiet...@att.net 2014-02-25 15:36:30.095578500 status: local 0/10 remote 1/60 2014-02-25 15:36:31.196274500 delivery 8072: success: User_and_password_not_set,_continuing_without_authentication./debbiet...@att.net_204.127.208.75_accepted_message./Remote_host_said:_250_ok_;_id=20140225223629s0300l57ooe/ 2014-02-25 15:36:31.196278500 status: local 0/10 remote 0/60 2014-02-25 15:36:31.196279500 end msg 2884020 The odd part is from the 2nd line: 'from ' And corresponding message in my queue: messages in queue: 1 messages in queue but not yet preprocessed: 0 25 Feb 2014 22:31:05 GMT #2884150 2145 debbiet...@att.net bouncing done remote wildwestlady1...@msn.com remote sherry.fe...@sodexhousa.com done remote sherrylaw...@msn.com done remote buddecha...@yahoo.com done remote she...@whimsicalplace.com done remote shi...@zoominternet.net done remote shipshewanash...@aol.com done remote shm...@bellsouth.net done remote shopgenerati...@gmail.com Does anyone know what this means, that is, is my server being used as a relay somehow? Eric - Peculiar all right. I looked for ' from ' in my send log and found a few entries. Then I found corresponding double-bounce messages in my postmaster account. Turns out, they were submitted with authentication for an account that's hardly ever used (if at all). I changed the password (was pretty weak) and I expect things will be ok now. Generally speaking, I'd look for corresponding messages in the the smtp/submission queues to see how the message entered the host. Chances are there's a breach. Might be worth looking for ' from ' occasionally in the send logs to see what might be going on. Thanks EB! - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] tcprules: fatal: unable to parse this line:
Hi All, When I ran qmailctl cdb I got the tcprules error, please find following error and guide how to fix it. What is the bad effects of the same. [root@email ~]# qmailctl cdb tcprules: fatal: unable to parse this line: :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONG RCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/contro l/domainkeys/%/private,NOP0FCHECK=1 Reloaded /etc/tcprules.d/tcp.smtp Reloaded /var/qmail/control/badmimetypes.cdb Reloaded /var/qmail/control/badloadertypes.cdb Reloaded /var/qmail/control/simversions.cdb Reloaded /var/qmail/control/simcontrol.cdb
RE: [qmailtoaster] tcprules: fatal: unable to parse this line:
Vivek, Kindly run below command and it should solve. 1) dos2unix /etc/tcprules.d/tcp.smtp 2) qmailctl cdb With Regards, Amit Dalia From: Linux [mailto:li...@ikf.co.in] Sent: 27 February 2014 11:13 To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] tcprules: fatal: unable to parse this line: Hi All, When I ran qmailctl cdb I got the tcprules error, please find following error and guide how to fix it. What is the bad effects of the same. [root@email ~]# qmailctl cdb tcprules: fatal: unable to parse this line: :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONG RCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/contro l/domainkeys/%/private,NOP0FCHECK=1 Reloaded /etc/tcprules.d/tcp.smtp Reloaded /var/qmail/control/badmimetypes.cdb Reloaded /var/qmail/control/badloadertypes.cdb Reloaded /var/qmail/control/simversions.cdb Reloaded /var/qmail/control/simcontrol.cdb --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com
