In my case, this is what's happening:
Several of my customers have requests for me to forward messages to them at other email addresses, which is the root of the problem.
1) SIMS receives message for USER A 2) USER A has a forwarding request to domain.tld 3) SIMS attempts to deliver message to domain.tld 4) domain.tld refuses delivery of message 5) SIMS attempts retries and SIMS generates auto-reply 6) SPAM has bogus return path so auto-replay fails
So, for every one email that I receive to forward, 2 messages end up in the queue for the duration of the "hold" period before deletion.
There are other instances where I get held messages from the situation that Bill Cole stated, "relay-hole" testers causing the creation of auto-replies that go nowhere so they stay in the holding bin.
Setting to low-level logging will allow you to determine if your server has been breeched or if it is one of these or similar situations.
I resolved my issue by configuring to delete the queue for failed messages almost immediately.
I set the delay simply to give me a chance to see what is stuck there.
- nghai
On Dec 7, 2003, at 11:13 AM, Joe Sporleder wrote:
Below is a snippet of the kind of stuff I find in my Queue. I just deleted the Queue and I already have almost 3000 new messages there already.________________________________________________________________________ _
Joe
� File Name Size From Time Stamp Recipient S.0000344444 5K [EMAIL PROTECTED] 9:47:19 AM [EMAIL PROTECTED] S.0000344445 6K [EMAIL PROTECTED] 9:47:21 AM [EMAIL PROTECTED] S.0000344447 2K [EMAIL PROTECTED] 9:47:21 AM [EMAIL PROTECTED] S.0000344446 6K [EMAIL PROTECTED] 9:47:23 AM [EMAIL PROTECTED] S.0000344449 6K [EMAIL PROTECTED] 9:47:25 AM [EMAIL PROTECTED] S.0000344450 6K [EMAIL PROTECTED] 9:47:27 AM [EMAIL PROTECTED] S.0000344451 6K [EMAIL PROTECTED] 9:47:28 AM [EMAIL PROTECTED] S.0000344453 2K [EMAIL PROTECTED] 9:47:29 AM [EMAIL PROTECTED] S.0000344452 6K [EMAIL PROTECTED] 9:47:29 AM [EMAIL PROTECTED] S.0000344454 5K [EMAIL PROTECTED] 9:47:31 AM [EMAIL PROTECTED] S.0000344457 6K [EMAIL PROTECTED] 9:47:35 AM [EMAIL PROTECTED] S.0000344459 2K [EMAIL PROTECTED] 9:47:36 AM [EMAIL PROTECTED] S.0000344458 6K [EMAIL PROTECTED] 9:47:37 AM [EMAIL PROTECTED] S.0000344462 2K [EMAIL PROTECTED] 9:47:38 AM [EMAIL PROTECTED] S.0000344461 5K [EMAIL PROTECTED] 9:47:39 AM [EMAIL PROTECTED] S.0000344465 2K [EMAIL PROTECTED] 9:47:40 AM [EMAIL PROTECTED] S.0000344464 5K [EMAIL PROTECTED] 9:47:40 AM [EMAIL PROTECTED] S.0000344467 6K [EMAIL PROTECTED] 9:47:42 AM [EMAIL PROTECTED] S.0000344470 2K [EMAIL PROTECTED] 9:47:42 AM [EMAIL PROTECTED] S.0000344469 6K [EMAIL PROTECTED] 9:47:43 AM [EMAIL PROTECTED] S.0000344473 2K [EMAIL PROTECTED] 9:47:44 AM [EMAIL PROTECTED] S.0000344472 6K [EMAIL PROTECTED] 9:47:44 AM [EMAIL PROTECTED] S.0000344477 6K [EMAIL PROTECTED] 9:47:49 AM S.0000344479 6K [EMAIL PROTECTED] 9:47:52 AM [EMAIL PROTECTED] S.0000344480 6K [EMAIL PROTECTED] 9:47:53 AM [EMAIL PROTECTED] S.0000344482 2K [EMAIL PROTECTED] 9:47:54 AM [EMAIL PROTECTED] S.0000344481 6K [EMAIL PROTECTED] 9:47:56 AM [EMAIL PROTECTED] S.0000344486 2K [EMAIL PROTECTED] 9:47:57 AM [EMAIL PROTECTED] S.0000344485 6K [EMAIL PROTECTED] 9:47:57 AM [EMAIL PROTECTED] S.0000344489 2K [EMAIL PROTECTED] 9:47:59 AM [EMAIL PROTECTED] S.0000344491 2K [EMAIL PROTECTED] 9:48:01 AM [EMAIL PROTECTED] S.0000344495 6K [EMAIL PROTECTED] 9:48:04 AM [EMAIL PROTECTED] S.0000344497 5K [EMAIL PROTECTED] 9:48:05 AM [EMAIL PROTECTED] S.0000344500 6K [EMAIL PROTECTED] 9:48:08 AM [EMAIL PROTECTED]
On Dec 7, 2003, at 10:03 AM, Joe Sporleder wrote:
Dear Fellow SIMS users,
I am using SIMS version 1.8B9d14. For the second time in about the last 3 weeks, my server has been hijacked by spammers apparently relaying their crap through my server. Anyways, that is what I am led to believe when SIMS stops responding because it has run out of memory, and I find almost 28,000 messages stuck in the Queue folder. The only way I can recover this is delete the whole queue folder and let SIMS rebuild a new one. The first time I accepted responsibility and figured that an IP in my CLient Hosts was an open relay and they were getting to me through it. However, I deleted every single IP address in the Client Hosts IP list, so the only way anyone should be able to relay is the clients on this SIMS server.
Thus, I have no IPs in the Client Host lists, I have a long list in my Black Listed IPs, I have use Blacklist DNS Servers checked, I have verify return paths checked, and I use several RBLs, which include the following.
cbl.abuseat.org opm.blitzed.org sbl.spamhaus.org cn-kr.blackholes.us singapore.blackholes.us nigeria.blackholes.us malaysia.blackholes.us brazil.blackholes.us relays.ordb.org korea.services.net
So, how can I have all of this junk that appears to be relays in my Queue when I have every single anti-spam option checked? The first time, I was fortunate that this old PowerMac 8500 doesn't have a lot of memory and SIMS clammed up early. My IP, 199.3.212.41 was reported to ORDB to check for an open relay, but it passed. But apparently there is something wrong here. I have my SMTP logging set as high as it'll go, but I have a 38MB log so far for today, and am not sure what to look for as a clue to what is going on here. Any help would be greatly appreciated. We are a very small publishing company with simple email needs, but maybe we need to look at a commercial solution. I also use SIMS on my home network as a hobby to run mailing lists, so I would like to keep running SIMS there (from which I am sending you this email), so far it hasn't been attacked by spam relayers.
Thus, with all of the anti-spam options on, and relaying for clients only, how can spammers get in and use me as a relay? Most of my users are on Macintoshes, except for perhaps a couple of outbound sales people and a couple of advertisers, and most of those have dial up connections.
Joe Sporleder a Desperate SIMS administrator!
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
Hai Ng
"Virtual Tools for the Real World"
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
