On 10/27/2010 10:37 AM, Al Zick wrote:
Hi,
I hope that someone can help me. Last night I had a strange
problem. Every email that came in was there twice. Emails that
I would normally get 2 copies of, I received 4 copies of. Any
ideas on what could cause this?
Careful examination of the logs will probably enlighten you.
With no information, speculation is pointless.
Also, it seemed to be working correctly this morning, but for
hours it duplicated messages. I think it is because of some
spammer attempting to relay or send me spam.
Not likely. A broken alias is the first guess. What did you
change?
I then have postfix pass the email to procmail where it is
filtered with bogofilter. I keep giving bogofilter more spam
to look at, but it doesn't seem to block all the spam anymore,
although it blocks some spam. When I first installed it,
bogofilter worked very well.
Sounds as if bogofilter is poorly trained. Ask for help on a
bogofilter forum, or just delete the database and start over.
The other thing that is very disturbing to me is that twice
last week my mail server went down. I guess from all the
repeated attempts to use it as an open relay. From everything
I have seen in the logs, postfix successfully stops all relay
attempts.
A crash is an indication that something is broken.
Normally-operating postfix (even under extreme loads) will not
cause a crash. Rejecting relay attempts or unknown recipients
places very little load on the computer; even a small server
can easily reject hundreds of attempts per second with little
load.
Examine your logs (not just the mail log) for hints of what
caused the crash; ask for help on a forum for your operating
system.
Make sure that security patches for your OS are applied.
The other thing that I see in the log is attempts to send
emails to email addresses that never existed. For example:
ad...@datazap.net is a valid email address. Why do I 10,000's
of attempts to send email to admi...@datazap.net in my log?
This has never been a valid email address.
These should be quickly rejected by postfix and cause very
little load. Spammers send to all kind of non-existent addresses.
I was using other rbls. This was a mistake, way too many false
positives, does anyone have a list of good rbl_clients?
zen.spamhaus.org is widely recommended as safe and very
effective. If you're too large for the free service, the paid
service is well worth the price.
http://www.spamhaus.org/organization/dnsblusage.html
If you have a fairly recent postfix you should also use
reject_rhsbl_* dbl.spamhaus.org
http://www.postfix.org/postconf.5.html#reject_rhsbl_client
http://www.postfix.org/postconf.5.html#reject_rhsbl_sender
http://www.postfix.org/postconf.5.html#reject_rhsbl_reverse_client
One thing that I don't like it is that postfix reject all the
emails. I think this is a mistake, because I am telling the
spammers that it didn't work. I think it would be best to put
those emails into a spam folder. I did install rblcheck, but I
can't find documentation for using it with Postfix/procmail.
Bad idea. There is no evidence the spammers check their
rejects. There *is* some evidence that sites that accept any
old crap are spam attractors and tend to get much more spam
that others.
Also, I had tried to setup Postfix so that it would just
accept all emails. I configured it to not use it's recipient
table and would just accept emails. I also added
*...@familysafeinternet.com for example and I did this for all my
Very bad idea. Reject mail you don't intend to deliver.
This might help:
http://www.postfix.org/STRESS_README.html
-- Noel Jones
