Gary:
I have seen most of these errors only on very heavily loaded mailservers
that cannot keep up with the mail load. In those cases the pop3 and smtp
concurrency goes through the roof, pop3 sessions start timing out and users
can get the same email two and three times. You are also apparently getting
hit with backscatter bounce-backs from spammers that have forged the email
addresses of your users. Spamming, backscatter, etc have increased
dramatically over the last month and you are feeling the result.
Things to look for and fix that we have found to be effective:
1. Search for any domain using a global catch-all, change it to 'catch-all
bounced' and then change the ownership of that .qmail-default file so they
can't change it back. (prevents dictionary attacks)
2. Increase the SA scores on bounces, shorten the rbl timeout:
whitelist_bounce_relays mail.gbco.us
rbl_timeout 8
add_header all Report _REPORT_
score BOUNCE_MESSAGE MTA 1.0
score ANY_BOUNCE_MESSAGE 1.0
3. Consider paying for a real blocking list like spamhaus.org's sbl and
xbl. That along with qmail's rblsmtpd program and our own RBL mirror has
eliminated over 75% of the spammer load on the mailserver.
At 05:16 PM 4/14/2008, you wrote:
I've been using the toaster for quite some time, with great results
(thanks Bill for all the hard work!). I'm running the latest versions
(although my clamAV may be out of date as that happens frequently). My
system is a CentOS with the latest updates. I use most of the "add ons"
such as spamassassin, clamav, ripmine, simscan, tmda, and qmailmrtg. I
host about 15 domains, but not too many users per domain, the largest is
about 40 users.
Unfortunately I seem to recently be experiencing some strange problems and
am not sure of the best way to sort them out.
- Emails with large attachments are typically being delivered twice to the
end user.
- Lots of spam, even though I have tweaked and tweaked on spamassassin,
the spam has more than doubled in the past month.
- Users receiving failure notices even though the message is actually
received properly.
- Users receiving failure notices from emails they didn't actually send.
- Some users get failures that say "protocol error" with not much detail.
I've searched qmail logs and seem to only find the standard things I've
always seen. I have run queue repair routines which all say there are no
problems.
I'm pretty much at a loss as to what to do next. Any helpful suggestions
on things to run, errors to look for, or experiences would be greatly
appreciated.
Thanks,
Gary
Best Regards,
Jeff Koch, Intersessions
