Thanks Jeff and Rick for the suggestions. I have made the following
changes to my server.
I first updated spamassassin as I found that I was a couple of minor
releases behind. Then modified the settings suggested by Jeff as follows:
whitelist_bounce_relays mail.gbco.us
rbl_timeout 8
add_header all Report _REPORT_
score BOUNCE_MESSAGE MTA 1.0
score ANY_BOUNCE_MESSAGE 1.0
I also found a couple of "catch-all" configured on domains, this has
also been removed.
I also found that some of my problem was timeouts from what I would
consider very large attachments of around 15meg. I had previously not
set a limit on attachments, so I configured a limit of 12meg and may
take it to 10meg if I continue to have problems.
I was also unaware of the fact that messages would be "double delivered"
if the server was under heavy load. My server is a dual processor box
and runs a load average of around 1 to 1.5 most of the time. However,
during peak times it can creep up to 2 or so, which is a bit high.
It would be better if there were techniques to tune the server such that
it just works slower during these times instead of causing problems.
However, I at least know what the deal is now and can manage it
appropriately.
So far the changes have resulted in getting things under control at
least for the time being. It has also increased my knowledge on
operating this thing so that I can understand how to proceed.
Thanks for all the tips and help!!
Gary
____________________
Gary Bowling
GBCO.US
[EMAIL PROTECTED]
____________________
Gary Bowling wrote:
Jeff: Thanks very much for the details. It will take me a bit to get
through these suggestions, but they all sound very reasonable. I'll
get back with results if all goes well, questions if they don't.
Regards,
Gary
Jeff Koch wrote:
Gary:
I have seen most of these errors only on very heavily loaded
mailservers that cannot keep up with the mail load. In those cases
the pop3 and smtp concurrency goes through the roof, pop3 sessions
start timing out and users can get the same email two and three
times. You are also apparently getting hit with backscatter
bounce-backs from spammers that have forged the email addresses of
your users. Spamming, backscatter, etc have increased dramatically
over the last month and you are feeling the result.
Things to look for and fix that we have found to be effective:
1. Search for any domain using a global catch-all, change it to
'catch-all bounced' and then change the ownership of that
.qmail-default file so they can't change it back. (prevents
dictionary attacks)
2. Increase the SA scores on bounces, shorten the rbl timeout:
whitelist_bounce_relays mail.gbco.us
rbl_timeout 8
add_header all Report _REPORT_
score BOUNCE_MESSAGE MTA 1.0
score ANY_BOUNCE_MESSAGE 1.0
3. Consider paying for a real blocking list like spamhaus.org's sbl
and xbl. That along with qmail's rblsmtpd program and our own RBL
mirror has eliminated over 75% of the spammer load on the mailserver.
At 05:16 PM 4/14/2008, you wrote:
I've been using the toaster for quite some time, with great results
(thanks Bill for all the hard work!). I'm running the latest
versions (although my clamAV may be out of date as that happens
frequently). My system is a CentOS with the latest updates. I use
most of the "add ons" such as spamassassin, clamav, ripmine,
simscan, tmda, and qmailmrtg. I host about 15 domains, but not too
many users per domain, the largest is about 40 users.
Unfortunately I seem to recently be experiencing some strange
problems and am not sure of the best way to sort them out.
- Emails with large attachments are typically being delivered twice
to the end user.
- Lots of spam, even though I have tweaked and tweaked on
spamassassin, the spam has more than doubled in the past month.
- Users receiving failure notices even though the message is
actually received properly.
- Users receiving failure notices from emails they didn't actually
send.
- Some users get failures that say "protocol error" with not much
detail.
I've searched qmail logs and seem to only find the standard things
I've always seen. I have run queue repair routines which all say
there are no problems.
I'm pretty much at a loss as to what to do next. Any helpful
suggestions on things to run, errors to look for, or experiences
would be greatly appreciated.
Thanks,
Gary
Best Regards,
Jeff Koch, Intersessions
