How stop the sending MAILER-DAEMON mails?

19 posts / 0 new
Last post
#1 Wed, 04/29/2009 - 09:30
nihal

How stop the sending MAILER-DAEMON mails?

Hi..

A lot of spam comes to our server, after than our server send MAILER-DAEMON mails; And grow traffic..

I want to stop sending MAILER-DAEMON mails ?

How can I do ?

[Postfix, SMTP]

Thanks<br><br>Post edited by: nihal, at: 2009/04/29 09:31

Wed, 04/29/2009 - 13:33
ronald
ronald's picture

why not reduce spam instead, there is a new module called greylisting and it seem to work pretty well.

Wed, 04/29/2009 - 13:43 (Reply to #2)
Joe
Joe's picture

What, specifically, is in these messages? Unless you have a catchall email alias or virtual mailbox, spam would either be rejected immediately (which results in no mail being sent) or simply copied into the spam folder (which results in no mail being sent). The only time bounces should come into play is if Postfix accepts the email, but then has to later reject it because it cannot be delivered...there just aren't a lot of circumstances where that would be true (again, unless you are using catchall addresses, which are not recommended for this and other reasons).

postgrey would reduce the number of spams that make it into the system (which is a requirement for a bounce to occur), but it wouldn't address the actual cause of the problem. If you're seeing a lot of these, you probably have something misconfigured on your system (or you're using catchall addresses).

--

Check out the forum guidelines!

Wed, 04/29/2009 - 21:47 (Reply to #3)
nihal

first:

[code:1]V&Auml;&deg;rtualmin &gt; E Mail Messages &gt; E Mail Grey Listing &gt; &Auml;&deg;nstall Postgrey &gt; and result

Error: Missing Dependency: perl(Net::&Acirc;&laquo;&Acirc;&raquo;Server::&Acirc;&laquo;&Acirc;&raquo;Daemonize) is needed by package postgrey
Error: Missing Dependency: perl(Net::&Acirc;&laquo;&Acirc;&raquo;Server::Multiplex) is needed by package postgrey
Error: Missing Dependency: perl(Net::&Acirc;&laquo;&Acirc;&raquo;Server) is needed by package postgrey
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Reducing Dag ClamAV RPM to included packages only
Finished
Parsing package install arguments
Resolving Dependencies
--&gt; Populating transaction set with selected packages. Please wait.
---&gt; Package postgrey.noarch 0:1.31-2.el4 set to be updated
--&gt; Running transaction check
--&gt; Processing Dependency: perl(Net::&Acirc;&laquo;&Acirc;&raquo;Server::&Acirc;&laquo;&Acirc;&raquo;Daemonize) for package: postgrey
--&gt; Processing Dependency: perl(BerkeleyDB&Acirc;&laquo;&Acirc;&raquo;) for package: postgrey
--&gt; Processing Dependency: perl(Net::&Acirc;&laquo;&Acirc;&raquo;Server::Multiplex) for package: postgrey
--&gt; Processing Dependency: perl(Net::&Acirc;&laquo;&Acirc;&raquo;Server) for package: postgrey
--&gt; Restarting Dependency Resolution with new changes.
--&gt; Populating transaction set with selected packages. Please wait.
---&gt; Package perl-BerkeleyDB.i386 0:0.34-2.el4.vm set to be updated
--&gt; Running transaction check
--&gt; Processing Dependency: perl(Net::&Acirc;&laquo;&Acirc;&raquo;Server::&Acirc;&laquo;&Acirc;&raquo;Daemonize) for package: postgrey
--&gt; Processing Dependency: perl(Net::&Acirc;&laquo;&Acirc;&raquo;Server::Multiplex) for package: postgrey
--&gt; Processing Dependency: perl(Net::&Acirc;&laquo;&Acirc;&raquo;Server) for package: postgrey
--&gt; Finished Dependency Resolution

.. install failed![/code:1]

before this we installed postgrey packs on the internet, all spams stop but postgrey stopped mails as hotmail...?

Wed, 04/29/2009 - 22:04
nihal

Mail Queue is below attached picture

Wed, 04/29/2009 - 22:10
nihal

You can see mail queue attached below [img size=607]http://www.virtualmin.com/components/com_fireboard/uploaded/images/maill...

Wed, 04/29/2009 - 22:20
nihal

And one of the mail details in the mail queue attached below.

both strange thing.. none of the this e mails exists on the server..

every day a lot of spam comes like this and server send MAILER-DAEMON mails...

I must a configuration that &quot;not exists mails&quot; goes to catch@mydomain.com ? and how ?

Thu, 04/30/2009 - 12:53 (Reply to #7)
Joe
Joe's picture

<div class='quote'>I must a configuration that &quot;not exists mails&quot; goes to catch@mydomain.com ? and how ? </div>

No. You do not want a catchall email address. That's a common <i>cause</i> of this kind of issue...it's not a solution.

--

Check out the forum guidelines!

Wed, 04/29/2009 - 22:21
nihal

sample e mail message

Wed, 04/29/2009 - 22:22
nihal

&Auml;&plusmn; cant edit above my message, so again send message.. [img size=640]http://www.virtualmin.com/components/com_fireboard/uploaded/images/ayni....

Thu, 04/30/2009 - 06:27 (Reply to #10)
andreychek

Regarding your Postgrey install -- there is an outstanding bug where Postgrey installs just fine, but doesn't automatically start. You'd need to manually launch it from the command line:

/etc/init.d/postgrey start

I can't tell from the above output if it actually installed or not. If not, you might want to try disabling other third-party repository's until it gets installed, as they sometimes conflict with VM packages.
-Eric

Thu, 04/30/2009 - 09:04 (Reply to #11)
nihal

When i type /etc/init.d/postgrey start in command line, it give the error in below:

Can't locate Net/Server.pm in @INC (@INC contains: /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl) at /etc/init.d/postgrey line 14.
BEGIN failed--compilation aborted at /etc/init.d/postgrey line 14

So how can i install it?

Thu, 04/30/2009 - 12:51 (Reply to #12)
Joe
Joe's picture

That's weird. Installing postgrey should have installed all dependencies, including Net::Server.

What postgrey package do you have? (rpm -q postgrey)

You can manually install the perl-Net-Server to resolve this dependency:

yum install perl-Net-Server

--

Check out the forum guidelines!

Thu, 04/30/2009 - 12:57 (Reply to #13)
Joe
Joe's picture

So, I didn't notice that you mentioned that you had third party repositories configured. You simply can't safely have numerous yum repos providing the same packages, without explicitly configuring where you want to get the packages (so if you want our postgrey, and related packages, you need to exclude those packages from whatever other third party repo is trying to provide it)...packages will conflict, and dependencies will get broken.

Our packages are simply rebuilds of EPEL packages, which is as close to official as one can get (not necessarily better than DAG or RPMForge, etc., just more likely to be compatible with the default OS packages, as they are maintained by the same people).

--

Check out the forum guidelines!

Mon, 05/04/2009 - 11:20
nihal

My english is bad.. So &Auml;&plusmn; diffuctly understand you although using dictionary.
&Auml;&deg;f you use short sentences &Auml;&plusmn; can understand you simply. So thanks.

Dear Joe; &Auml;&plusmn; run your advice; but again error.

[code:1][root@ns1 ~]# yum install perl-Net-Server
Setting up Install Process
Setting up repositories
http://apt.sw.be/redhat/el4/en/i386/dag/repodata/repomd.xml: [Errno 4] IOError: &lt;urlopen error (-2, 'Name or service not known')&gt;
Trying other mirror.
Cannot open/read repomd.xml file for repository: dag
failure: repodata/repomd.xml from dag: [Errno 256] No more mirrors to try.
Error: failure: repodata/repomd.xml from dag: [Errno 256] No more mirrors to try.[/code:1]

Mon, 05/04/2009 - 12:10
nihal

We are still searching to find source of problem...
I am sharing symptoms..

1. I looked backscatter and saw this messages;

[code:1]A total of 112 Impacts were seen during this listing. <b>Last was 2009/05/04 10:11 </b>
Earliest date this IP can expire is 2009/06/01.

History:2008/03/27 22:28 listed
2008/04/24 23:30 expired
2008/07/06 11:15 listed
2008/08/03 11:30 expired
2008/10/25 21:59 listed
2008/11/22 21:03 expired
2008/11/28 13:20 listed
2008/12/26 14:03 expired
2009/01/18 12:24 listed
2009/02/15 13:05 expired
2009/02/26 22:00 listed
[/code:1]

When &Auml;&plusmn; saw this, immediately &Auml;&plusmn; check maillog and &Auml;&plusmn; saw there are suspect behaviours in the log..
(this is little sample.. every day event is same.. &Auml;&plusmn; am testing and searching for three days)
That is log;

[code:1]

May 4 10:11:16 ns1 postfix/qmgr[22585]: 208313582F7: from=&lt;&gt;, size=3511, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: B73073573D5: from=&lt;&gt;, size=4174, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: 6A21B357FE3: from=&lt;&gt;, size=19676, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: 608DB3565C2: from=&lt;&gt;, size=5814, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: D0233358286: from=&lt;&gt;, size=4649, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: DFE6D357A5E: from=&lt;&gt;, size=2637, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: D6973357E8F: from=&lt;&gt;, size=7928, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: CBE3F3578A7: from=&lt;&gt;, size=4142, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: A5D06357AAF: from=&lt;&gt;, size=19281, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: A8520356E10: from=&lt;&gt;, size=3708, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: 4A4E93578E3: from=&lt;&gt;, size=3538, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: 177BB3580F2: from=&lt;&gt;, size=3568, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: 10DAF357893: from=&lt;&gt;, size=2507, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: 73C083573B4: from=&lt;&gt;, size=20001, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: 7922335809A: from=&lt;&gt;, size=2559, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: 38F5D357CB1: from=&lt;&gt;, size=3559, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: 3B20B357598: from=&lt;&gt;, size=3527, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: 3DEA5357C4A: from=&lt;&gt;, size=19171, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: 32FB7357D4A: from=&lt;&gt;, size=7820, nrcpt=1 (queue active)
May 4 10:11:16 ns1 postfix/qmgr[22585]: 890673580F9: from=&lt;&gt;, size=3624, nrcpt=1 (queue active)

[/code:1]

and when &Auml;&plusmn; search any qmgr number &quot;for example: <b>177BB3580F2</b> &quot;
&Auml;&plusmn; see another log line;

[code:1]
May 4 10:13:16 ns1 postfix/smtp[18790]: 177BB3580F2: to=&lt;goaled10@bbvacash-mx.com&gt;, relay=none, delay=29981, status=deferred (connect to mail.alestra.net.mx[207.248.224.151]: Connection timed out)
[/code:1]

So &Auml;&plusmn; noticed that exactly my server send spam.. after more carefully searching &Auml;&plusmn; catch time while my server sends spam, and &Auml;&plusmn; immediately open postfix mail queue from vritualmin and &Auml;&plusmn; saw outgoing spam mails, after open any mail's content then &Auml;&plusmn; noticed these mail's content to spam...

So &Auml;&plusmn; want to ask you

1.) What is the meaning of blank <b>from=&lt;&gt;</b>
2.) How my server send mail by itself
3.) Which process trigger this mail sending process, and which log file help to show me trigger process

My main.cf is attached

Thanks a lot [file name=maincf-01fc3088b3d69870bc9523490aff8120.txt size=28945]http://www.virtualmin.com/components/com_fireboard/uploaded/files/maincf...

Mon, 05/04/2009 - 12:19 (Reply to #16)
Joe
Joe's picture

You're getting your software from DAG, which is a repository we have no control over.

I can't fix those packages.

Our postgrey packages are known to work, so if you get rid of all of the DAG stuff, and reinstall postgrey and dependencies using only our packages, you will have better luck.

--

Check out the forum guidelines!

Mon, 05/04/2009 - 20:46
nihal

Ok. What do you say about last question? How can i solve it?

Thanks a lot.

Mon, 05/04/2009 - 21:20 (Reply to #18)
Joe
Joe's picture

<div class='quote'>2.) How my server send mail by itself</div>

It doesn't.

<div class='quote'>3.) Which process trigger this mail sending process, and which log file help to show me trigger process</div>

I'm guessing it's backscatter. The &lt;&gt; from indicates a bounce, I think.

Have a look at one of the messages to see what it is:

find /var/spool/postfix/defer* -name &quot;890673580F9&quot;

And then look inside for clues.

If it's backscatter, postgrey will dramatically reduce the amount of it. Also, it is indicative that you're using one or more features of Postfix that require mail to be accepted without knowing whether the mail can be delivered or not (e.g. you have a catchall email address or similar).

--

Check out the forum guidelines!