[CentOS] Mail has quit working

Valeri Galtsev galtsev at kicp.uchicago.edu
Tue Jul 24 15:05:40 UTC 2018



On 07/24/18 08:21, mark wrote:
> Mike McCarthy, W1NR wrote:
>> Your IP address is flagged as spam in Real Time Block Lists. Are you
>> using a dynamic IP address? You may have a mis-configured server that is
>> allowing spammers to relay through your server. Another possibility is
>> your system is compromised with a spambot.
>>
> Why are you top-posting?
> 
> And another reason it may be blocked is the same reason *I* get blocked a
> few times a year: those spam blockers that block mailhosts. 20 years ago,
> sure. But when you have a domain hosted, as I do, at Hostmonster, and
> since I'm not paying for a business account, there are literally tens or
> hundreds of thousands of domains whose email is going through them, I
> don't care how many admins you have, you can't keep up with the scum...
> and so EVERY SINGLE BLOODY DOMAIN'S EMAIL in all those is blocked.
> 
> They don't seem to look for "spam from many domains from the same
> mailserver", just "is a lot of spam coming from that mailhost".

There is one brain dead commercial spam blocker that analyzes percentage 
of spam vs ham comping from particular IP. On the basis of what all or 
any of their customers get from that IP. Barracuda. Many have heard "we 
have been barracuded".

We were barracuded once. Someone got his address into many spammers 
databases. When he moved to different institution, we set his mail 
forwarded there. Our spam filter back then worked this way: we analyze, 
and label what is spam, and upon delivery it is sorted away into spam 
box. (But all is delivered to recipient, that's the user's right to see 
all coming to one's address). That other place used barracuda.com. And 
our Dept mail server was "barracuded". On the day of deadline of email 
based grant submission to their institution. I got in touch with their 
admins and they "un-barracuded" us. But ever since I do not forward 
email of people who left Department for that particular institution.

The only other exemption we have: I don't forward mail of people who 
left the Department to that one very popular mail provider. You will 
easily guess it once I describe the incident which it is based on. When 
email is being delivered to us after RCPT TO: <****> SMTP command we 
know if we have to forward that message, before we continue this session 
we open new session with destination, and once we know from them it is 
deliverable, we accept messages, and immediately pass it over to next 
server. And that one provider always accepts messages even addressed to 
existent addresses on their side, but for addresses that do not exist 
they come back later with undeliverable. And that last puts my mail 
server in a position of the source of backscatter. By this point in the 
story my sysadmins friends whom I described the incident we had guessed 
the provider: gmail.com. Some of them laughed: of course, they first 
collect information, then do actual mail service job ;-) Anyway, people 
who are here do set forwarding wherever they want, people who left the 
department can forward wherever but two exemptions.

As always, on can have a lot of fun troubleshooting email service.

Valeri

> 
> I first ran into that in the early oghts, when one of them blocked ALL
> EMAIL from Chicago roadrunner.. which was most of the folks online in the
> entire city of Chicago.
> 
>       mark
>>
>>
>> On 07/24/2018 07:31 AM, TE Dukes wrote:
>>
>>> OK, not sure what happened, my response was rejected by Centos:
>>>
>>>
>>> Reason: There was an error while attempting to deliver your message
>>> with [Subject: "RE: [CentOS] Mail has quit working"] to
>>> centos at centos.org. MTA p3plwbeout03-06.prod.phx3.secureserver.net
>>> received this response from the destination host IP - 208.100.23.70 -
>>> 554 , 554 5.7.1 Service unavailable; Client host [72.167.218.218]
>>> blocked using ix.dnsbl.manitu.net; Your e-mail service was detected by
>>> mail.ixlab.de (NiX Spam) as spamming at Tue, 24 Jul 2018 11:45:20
>>> +0200. Your admin should visit
>>> http://www.dnsbl.manitu.net/lookup.php?value=72.167.218.218
>>> ..
>>>
>>>
>>> So, I'm trying a third time:
>>>
>>>
>>> On 24/07/18 13:46, Nataraj wrote:
>>>
>>>> Simply telnet to mailserver on port 25 and type what I've shown,
>>>>
>>> This is pointless because he's complaining about cron and system emails
>>>   which use the sendmail command are submitted through the pickup
>>> service, not port 25/smtp (in fact, if you're submitting any mail via
>>> port 25 you're doing it wrong but that's another discussion).
>>>
>>> TE Dukes:
>>>
>>>
>>> Please do the following (lines that start with # should be run as root,
>>>   lines that start with $ should be run as a local user):
>>>
>>> Install the mail command which is an easy interface to the sendmail
>>> command and thus the pickup service.
>>>
>>> # yum install mailx
>>> # tail  -n0 -f /var/log/maillog
>>>
>>>
>>> ....then in another window (replace someuser at example.com with your own
>>> email address):
>>>
>>> $ mail -s 'Test Email' someuser at example.com <<< "This is a test"
>>>
>>>
>>> .... wait a minute for postfix to have a chance to process and send the
>>>   message, then break out of the tail command and copy/paste the output
>>> into your reply.
>>>
>>> Then also copy and paste the output of the following:
>>>
>>>
>>> $ postconf -nf; postconf -Mf
>>>
>>>
>>> If I need any more info after that I'll let you know.
>>>
>>>
>>>
>>> Peter
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> https://lists.centos.org/mailman/listinfo/centos
>>>
>>>
>>> Here's the output from tail:
>>>
>>>
>>> Jul 24 07:00:21 ts130 postfix/pickup[4017]: 338CA811240E: uid=0
>>> from=<root> Jul 24 07:00:21 ts130 postfix/cleanup[7047]: 338CA811240E:
>>> message-id=<20180724110021.338CA811240E at ts130.palmettodomains.com> Jul 24
>>> 07:00:21 ts130 postfix/qmgr[8283]: 338CA811240E:
>>> from=<root at ts130.palmettodomains.com>, size=461, nrcpt=1 (queue active)
>>> Jul 24 07:00:22 ts130 postfix/smtpd[7112]: connect from
>>> localhost[127.0.0.1] Jul 24 07:00:22 ts130 postfix/smtpd[7112]:
>>> 468E581DAB6C:
>>> client=localhost[127.0.0.1] Jul 24 07:00:22 ts130 postfix/cleanup[7047]:
>>> 468E581DAB6C:
>>> message-id=<20180724110021.338CA811240E at ts130.palmettodomains.com> Jul 24
>>> 07:00:22 ts130 postfix/qmgr[8283]: 468E581DAB6C:
>>> from=<root at ts130.palmettodomains.com>, size=946, nrcpt=1 (queue active)
>>> Jul 24 07:00:22 ts130 postfix/smtpd[7112]: disconnect from
>>> localhost[127.0.0.1] Jul 24 07:00:22 ts130 amavis[423]: (00423-02) Passed
>>> CLEAN
>>> {RelayedInbound}, [127.0.0.1] <root at ts130.palmettodomains.com> ->
>>> <tdukes at palmettodomains.com>, Message-ID:
>>> <20180724110021.338CA811240E at ts130.palmettodomains.com>, mail_id:
>>> 8sW4ZXrbEdBD, Hits: 1.766, size: 461, queued_as: 468E581DAB6C, 1094 ms
>>> Jul 24 07:00:22 ts130 postfix/smtp[7049]: 338CA811240E:
>>> to=<tdukes at palmettodomains.com>, relay=127.0.0.1[127.0.0.1]:10024,
>>> delay=1.1, delays=0.04/0/0/1.1, dsn=2.0.0, status=sent (250 2.0.0 from
>>> MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 468E581DAB6C)
>>> Jul 24 07:00:22 ts130 postfix/qmgr[8283]: 338CA811240E: removed
>>> Jul 24 07:00:22 ts130 dovecot: lda(tdukes):
>>> msgid=<20180724110021.338CA811240E at ts130.palmettodomains.com>: saved
>>> mail to INBOX Jul 24 07:00:22 ts130 postfix/local[7113]: 468E581DAB6C:
>>> to=<tdukes at palmettodomains.com>, relay=local, delay=0.11,
>>> delays=0.03/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to command:
>>> /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT")
>>> Jul 24 07:00:22 ts130 postfix/qmgr[8283]: 468E581DAB6C: removed
>>> Jul 24 07:04:04 ts130 postfix/smtpd[7053]: timeout after END-OF-MESSAGE
>>> from localhost[127.0.0.1] Jul 24 07:04:04 ts130 postfix/smtpd[7053]:
>>> disconnect from localhost[127.0.0.1] Jul 24 07:05:59 ts130
>>> postfix/qmgr[8283]: C33128410546:
>>> from=<root at ts130.palmettodomains.com>, size=949, nrcpt=1 (queue active)
>>>
>>> Here's the output from postconf:
>>>
>>>
>>> smtp inet n - n - - smtpd -o content_filter=spamassassin
>>> pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n -
>>> n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - -
>>> trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce
>>> trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n
>>> 1000? 0 flush
>>> proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp
>>> unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq
>>> error unix - - n - - error retry unix - - n - - error discard unix - - n
>>> - - discard
>>> local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n
>>> - - lmtp
>>> anvil unix - - n - 1 anvil scache unix - - n - 1 scache spamassassin unix
>>> - n n - - pipe
>>> flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f
>>> ${sender} ${recipient}
>>> smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o
>>> smtp_send_xforward_command=yes -o disable_dns_lookups=yes
>>> 127.0.0.1:10025 inet n - n - - smtpd
>>> -o content_filter= -o local_recipient_maps= -o relay_recipient_maps=
>>> -o smtpd_restriction_classes= -o smtpd_client_restrictions=
>>> -o smtpd_helo_restrictions= -o smtpd_sender_restrictions=
>>> -o smtpd_recipient_restrictions=permit_mynetworks,reject
>>> -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes
>>> -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001
>>> -o smtpd_hard_error_limit=1000
>>>
>>>
>>> Thanks
>>>
>>>
>>>
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> https://lists.centos.org/mailman/listinfo/centos
>>>
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
>>
> 
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
> 

-- 
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++



More information about the CentOS mailing list