outgoing mail server : timeout error

bittus · 10-27-2008, 07:36 PM

Here's another spam:

Quote:

by MYHOST.MYDOMAIN.com (Postfix) with ESMTP id 6C43AF78003
for <eng@MYDOMAIN.com>; Mon, 27 Oct 2008 05:19:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at MYDOMAIN.com
Received: from MYHOST.MYDOMAIN.com ([127.0.0.1])
by localhost (MYHOST.MYDOMAIN.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id C-O0BzUmMsnb for <eng@MYDOMAIN.com>;
Mon, 27 Oct 2008 05:19:00 -0700 (PDT)
Received: from [94.122.102.176] (unknown [94.122.102.176])
by MYHOST.MYDOMAIN.com (Postfix) with SMTP id 280D5F78001
for <eng@MYDOMAIN.com>; Mon, 27 Oct 2008 05:18:58 -0700 (PDT)
Message-ID: <000801c9382e$042e6788$f6495d9b@wmfrdnat>
From: "Alison Wood" <libby1@catsrule.garfield.com>
To: <eng@MYDOMAIN.com>
Subject: Extra money!
Date: Mon, 27 Oct 2008 10:31:38 +0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
Status: O

Message Body :

Quote:

The promising financial firm looks for new workers

If you possess 5 free hours per week, a little experience in PC and free phone to which we can contact you, you have possibility to start collaboration with us and earn more than 2000 US dollars

If you are interested in our job offer, contact us by e-mail: lifeiscomplete@list.ru and we will send you needed information.

Respectfully yours

IDC Business Group

billymayday · 10-27-2008, 07:42 PM

Sorry to jump in, but what are the settings in amavisd.conf, especially

Quote:

$sa_tag_level_deflt = ??; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = ??; # add 'spam detected' headers at that level
$sa_kill_level_deflt = ??; # triggers spam evasive actions
$sa_dsn_cutoff_level = ??; # spam level beyond which a DSN is not sent

bittus · 10-27-2008, 07:47 PM

amavisd.conf

Quote:

$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent

billymayday, here are the settings you requested

Mr. C. · 10-27-2008, 09:18 PM

The message was almost classified as spam; have you trained your bayes database yet with a corpus of spam?

Try also the highly regarded sanesecurity signatures: http://www.sanesecurity.com/clamav/

ClamAV would have detected this as spam with this database:

/var/spool/amavis/quarantine/x: Sanesecurity.Malware.9480.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.029 sec (0 m 0 s)

Mr. C. · 10-27-2008, 09:27 PM

This second spam would have also been caught by the sanesecurity sigs.

billymayday · 10-27-2008, 10:08 PM

Personally, I find 6.2 way too high and have tag2 at 3 (and sent to user's Spam folder) and kill at 6. Mind you, you need to analyse your mail before making too many changes.

It's also useful to set tag_level really low (I use -999) so headers are added to all messages and you can see what's going on.

bittus · 10-27-2008, 10:20 PM

But how do I train the bayes database ?

How can I use the sanesecurity signatures ?

billymayday · 10-27-2008, 10:43 PM

Try the link Mr C posted for the second. Note that I set this up since my last post, so it's not hard.

Have a look at the docs at spamassassin's site http://spamassassin.apache.org/ in the first instance. I'll check back later and see if I can help out, n=but I need to go somewhere for now.

bittus · 10-28-2008, 03:59 AM

OK buddies. But now I doubt my clamd is working or not

Let me double check and will come back.

billymayday · 10-28-2008, 05:29 AM

Send yourself the eicar test virus - see top right hand corner of http://www.eicar.org/

bittus · 10-28-2008, 10:22 AM

Sorry to tell you that my clamd was not working and was not updated after Feb 2008.

Now I updated and configured and is working fine. Now I am monitoring for spam messages. Will keep updated about the spam level.

Now I can see some requests in my mail queue as :

Quote:

-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
717B2F78002 3410 Mon Oct 27 02:31:40 MAILER-DAEMON
(connect to electronic-atlas.com[69.64.155.129]:25: Connection timed out)
jenkin@electronic-atlas.com

2E7E9F78007 3578 Mon Oct 27 11:51:02 MAILER-DAEMON
(host ikl.cn[218.5.79.199] refused to talk to me: 421 romantic.com Insufficient System Storage.(IMail 8.22))
Frenetik.Frenetik@ikl.cn

C0EC8F78008 3484 Tue Oct 28 05:47:28 MAILER-DAEMON
(host alt2.aspmx.l.google.com[74.125.79.27] said: 450-4.2.1 The user you are trying to contact is receiving mail at a rate 450-4.2.1 that prevents additional messages from being delivered. Please 450-4.2.1 resend your message at a later time. If the user is able to 450-4.2.1 receive mail at that time, your message will be delivered. 450-4.2.1 For more information, please visit 450 4.2.1 http://mail.google.com/support/bin/a...py?answer=6592 3si2253667eyi.5 (in reply to RCPT TO command))
dnevnik@liveinternet.ru

D4640F78003 3509 Tue Oct 28 05:08:23 MAILER-DAEMON
(host alt2.aspmx.l.google.com[74.125.79.114] said: 450-4.2.1 The user you are trying to contact is receiving mail at a rate 450-4.2.1 that prevents additional messages from being delivered. Please 450-4.2.1 resend your message at a later time. If the user is able to 450-4.2.1 receive mail at that time, your message will be delivered. 450-4.2.1 For more information, please visit 450 4.2.1 http://mail.google.com/support/bin/a...py?answer=6592 7si2254443eyb.1 (in reply to RCPT TO command))
dnevnik@liveinternet.ru

9DDB7F78006 5471 Mon Oct 27 08:29:05 MAILER-DAEMON
(connect to blackpeopleloveus.com[69.60.10.98]:25: Connection refused)
JeannettemurmurSanderson@blackpeopleloveus.com

0DE82F78005 4974 Mon Oct 27 05:31:37 MAILER-DAEMON
(Host or domain name not found. Name service error for name=bob3.com type=MX: Host not found, try again)
uql@bob3.com

41D1EF78004 5253 Mon Oct 27 04:06:05 MAILER-DAEMON
(connect to swamppolitics.com[63.146.104.194]:25: Connection refused)
ChancememoDunlap@swamppolitics.com

-- 33 Kbytes in 7 Requests.

I feel strange about these requests. Can I get some comments on these.(especially the google message) If corresponding maillog entries required, I can post that too.

bittus · 10-29-2008, 07:34 PM

Quote:

Originally Posted by billymayday

Send yourself the eicar test virus - see top right hand corner of http://www.eicar.org/

Thanks for the link.

I tried that test and the test was successful. My antivirus blocked it on my system. I paused my antivirus and sent the mail thru my mail server. Clam AV detected the virus and blocked it in the server.

I added the entries

Quote:

reject_rbl_client zen.spamhaus.org=127.0.0.10, reject_rbl_client zen.spamhaus.org=127.0.0.1, reject_rbl_client zen.spamhaus.org

to smtpd_recipient_restrictions and found that it is rejecting spam mails to a great extend eaving the following in my maillog:

Quote:

Oct 28 14:05:04 MYHOST postfix/smtpd[19965]: NOQUEUE: reject: RCPT from cpe-24-209-192-144.cinci.res.rr.com[24.209.192.144]: 554 5.7.1 Service unavailable; Client host [24.209.192.144] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=24.209.192.144; from=<shinnedh@pochtamt.ru> to=<litty@MYDOMAIN.com> proto=SMTP helo=<VALUED-8A728226.cinci.rr.com>
Oct 28 14:05:16 MYHOST postfix/smtpd[19997]: NOQUEUE: reject: RCPT from aabs239.neoplus.adsl.tpnet.pl[83.4.44.239]: 554 5.7.1 Service unavailable; Client host [83.4.44.239] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=83.4.44.239; from=<expediencel70@bednbreakfast.nu> to=<asha@MYDOMAIN.com> proto=SMTP helo=<aabs239.neoplus.adsl.tpnet.pl>
Oct 28 14:05:24 MYHOST postfix/smtpd[20011]: NOQUEUE: reject: RCPT from aabs239.neoplus.adsl.tpnet.pl[83.4.44.239]: 554 5.7.1 Service unavailable; Client host [83.4.44.239] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=83.4.44.239; from=<calibrators262@bol.com.br> to=<asha@MYDOMAIN.com> proto=SMTP helo=<aabs239.neoplus.adsl.tpnet.pl>
Oct 28 14:05:26 MYHOST postfix/smtpd[20033]: NOQUEUE: reject: RCPT from c-24-130-50-131.hsd1.ca.comcast.net[24.130.50.131]: 554 5.7.1 Service unavailable; Client host [24.130.50.131] blocked using zen.spamhaus.org=127.0.0.10; http://www.spamhaus.org/query/bl?ip=24.130.50.131; from=<chloride3@o2.pl> to=<renae@MYDOMAIN.com> proto=SMTP helo=<c-24-130-50-131.hsd1.ca.comcast.net>

Now that I am relaxed from these problems, shall I start to integrate SASL again.

bittus · 11-07-2008, 04:40 AM

Once again starting the SASL integration:

This is wat I get :

Quote:

[root@MYHOST ~]# saslfinger -s
saslfinger - postfix Cyrus sasl configuration Fri Nov 7 02:28:25 PST 2008
version: 1.0.2
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.5.1
System: Fedora release 8 (Werewolf)

-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x02671000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous

-- listing of /usr/lib/sasl2 --
total 4080
drwxr-xr-x 2 root root 4096 2008-10-26 22:15 .
drwxr-xr-x 126 root root 69632 2008-11-06 19:51 ..
-rwxr-xr-x 1 root root 870 2007-09-18 10:39 libanonymous.la
-rwxr-xr-x 1 root root 14464 2007-09-18 10:40 libanonymous.so
-rwxr-xr-x 1 root root 14464 2007-09-18 10:40 libanonymous.so.2
-rwxr-xr-x 1 root root 14464 2007-09-18 10:40 libanonymous.so.2.0.22
-rwxr-xr-x 1 root root 858 2007-09-18 10:39 libcrammd5.la
-rwxr-xr-x 1 root root 16924 2007-09-18 10:40 libcrammd5.so
-rwxr-xr-x 1 root root 16924 2007-09-18 10:40 libcrammd5.so.2
-rwxr-xr-x 1 root root 16924 2007-09-18 10:40 libcrammd5.so.2.0.22
-rwxr-xr-x 1 root root 879 2007-09-18 10:39 libdigestmd5.la
-rwxr-xr-x 1 root root 47232 2007-09-18 10:40 libdigestmd5.so
-rwxr-xr-x 1 root root 47232 2007-09-18 10:40 libdigestmd5.so.2
-rwxr-xr-x 1 root root 47232 2007-09-18 10:40 libdigestmd5.so.2.0.22
-rwxr-xr-x 1 root root 846 2007-09-18 10:39 liblogin.la
-rwxr-xr-x 1 root root 14876 2007-09-18 10:40 liblogin.so
-rwxr-xr-x 1 root root 14876 2007-09-18 10:40 liblogin.so.2
-rwxr-xr-x 1 root root 14876 2007-09-18 10:40 liblogin.so.2.0.22
-rwxr-xr-x 1 root root 846 2007-09-18 10:39 libplain.la
-rwxr-xr-x 1 root root 14972 2007-09-18 10:40 libplain.so
-rwxr-xr-x 1 root root 14972 2007-09-18 10:40 libplain.so.2
-rwxr-xr-x 1 root root 14972 2007-09-18 10:40 libplain.so.2.0.22
-rwxr-xr-x 1 root root 915 2007-09-18 10:39 libsasldb.la
-rwxr-xr-x 1 root root 1193248 2007-09-18 10:40 libsasldb.so
-rwxr-xr-x 1 root root 1193248 2007-09-18 10:40 libsasldb.so.2
-rwxr-xr-x 1 root root 1193248 2007-09-18 10:40 libsasldb.so.2.0.22
-rw-r--r-- 1 root root 25 2007-09-17 10:26 Sendmail.conf
-rw-r--r-- 1 root root 82 2008-10-26 22:15 smtpd.conf

-- listing of /etc/sasl2 --
total 24
drwxr-xr-x 2 root root 4096 2007-09-18 10:39 .
drwxr-xr-x 105 root root 12288 2008-11-06 19:51 ..

-- content of /usr/lib/sasl2/smtpd.conf --
# Global parameters
log_level: 3
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 nqmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

smtp-amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200

127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
discard unix - - n - - discard
tlsmgr unix - - n 1000? 1 tlsmgr
retry unix - - n - - error
proxywrite unix - - n - 1 proxymap

-- mechanisms on localhost --

-- end of saslfinger output --

In the logs:

Quote:

[root@MYHOST ~]# tail -f /var/log/maillog
Nov 7 02:28:19 MYHOST postfix/nqmgr[23769]: warning: bounce_queue_lifetime is larger than maximal_queue_lifetime - adjusting bounce_queue_lifetime
Nov 7 02:28:25 MYHOST postfix/smtpd[23817]: warning: unsupported SASL server implementation: cyrus
Nov 7 02:28:25 MYHOST postfix/smtpd[23817]: fatal: SASL per-process initialization failed
Nov 7 02:28:26 MYHOST postfix/master[23767]: warning: process /usr/libexec/postfix/smtpd pid 23817 exit status 1
Nov 7 02:28:26 MYHOST postfix/master[23767]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
Nov 7 02:28:40 MYHOST dovecot: POP3(bimal): Disconnected: Logged out top=0/0, retr=127/10532303, del=0/127, size=10530047
Nov 7 02:29:26 MYHOST postfix/smtpd[23827]: warning: unsupported SASL server implementation: cyrus
Nov 7 02:29:26 MYHOST postfix/smtpd[23827]: fatal: SASL per-process initialization failed
Nov 7 02:29:27 MYHOST postfix/master[23767]: warning: process /usr/libexec/postfix/smtpd pid 23827 exit status 1
Nov 7 02:29:27 MYHOST postfix/master[23767]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

Is it b'cos I am missing any entry in the master.conf ? HELP !!!

bittus · 11-10-2008, 08:52 PM

Should I add anything in master.conf to make SASL authentication work ?

billymayday · 11-10-2008, 09:10 PM

Can you show "postconf -a"

Did you build postfix yourself? If not what distro are you on?