cannot kill emails in sendmail
I have a huge problem. A lot of messages went out from our mail server with the hostname of 192.168.0.3 instead of it's real hostname. How that happened is a different issues (that's not even that host's LAN IP).
This bad hostname got us blacklisted at Spamhaus. I fixed the servername and deleted the messages in /var/spool/mqueue. However, these messages keep popping up and trying to send with the bad hostname in the header. Where are they coming from? How do I kill them? Sendmail version 8.14.9 on Linux |
Did you bounce sendmail? Did you try stopping sendmail, deleting the mailq, then restarting? It may be these are in memory.
Did you check your maillog (/var/log) to see if it shows these being relayed from some other system that may still have them in queue? In our environment we have multiple servers that can send mail to our main out bound server to be relayed. Stopping mail on that outbound server wouldn't be sufficient to clean up any mail from the relaying servers that is still pending. We'd have to address the mail on those. Have you verified your system isn't an open relay allowing others from outside your company to relay mail? Spammers love finding and exploiting such open relays. |
Quote:
Quote:
Quote:
These are retried from when it failed earlier due to the blacklisting. Where does sendmail keep messages to retry if not in /var/spool/mqueue? |
This link might be helpful
http://serverfault.com/questions/147...-and-keep-them This comment especially: Quote:
|
Quote:
However, I think I found the source of these emails. It seems that the batch job on the other host restarted after rebooting. I don't quite understand why it restarted, but I'll not worry about that now. These new messages seem to be now going out with the correct hostname in the mail header and are not getting rejected. I'm going to let it go and not try to stop anything at this point. A few will get rejected because some of the recipient servers can take up to 24 hours to get the un-blacklist notice. It remains a mystery why the mail server hostname got changed. Perhaps I fat-fingered something without realizing it. I'll consider this solved and not spin my wheels trying to figure that out ... unless it happens again. |
All times are GMT -5. The time now is 04:07 PM. |