mail-DAEMON error overloading efa server

Questions and answers about how to do stuff
Post Reply
BliXem
Posts: 80
Joined: 27 Mar 2017 19:17

mail-DAEMON error overloading efa server

Post by BliXem »

Hello,

My EFA server load is around 3-4, and there is some delay when I send a email and received (3 till 10 minutes).
My Mail Queue is 600, all about this:

B86A241844! 9352 Mon Apr 17 17:18:01 MAILER-DAEMON
Buck375@domain-domain.nl

7A73A417FE! 8759 Mon Apr 17 17:17:03 MAILER-DAEMON
Abbott12233@domain.org

581D74187E! 8941 Mon Apr 17 17:19:32 MAILER-DAEMON
Jenkins279@domain.nl

624F04186E! 14171 Mon Apr 17 17:19:05 MAILER-DAEMON
Randall31066@domain.nl

328CA4175B! 10423 Mon Apr 17 17:16:51 MAILER-DAEMON
Humphrey4369@domain-domain.nl

AA1FE40019! 9432 Mon Apr 17 17:17:48 MAILER-DAEMON
Hanson0762@domain.com

B830A41772! 66331 Mon Apr 17 17:16:49 MAILER-DAEMON
Calderon3861@domain.nl

F11A141872! 7296 Mon Apr 17 17:19:05 MAILER-DAEMON
Mcgowan9420@domain.nl

1B41041873! 9676 Mon Apr 17 17:19:05 MAILER-DAEMON
Le4923@domain
and:

Today's Totals
Processed: 29,637 1.26GB
Clean: 9,460 31.9%
Viruses: 16 0.1%
Top Virus: Js.Downloader.Jsdownloader-6260764-1
Blocked Files: 3 0.0%
Other: 2 0.0%
Spam: 3,277 11.1%
High Score Spam: 16,878 56.9%

Delivery Status Notification (Failure) errors all over. Can I block this?
Example:

Received: from lc02.quantumsystems.com (75-148-159-227-Houston.hfc.comcastbusiness.net [75.148.159.227])
(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by mailscanner.wrhg.nl (Postfix) with ESMTPS id 84F1D4181E
for <Gray23595@domain.nl>; Mon, 17 Apr 2017 17:47:49 +0200 (CEST)
MIME-Version: 1.0
From: <postmaster@quantumsystems.com>
To: <Gray23595@domain.nl>
Date: Mon, 17 Apr 2017 10:53:06 -0500
Content-Type: multipart/report; report-type=delivery-status;
boundary="f2c04e56-89a4-4a44-9f09-6bb3bbd66fd0"
X-MS-Exchange-Message-Is-Ndr:
Content-Language: en-US
Message-ID: <ff6efb70-a925-48e2-be28-98f38e61fed6@lc02.quantumsystems.com>
In-Reply-To: <20170417214706.D0A7919889C112@domain.nl>
References: <20170417214706.D0A7919889C112@domain.nl>
Subject: Undeliverable: Do not miss on this chance to triple your money in
the market
Auto-Submitted: auto-replied

EFA Configuration -> 5 -> Mailscanner children on 2 and processing attempts on 1.
4GB RAM 2CPU's.

Let me know how I can fix this issue.
Last edited by BliXem on 17 Apr 2017 15:57, edited 1 time in total.
BliXem
Posts: 80
Joined: 27 Mar 2017 19:17

Re: DAEMON

Post by BliXem »

Mail Queues
Inbound: 768
Outbound: 55

right now. It was 600, 10 minutes ago.
BliXem
Posts: 80
Joined: 27 Mar 2017 19:17

Re: mail-DAEMON error overloading efa server

Post by BliXem »

Also:

Spam Report:
Score Matching Rule Description
address no watermark or sender

95% of this is coming in, causing an delay. Hope I can reject these 'fake' messages?
BliXem
Posts: 80
Joined: 27 Mar 2017 19:17

Re: mail-DAEMON error overloading efa server

Post by BliXem »

Everything is OK now.


Status
Mailscanner: YES 9 children
Postfix: YES 11 proc(s)
Load Average: 1 minute: 0.41
5 minutes: 0.76
15 minutes: 0.84
Mail Queues
Inbound: 1
Outbound: 66
BliXem
Posts: 80
Joined: 27 Mar 2017 19:17

Re: mail-DAEMON error overloading efa server

Post by BliXem »

And it's back. It delays legit mail for delivery. Can I do something about this?
BliXem
Posts: 80
Joined: 27 Mar 2017 19:17

Re: mail-DAEMON error overloading efa server

Post by BliXem »

Alright, it's flooding my eFa server with non-excisted-domains like:

18/04/17 12:04:28 cook7021@.nl Undelivered Mail Returned to Sender 4.78kB 15.03 Spam
18/04/17 12:04:28 pruitt601@.nl Undelivered Mail Returned to Sender 4.94kB 9.90 Spam
18/04/17 12:04:28 gilbert99277@.nl failure notice

How can I block them that not have any excisted email addresses? Is that this option: reject_unverified_recipient?
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: mail-DAEMON error overloading efa server

Post by ovizii »

is this a default EFA install or already customized?

are all these mails coming from the same or only a few IPs?

are you using RBL?
/etc/postfix/main.cf => smtpd_client_restrictions = ....... , reject_rbl_client zen.spamhaus.org
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: mail-DAEMON error overloading efa server

Post by ovizii »

you could also try this: viewtopic.php?f=14&t=1965
BliXem
Posts: 80
Joined: 27 Mar 2017 19:17

Re: mail-DAEMON error overloading efa server

Post by BliXem »

ovizii wrote: 18 Apr 2017 13:11 is this a default EFA install or already customized?

are all these mails coming from the same or only a few IPs?

are you using RBL?
/etc/postfix/main.cf => smtpd_client_restrictions = ....... , reject_rbl_client zen.spamhaus.org
I thought it would be customized by you via your installation script?

Yes, we are using zen.spamhaus and BARRACUDA.
It has many many many other IP's and not just one.
BliXem
Posts: 80
Joined: 27 Mar 2017 19:17

Re: mail-DAEMON error overloading efa server

Post by BliXem »

It's not possible to block "unknown" e-mail adressen in the FROM table?

I did enabled greylisting: Hosts / domains that are currently greylisted: [2303]
But that does work, but temperorary I think.
Woger
Posts: 67
Joined: 15 Mar 2017 10:54

Re: mail-DAEMON error overloading efa server

Post by Woger »

are the mails sent to non existing emailaddresses? Then you can use recipient address verification in Postfix. Postfix will first check if the recipient really exists by doing a fake login on the recipient mailserver. If it exists it takes the mail, if not, it refuses the mail. Works also with a local cache with tested emailaddresses.
BliXem
Posts: 80
Joined: 27 Mar 2017 19:17

Re: mail-DAEMON error overloading efa server

Post by BliXem »

Woger wrote: 19 Apr 2017 07:45 are the mails sent to non existing emailaddresses? Then you can use recipient address verification in Postfix. Postfix will first check if the recipient really exists by doing a fake login on the recipient mailserver. If it exists it takes the mail, if not, it refuses the mail. Works also with a local cache with tested emailaddresses.
Yes, exactly! And that causes bounces to not excisted e-mail addresses. So the Q is flooding and that causes the high load.
How can I set this up? Do I need to add something in the main.cf?

Update: added reject_unverified_recipient to see if this is fixing the problem.
BliXem
Posts: 80
Joined: 27 Mar 2017 19:17

Re: mail-DAEMON error overloading efa server

Post by BliXem »

Well it did fix something, but it's overflooding now with these errors:

Recipient address rejected: unverified address. said: 550 No such recipient here (in reply to RCPT TO command)

Can I do something about this?
BliXem
Posts: 80
Joined: 27 Mar 2017 19:17

Re: mail-DAEMON error overloading efa server

Post by BliXem »

The fix was: unverified_recipient_reject_code = 550

problem solved.
Post Reply