efa-project.org

Hello,

My EFA server load is around 3-4, and there is some delay when I send a email and received (3 till 10 minutes).
My Mail Queue is 600, all about this:

B86A241844! 9352 Mon Apr 17 17:18:01 MAILER-DAEMON
Buck375@domain-domain.nl

7A73A417FE! 8759 Mon Apr 17 17:17:03 MAILER-DAEMON
Abbott12233@domain.org

581D74187E! 8941 Mon Apr 17 17:19:32 MAILER-DAEMON
Jenkins279@domain.nl

624F04186E! 14171 Mon Apr 17 17:19:05 MAILER-DAEMON
Randall31066@domain.nl

328CA4175B! 10423 Mon Apr 17 17:16:51 MAILER-DAEMON
Humphrey4369@domain-domain.nl

AA1FE40019! 9432 Mon Apr 17 17:17:48 MAILER-DAEMON
Hanson0762@domain.com

B830A41772! 66331 Mon Apr 17 17:16:49 MAILER-DAEMON
Calderon3861@domain.nl

F11A141872! 7296 Mon Apr 17 17:19:05 MAILER-DAEMON
Mcgowan9420@domain.nl

1B41041873! 9676 Mon Apr 17 17:19:05 MAILER-DAEMON
Le4923@domain
and:

Today's Totals
Processed: 29,637 1.26GB
Clean: 9,460 31.9%
Viruses: 16 0.1%
Top Virus: Js.Downloader.Jsdownloader-6260764-1
Blocked Files: 3 0.0%
Other: 2 0.0%
Spam: 3,277 11.1%
High Score Spam: 16,878 56.9%

Delivery Status Notification (Failure) errors all over. Can I block this?
Example:

Received: from lc02.quantumsystems.com (75-148-159-227-Houston.hfc.comcastbusiness.net [75.148.159.227])
(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by mailscanner.wrhg.nl (Postfix) with ESMTPS id 84F1D4181E
for <Gray23595@domain.nl>; Mon, 17 Apr 2017 17:47:49 +0200 (CEST)
MIME-Version: 1.0
From: <postmaster@quantumsystems.com>
To: <Gray23595@domain.nl>
Date: Mon, 17 Apr 2017 10:53:06 -0500
Content-Type: multipart/report; report-type=delivery-status;
boundary="f2c04e56-89a4-4a44-9f09-6bb3bbd66fd0"
X-MS-Exchange-Message-Is-Ndr:
Content-Language: en-US
Message-ID: <ff6efb70-a925-48e2-be28-98f38e61fed6@lc02.quantumsystems.com>
In-Reply-To: <20170417214706.D0A7919889C112@domain.nl>
References: <20170417214706.D0A7919889C112@domain.nl>
Subject: Undeliverable: Do not miss on this chance to triple your money in
the market
Auto-Submitted: auto-replied

EFA Configuration -> 5 -> Mailscanner children on 2 and processing attempts on 1.
4GB RAM 2CPU's.

Let me know how I can fix this issue.

Mail Queues
Inbound: 768
Outbound: 55

right now. It was 600, 10 minutes ago.

Also:

Spam Report:
Score Matching Rule Description
address no watermark or sender

95% of this is coming in, causing an delay. Hope I can reject these 'fake' messages?

Everything is OK now.


Status
Mailscanner: YES 9 children
Postfix: YES 11 proc(s)
Load Average: 1 minute: 0.41
5 minutes: 0.76
15 minutes: 0.84
Mail Queues
Inbound: 1
Outbound: 66

And it's back. It delays legit mail for delivery. Can I do something about this?

Alright, it's flooding my eFa server with non-excisted-domains like:

18/04/17 12:04:28 cook7021@.nl Undelivered Mail Returned to Sender 4.78kB 15.03 Spam
18/04/17 12:04:28 pruitt601@.nl Undelivered Mail Returned to Sender 4.94kB 9.90 Spam
18/04/17 12:04:28 gilbert99277@.nl failure notice

How can I block them that not have any excisted email addresses? Is that this option: reject_unverified_recipient?

is this a default EFA install or already customized?

are all these mails coming from the same or only a few IPs?

are you using RBL?
/etc/postfix/main.cf => smtpd_client_restrictions = ....... , reject_rbl_client zen.spamhaus.org

you could also try this: viewtopic.php?f=14&t=1965

ovizii wrote: 18 Apr 2017 13:11 is this a default EFA install or already customized?

are all these mails coming from the same or only a few IPs?

are you using RBL?
/etc/postfix/main.cf => smtpd_client_restrictions = ....... , reject_rbl_client zen.spamhaus.org

I thought it would be customized by you via your installation script?

Yes, we are using zen.spamhaus and BARRACUDA.
It has many many many other IP's and not just one.

It's not possible to block "unknown" e-mail adressen in the FROM table?

I did enabled greylisting: Hosts / domains that are currently greylisted: [2303]
But that does work, but temperorary I think.

are the mails sent to non existing emailaddresses? Then you can use recipient address verification in Postfix. Postfix will first check if the recipient really exists by doing a fake login on the recipient mailserver. If it exists it takes the mail, if not, it refuses the mail. Works also with a local cache with tested emailaddresses.

Woger wrote: 19 Apr 2017 07:45 are the mails sent to non existing emailaddresses? Then you can use recipient address verification in Postfix. Postfix will first check if the recipient really exists by doing a fake login on the recipient mailserver. If it exists it takes the mail, if not, it refuses the mail. Works also with a local cache with tested emailaddresses.

Yes, exactly! And that causes bounces to not excisted e-mail addresses. So the Q is flooding and that causes the high load.
How can I set this up? Do I need to add something in the main.cf?

Update: added reject_unverified_recipient to see if this is fixing the problem.

Well it did fix something, but it's overflooding now with these errors:

Recipient address rejected: unverified address. said: 550 No such recipient here (in reply to RCPT TO command)

Can I do something about this?

The fix was: unverified_recipient_reject_code = 550

problem solved.