Solved

Extra Outbound Messages in Qmail

Posted on 2009-05-13
7
1,143 Views
Last Modified: 2013-12-02
I have NDRs for *legitimate* outbound email from extra addresses that were not on the original message created by the user.

For example, user A sends email to user C@work.com about something.  A little later user A will get an NDR saying "Could not deliver your message to userx@somewhereelse.com. A copy of the message is below" and it's the legit email.

Can you offer me some troubleshooting and maintenance things to try?  I'm an exchange admin who fell into Qmail admin almost by accident, so I don't really know what I'm doing.  I know my basic way around the unix command line, but not too deep.
Thanks for your time.
Scott
0
Comment
Question by:Scottmanoh
  • 4
  • 3
7 Comments
 

Author Comment

by:Scottmanoh
ID: 24394245
More details.  Here is the NDR:

Hi. This is the qmail-send program at vpop.interlogusa.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<####@##########.com>:
qmail-spawn unable to open message. (#4.3.0) I'm not going to try again; this message has been in the queue too long.

<there are 4 of these, all very similar legitimate looking email addresses and then>
--- Below this line is a copy of the message.


The message below the line is a legitimate email that was delivered to an associate in our company.

Thanks for any suggestions you might be able to give.
Scott
0
 
LVL 20

Expert Comment

by:Daniel McAllister
ID: 24396524
You seem to have a permissions error in your QMail Queue. The result is that the service that delivers messages is unable to open those messages for delivery, and perhaps is also prohibited from adding or removing messages from the queue as well.

The typical QMail queue is located at /var/qmail/queue, and since we're debugging permissions, the permissions of this folder should be 750, with the OWNER being qmailq & the group qmail.

The contents of this folder should be the following folders:
 bounce, info, local, & remote - all should be OWNED by qmails & belong to the GROUP qmail
 intd, lock, mess, pid, & todo - all should be OWNED by qmailq & belong to the GROUP qmail
(NOTE: half are owned by qmailS & the other half by qmailQ)

Permissions on all should be 700 - EXCEPT for lock, mess, & todo - which should be 750!

A fully-featured Queue will have 23 (0-22) sub-folders (named, curiously enough, "0" thru "22") in each of the following folders: info, local, mess, & remote. The other folders should have no sub-folders.

A NOTE OF CAUTION: my user & group names (as well as the location of the queue) assumes you installed QMail in the same way/place as "Life With QMail" -- your implementation may be different. Even so, the permissions will need to be as shown above.

I hope this helps....

Dan
IT4SOHO

PS: One last thing -- the above error can also be caused by a FULL hard drive -- check to make sure your queue has space to work in!
0
 

Author Comment

by:Scottmanoh
ID: 24396784
Thanks Dan, I appreciate you writing!  

All permissions are as you have noted above.
Additionally, the disk with the queue's is only 10% of capacity.

The messages that could not be opened look like attempts to send copies of a legitimate email to people NOT originally on the To: or CC: or Bcc: fields.

In other words, he meant to send it to user A, but it also tried to send to user b, c and d, who were not supposed to get it, and not addressed in the message when he composed it on his PC.

Scott
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 20

Accepted Solution

by:
Daniel McAllister earned 500 total points
ID: 24397040
Hmmm.... that IS unusual -- the TO and FROM sections of the message are stored separately in the queue (they are organized by message number)...

Say I receive a message from a@source.com addressed to b@dest.com. When I start receiving the message, I assign the message a number -- say, 123456 for now.

I will place the content of the message into the mess queue in a file named 123456. I will then create a file in the local queue, also named 123456, with the list of recipients (to my knowledge, the TO: recipients get a prefix of T, CC recipients get a C, and BCC recipients get a B -- so in the case above, the entry in local will be Tb@dest.com.

If there are recipients for other servers (like a message that is CC'd to another user at another domain), then an entry is made (file created named 123456) in the remote queue just like the local queue.

Lastly, there is an entry made (file created named 123456) in the info queue that will indicate who the message was from (Fa@source.com).

In this way, a message received for multiple recipients can be entered into multiple queues without having to duplicate the entire message body!

The program qmail-local (service, actually) will read the local queue and deliver messages locally (and remove the 123456 entry from the local queue when this has been completed).

The program qmail-remote (again, a service) will read the remote queue and deliver messages to remote servers, again removing the 123456 entry when completed.

Finally, the qmail-clean service will remove the message body when there are no more entries in the local or remote queues!

OK... so how does this affect you?

There are only 2 ways (unobscure ways) that the message could be delivered incorrectly locally:
 1) someone or something is messing with the local queue entry, or
 2) there is a forward or alias definition making the message go to a mailbox you're not expecting.

The latter is more probable (assuming your permissions are correct), so I'd  next check the .qmail files for the users affected (or your MySQL database if you're using that as a back-end).

I hope this helps...

Dan
IT4SOHO
0
 

Author Comment

by:Scottmanoh
ID: 24397146
Thanks again Dan,

In addition to checking .qmail files,  is there a set of regular maintenance routines I should be doing on my QMAIL server?

Thanks
0
 
LVL 20

Expert Comment

by:Daniel McAllister
ID: 24397287
Actually no... QMail generally runs (and cleans up after itself) quite well. In my experience, once it is setup correctly, the only maintenance required is user-generated (add, remove, modify users, domains, admins, etc.).

Then again, I use the QMail Toaster and only bother to "update" anything other than CLAM about once a year or so! :-) (QMail itself hasn't been "updated" in many years -- it doesn't need it! What is generally updated are the "add-on" packages like the SPAM & antivirus filters, or the management programs.)

Good luck!

Dan
IT4SOHO
0
 
LVL 20

Expert Comment

by:Daniel McAllister
ID: 24397299
BTW: if this behavior is being caused by a forward, then that is a user config issue (possibly caused directly by the user!), not a general QMail issue...

Dan
IT4SOHO
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Familiarize people with the process of utilizing SQL Server stored procedures from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Micr…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question