Solved

Extra Outbound Messages in Qmail

Posted on 2009-05-13
7
1,134 Views
Last Modified: 2013-12-02
I have NDRs for *legitimate* outbound email from extra addresses that were not on the original message created by the user.

For example, user A sends email to user C@work.com about something.  A little later user A will get an NDR saying "Could not deliver your message to userx@somewhereelse.com. A copy of the message is below" and it's the legit email.

Can you offer me some troubleshooting and maintenance things to try?  I'm an exchange admin who fell into Qmail admin almost by accident, so I don't really know what I'm doing.  I know my basic way around the unix command line, but not too deep.
Thanks for your time.
Scott
0
Comment
Question by:Scottmanoh
  • 4
  • 3
7 Comments
 

Author Comment

by:Scottmanoh
ID: 24394245
More details.  Here is the NDR:

Hi. This is the qmail-send program at vpop.interlogusa.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<####@##########.com>:
qmail-spawn unable to open message. (#4.3.0) I'm not going to try again; this message has been in the queue too long.

<there are 4 of these, all very similar legitimate looking email addresses and then>
--- Below this line is a copy of the message.


The message below the line is a legitimate email that was delivered to an associate in our company.

Thanks for any suggestions you might be able to give.
Scott
0
 
LVL 20

Expert Comment

by:Daniel McAllister
ID: 24396524
You seem to have a permissions error in your QMail Queue. The result is that the service that delivers messages is unable to open those messages for delivery, and perhaps is also prohibited from adding or removing messages from the queue as well.

The typical QMail queue is located at /var/qmail/queue, and since we're debugging permissions, the permissions of this folder should be 750, with the OWNER being qmailq & the group qmail.

The contents of this folder should be the following folders:
 bounce, info, local, & remote - all should be OWNED by qmails & belong to the GROUP qmail
 intd, lock, mess, pid, & todo - all should be OWNED by qmailq & belong to the GROUP qmail
(NOTE: half are owned by qmailS & the other half by qmailQ)

Permissions on all should be 700 - EXCEPT for lock, mess, & todo - which should be 750!

A fully-featured Queue will have 23 (0-22) sub-folders (named, curiously enough, "0" thru "22") in each of the following folders: info, local, mess, & remote. The other folders should have no sub-folders.

A NOTE OF CAUTION: my user & group names (as well as the location of the queue) assumes you installed QMail in the same way/place as "Life With QMail" -- your implementation may be different. Even so, the permissions will need to be as shown above.

I hope this helps....

Dan
IT4SOHO

PS: One last thing -- the above error can also be caused by a FULL hard drive -- check to make sure your queue has space to work in!
0
 

Author Comment

by:Scottmanoh
ID: 24396784
Thanks Dan, I appreciate you writing!  

All permissions are as you have noted above.
Additionally, the disk with the queue's is only 10% of capacity.

The messages that could not be opened look like attempts to send copies of a legitimate email to people NOT originally on the To: or CC: or Bcc: fields.

In other words, he meant to send it to user A, but it also tried to send to user b, c and d, who were not supposed to get it, and not addressed in the message when he composed it on his PC.

Scott
0
Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

 
LVL 20

Accepted Solution

by:
Daniel McAllister earned 500 total points
ID: 24397040
Hmmm.... that IS unusual -- the TO and FROM sections of the message are stored separately in the queue (they are organized by message number)...

Say I receive a message from a@source.com addressed to b@dest.com. When I start receiving the message, I assign the message a number -- say, 123456 for now.

I will place the content of the message into the mess queue in a file named 123456. I will then create a file in the local queue, also named 123456, with the list of recipients (to my knowledge, the TO: recipients get a prefix of T, CC recipients get a C, and BCC recipients get a B -- so in the case above, the entry in local will be Tb@dest.com.

If there are recipients for other servers (like a message that is CC'd to another user at another domain), then an entry is made (file created named 123456) in the remote queue just like the local queue.

Lastly, there is an entry made (file created named 123456) in the info queue that will indicate who the message was from (Fa@source.com).

In this way, a message received for multiple recipients can be entered into multiple queues without having to duplicate the entire message body!

The program qmail-local (service, actually) will read the local queue and deliver messages locally (and remove the 123456 entry from the local queue when this has been completed).

The program qmail-remote (again, a service) will read the remote queue and deliver messages to remote servers, again removing the 123456 entry when completed.

Finally, the qmail-clean service will remove the message body when there are no more entries in the local or remote queues!

OK... so how does this affect you?

There are only 2 ways (unobscure ways) that the message could be delivered incorrectly locally:
 1) someone or something is messing with the local queue entry, or
 2) there is a forward or alias definition making the message go to a mailbox you're not expecting.

The latter is more probable (assuming your permissions are correct), so I'd  next check the .qmail files for the users affected (or your MySQL database if you're using that as a back-end).

I hope this helps...

Dan
IT4SOHO
0
 

Author Comment

by:Scottmanoh
ID: 24397146
Thanks again Dan,

In addition to checking .qmail files,  is there a set of regular maintenance routines I should be doing on my QMAIL server?

Thanks
0
 
LVL 20

Expert Comment

by:Daniel McAllister
ID: 24397287
Actually no... QMail generally runs (and cleans up after itself) quite well. In my experience, once it is setup correctly, the only maintenance required is user-generated (add, remove, modify users, domains, admins, etc.).

Then again, I use the QMail Toaster and only bother to "update" anything other than CLAM about once a year or so! :-) (QMail itself hasn't been "updated" in many years -- it doesn't need it! What is generally updated are the "add-on" packages like the SPAM & antivirus filters, or the management programs.)

Good luck!

Dan
IT4SOHO
0
 
LVL 20

Expert Comment

by:Daniel McAllister
ID: 24397299
BTW: if this behavior is being caused by a forward, then that is a user config issue (possibly caused directly by the user!), not a general QMail issue...

Dan
IT4SOHO
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

This short article will present "How to import ICS Calendar onto Office 365 Calendar". I was searching for free (or not free) tools to convert ICS to CSV without success. The only tools I found & working well were online tools...this was too hard to…
Email signatures have numerous marketing benefits. Here are 8 top reasons to turn your email signature into a marketing channel.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now