sendmail -bpc concerns with excessive queued mail
Forgive me in advance for my lack of knowledge on this issue, but my webserver is a CentOS machine that is primarily unmanaged. My work (web-related) through SSH is limited. However, I did know a command 'sendmail -bpc' that from my understanding will show the active mail queue. Right now it's slowly rising, but sits at around 8500 - which in my mind can't be good... Are there any troubleshooting documents/manuals or helpful sites to see what those 8500 are and if there's some better way to address. Any direct suggestions or tips as far as commands in seeing what those are would be helpful as well.
My biggest concern of course is memory, and that there might be a leak or some robot/spambot taking advantage of a vulnerability.
My biggest concern of course is memory, and that there might be a leak or some robot/spambot taking advantage of a vulnerability.
...and, if you're an open relay, you need to update /etc/mail/access with IPs allowed to relay and hash it.
ASKER
[_jesper_]>>"mailq" is the command you need.
looks like that's not installed setup on my CentOS machine, I get:
"-bash: mailq: command not found"
Any suggestions?
As an additional tid-bit, there are 100's of client sites on this server - it's not shared but our office has many clients - so perhaps having 8000+ show up using 'sendmail -bpc' is normal?
looks like that's not installed setup on my CentOS machine, I get:
"-bash: mailq: command not found"
Any suggestions?
As an additional tid-bit, there are 100's of client sites on this server - it's not shared but our office has many clients - so perhaps having 8000+ show up using 'sendmail -bpc' is normal?
If you want the queue and don't have mailq or it is not in the path:
sendmail -bp
I've worked servers with thousands of clients and the only time I saw that volume is when the mail server was receiving spam.
cd /var/spool/mqueue
grep "Received: " qf* > /path/to/some/file
sendmail -bp
I've worked servers with thousands of clients and the only time I saw that volume is when the mail server was receiving spam.
cd /var/spool/mqueue
grep "Received: " qf* > /path/to/some/file
ASKER
_jesper_,
What will 'grep "Received: " qf* > /path/to/some/file' do?
What will 'grep "Received: " qf* > /path/to/some/file' do?
The 'Received' line in the 'qf' files in the mail queue directory contain the IP address of the sender.
ASKER
_jesper_,
Sorry for the delay - I'm not at my regular work station so I don't have to tools to test/troubleshoot. However, I wanted to give you an update so you know I haven't abandoned this - I will followup in a couple of days.
Sorry for the delay - I'm not at my regular work station so I don't have to tools to test/troubleshoot. However, I wanted to give you an update so you know I haven't abandoned this - I will followup in a couple of days.
ASKER
_jesper_,
What should '/path/to/some/file' be? Path to sendmail main dir?
What should '/path/to/some/file' be? Path to sendmail main dir?
No.
If your home directory is: /home/level9wizard, then
/path/to/some/file is /home/level9wizard/smtp-da
'smtp-data' can be any filename. That's just an example. Once you generate that file, it would be easy enough to determine the offending IP address.
If your home directory is: /home/level9wizard, then
/path/to/some/file is /home/level9wizard/smtp-da
'smtp-data' can be any filename. That's just an example. Once you generate that file, it would be easy enough to determine the offending IP address.
ASKER
_jesper_,
Oops! At first glance I didn't notice you were writing that to a file, (I read it wrong) - and thanks for the speedy follow-up after me having left this for several days.
I don't have /var/spool/mqueue on my setup (looks like Exim, but both 'exim -epc' and 'sendmail -bpc' both produce the same count). I took a quick google but could not find where this path might also be (using CentOS as server). Any ideas?
Oops! At first glance I didn't notice you were writing that to a file, (I read it wrong) - and thanks for the speedy follow-up after me having left this for several days.
I don't have /var/spool/mqueue on my setup (looks like Exim, but both 'exim -epc' and 'sendmail -bpc' both produce the same count). I took a quick google but could not find where this path might also be (using CentOS as server). Any ideas?
ASKER
Looks like this isn't getting any less filled with cobwebs... :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No answer, closing for lack of activity.Looking for assistance elsewhere.
cd /var/log
grep -i "from=<" maillog | grep -i relay | more
and get the originating IP addresses. If they're your IPs, someone within your network is infected (get the IP out of the logs). If it's an IP off of your network and not a customer, you may be configured as an open relay.
And, if these mails are spam, then stop sendmail. Go to the queue (typically /var/spool/mqueue), delete the spam messages from that IP (qf and df files) and start sendmail.