Mar 302011
 

From savingneo.com

Hello All,
If you re having problems with bounce on qmail, if you re desperate about qmail getting crazy with thousands of email, then, let me tell you, that your quest ends here! The tools that will be used in this “kind of tutorial” are included right here :

qmHandle: a tool to handle and analyse your mail queue
qmhandle-1.3.2.tar.gz [15.06 KiB]

qmail-remove: a tool to clean your queue
qmail-remove-0.93.tar
qmail-remove-0.94.tar
qmail-remove-0.95.tar

Basic things you should know
[*]Where are the mail stored ?
Usually, for a mail like [email protected] you ll find the emails in /var/qmail/mailnames/mydomain.com/hello/Maildir/new or /cur. You can view their content with nano or vi or any text editor, and read them from your linux console, given they do not contains too much html gibberish.

[*]Where is the queue stored ?
The queue, is the as it sounds to be, “all the mails that have not been yet delivered” (delivered to a local user or to a remote user(not hosted on your mail server))

Delivering the queue to the local users is not a big process, but delivering it to remote destination, well, might give a hard time to qMail sometimes ! (as for any other mail system of course)
So, the queue is physically stored in folders within /var/qmail/queue/ Let’s not bother with the details of all folders in that path, for the moment, we dont care.

[*]Why is my qmail getting crazy ?
Back in the good old times, people were nice, internet was new, and the trees were green. Nowaday, a lot of companies or a**holes are also present on internet and gives nightmares to many admins.
One of the nightmare is called SPAM Of course, there are many counters against spammer today, theirs servers IPs are marked as *bad*, anti spam software
are sold and used in every companies, etc… But there is still a way for them, they can take advantage of your mailsystem to deliver their spam .

How do they do that ?
Very easy. Really. They just have to know some of your domain names, for example : @niceguy.com they dont want to know what user you have under this domain name, they wont send any email
to [email protected] or [email protected] ! no, they will send 10000 emails to [email protected] and your qmail will generate a “Failure notice”, with the original content of the email, and try to send back a mail saying : I’m sorry, this user does not exists !

Well, here’s the trick, your qmail is only relying on the fact that the bad guy who sent you this email, wrote nicely a “reply to” header in all these 10000 emails. But the bad guy, instead of that, wrote 10000 emails of people he want to spam all over the earth. And your qmail system is now spamming all these 10000 people telling them “I’m sorry, this user does not exists !” and here the content of your email…
See ? you become the spammer ! you ll be marked as a bad guy on the internet in no time if you dont react fast ! So, let’s shield yourself !

STOP THE BOUNCE !
First thing we’ll do, if you agree, is to stop that good old bouncing system (failure notice) We re going to create a “catch all” adress on your server, so, just create a mail called [email protected] (replace niceguy.com by a domain hosted by your server of course… ) Now, using a terminal, go into the folder /var/qmail/mailnames/niceguy.com/catchall/ and enter that command

echo '#' >.qmail

this will just create a text file called “.qmail” and with just a # as a content. This sets a rule for qmail, a rule that say, any mails coming for [email protected] must be deleted immedialty, period. We have our catcher ! Now, we have two possibilities, either your using Plesk and all you have to do is to login to it, I Have Plesk so go to your domain list and check them all;
click on Group Operations and Scroll down to Preferences.
For the ‘Mail to nonexistent user’ option click the ‘Switch on’ radio button.
Then click the ‘Forward to address’ radio button and put [email protected] in the box.
Now, you just scroll down and click OK .
And that’s it for the first part.

You should do this part wether or not your having problem, cause believe me, you re going to have problems one day or the other if you dont follow that procedure. Too bad it turns off the good old bouncing system, telling people around the world “Ah, maybe you mistyped the email”. That was a pretty good idea, until the spammers came to the internet world, now, it s just a threat to have such an option activated on any mail system.

I don’t Have Plesk
Well, you ll have to write the rules yourself then
in every

/var/qmail/mailnames/domain.com/
/var/qmail/mailnames/domain2.com/
/var/qmail/mailnames/niceguy.com/
/var/qmail/mailnames/123.com/

etc.. you ll have to create a file named .qmail-default with the following content : &[email protected] you can do so by typing the following command

echo "[email protected]" > /var/qmail/mailnames/domain2.com/.qmail-default

This set the following rule for qmail : If you dont find such a user on the server, then just forward the mail to [email protected]

One may ask, hey, why dont we just put a .qmail-default with # as a content, like that the mail wont be forwarded to any catchall adress, and will just be dropped. Well, this is what a qmail expert told me when i asked him: Quote: If you reject emails they may still bounce back to your server depending on where they appear to be sent from. If someone is spoofing your IP and that is why were they bounced to you in the first place they will come back one final time. So, i dont know if that qmail guru is right or not, but i made the choice to believe him, and use the magic catchall technique !

So, if you followed that simple guide, your server should be fine now… or not… Setting these rules just made the forecoming spam attack harmless to your server, but what if your mail queue is already full ?
and those new rules are nice, but they dont care of the current queue !

Empty the queue now

Very important : Before going any further, stop the qmail service on your server,

The guy who created qmail, as good as this system may or may not be, though you would do everything with nano and vi, and provided very few admin tools to effectively work with it..
Well, there is /var/qmail/bin/qmail-qstat that will tell you how big is your queue, and maybe if your an expert, you’ll tell me that qmail is fantastic and anything can be done easily with it, but this post is not for expert, if you re an expert, I really wonder why you stumble on that post

So, let say your queue is full of thousand of emails . I’m just going to tell you how to empty it (nothing will be lost, just moved to another folder, so qmail is clean again) you have to install that qmail-remove i attached to that post you drop it in /tmp on your server and you type this


tar xvfz qmail-remove-0.95.tar.gz
cd qmail-remove-0.95
make
make install

If that does not work, maybe you dont have “make”, on debian, a “apt-get install” make could do the trick.

Ok, now you ve got qmail-remove on your system, and you have two choices
[*]Choice 1
Empty everything, and start a new life for your server, deleting all the mails that are in the queue, maybe your users wont like that, and maybe they already don’t like you because the mail system is completely crashed since hours or day because of that spam attack. If you go with this choice, just know that all your mails wont be actually deleted, they ll just be moved to the folder /var/qmail/queue/yanked/ all the emails are stored in 3 parts

/var/qmail/queue/info/21321321
/var/qmail/queue/local/21321321
/var/qmail/queue/mess/21321321

and qmail-remove will move all these 3 parts in the folder yanked, renaming them to

/var/qmail/queue/yanked/21321321.info
/var/qmail/queue/yanked/21321321.local
/var/qmail/queue/yanked/21321321.mess (the real mail content is in that file)

Code to empty the whole queue (use with care) :


qmail-remove -r -n 10 -p ""

-r tells qmail-remove to remove the mail (moving it to the folder yanked)
-n 10 tells qmail-remove to analyse the 10 first bytes of the emails
-p “” tells qmail-remove to only remove those mails that contains “” which is true for all the mails

[*]Choice 2
Maybe it wont be necessary to empty everything, and you can start by removing all the mails that contains the words Failure notice
Here’s the code :


qmail-remove -r -n 512 -i -p "Subject: Failure Notice"

-i is to ignore case

if you deleted(moved to yanked) some mails you would like to put back in the mailbox of some of your users, you ll have to find them in the yanked folder, find the XXXXX.mess ones, and move them to the folder of your user /var/qmail/mailnames/niceguy.com/contact/Maildir/new/

I’ll probably update this post later to tell you about qmHandle, basically, it s a viewer of your queue, that allows you do to many things qmail should give you the tools to do with a native installation. If you have any correction, additionnal informations, or else, please create an account on this forum(i m pretty sure the activation email will end in your spam folder cause i m not using a real SMTP server behing this forum, it s only using the basic unix mail command to send mail)

Thanks for reading, and i hope this helped some of you guys and gals !

miracl

a link to a qmail expert : http://www.noah.org/wiki/Qmail_notes

From savingneo.com

 Posted by at 12:58 pm

Sorry, the comment form is closed at this time.