Loading ...
Sorry, an error occurred while loading the content.

Mail in maildrop queue

Expand Messages
  • Andrea Cappelli
    Hello everybody, from 2 days I had a strange bahaviour in one one Postfix installation I had thousand of mails in maildrop queue, and I can t figure who
    Message 1 of 2 , Sep 19, 2013
    View Source
    • 0 Attachment
      Hello everybody,
      from 2 days I had a strange bahaviour in one one Postfix installation

      I had thousand of mails in maildrop queue, and I can't figure who
      generates it

      In the /var/log/mail.log I see a couple of line repeating

      Sep 17 14:13:04 helicon postfix/pickup[26802]: F4048C8CD1: uid=4100
      from=<$user>
      Sep 17 14:13:05 helicon postfix/cleanup[26451]: F4048C8CD1:
      message-id=<20130917121304.F4048C8CD1@$hostname>
      Sep 17 14:13:05 helicon postfix/qmgr[19330]: F4048C8CD1:
      from=<$user@$hostname>, size=317011, nrcpt=1 (queue active)
      Sep 17 14:13:10 helicon postfix/smtp[26858]: F4048C8CD1:
      to=<qqqqqqqq@...>,
      relay=mail-in.freeserve.com[193.252.22.141]:25, delay=5.2,
      delays=0.05/0.03/5.1/0, dsn=4.0.0, status=deferred (host
      mail-in.freeserve.com[193.252.22.141] refused to talk to me: 421
      mwinf5c34 ME Trop de connexions, veuillez verifier votre configuration.
      Too many connections, slow down. OUK004_104 [104])

      where $user is the linux user with uid 4100 (it's one of the sysadmins)

      The remote server stop to talk to me because I sent too many mail, and
      it's ok, what I can't figure out is from where these mail originates. In
      the man pages I read that pickup get mail from maildrop queue, but how I
      can understand which process put mail in maildrop?

      Here my main.cf

      mydestination = $hostname, localhost.localdomain, localhost
      mynetworks = 127.0.0.0/8, 172.26.2.0/23, [::1]/128

      smtpd_use_tls = yes
      smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
      smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
      smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
      smtpd_tls_security_level = may
      smtpd_error_sleep_time = 60
      smtpd_soft_error_limit = 60
      smtpd_hard_error_limit = 10

      smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
      smtp_sasl_auth_enable = no

      alias_maps = hash:/etc/aliases
      alias_database = hash:/etc/aliases

      inet_interfaces = all
      receive_override_options = no_address_mappings

      proxy_read_maps = $local_recipient_maps $mydestination
      $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
      $virtual_mailbox_domains $relay_recipient_maps $relay_domains
      $canonical_maps $sender_canonical_maps $recipient_canonical_maps
      $relocated_maps $transport_maps $mynetworks

      # SMTP policy, if mail queue with bounce grows add
      reject_unknown_recipient_domain, reject_unverified_recipient and enable
      recipient probe
      smtpd_recipient_restrictions = permit_mynetworks,
      reject_non_fqdn_recipient, permit_sasl_authenticated,
      reject_unlisted_recipient, reject_unknown_recipient_domain,
      reject_unauth_destination

      Postfix is 2.9.6 on Ubuntu 12.04

      Thanks

      --
      Andrea Cappelli
    • Wietse Venema
      ... This mail was submitted with the Postfix sendmail command by a local process that was executing as the named user with uid=4100. ... You can stop this
      Message 2 of 2 , Sep 19, 2013
      View Source
      • 0 Attachment
        Andrea Cappelli:
        > Hello everybody,
        > from 2 days I had a strange bahaviour in one one Postfix installation
        >
        > I had thousand of mails in maildrop queue, and I can't figure who
        > generates it
        >
        > In the /var/log/mail.log I see a couple of line repeating
        >
        > Sep 17 14:13:04 helicon postfix/pickup[26802]: F4048C8CD1: uid=4100
        > from=<$user>
        ...
        > where $user is the linux user with uid 4100 (it's one of the sysadmins)

        This mail was submitted with the Postfix sendmail command by
        a local process that was executing as the named user with uid=4100.

        > Sep 17 14:13:05 helicon postfix/qmgr[19330]: F4048C8CD1:
        > from=<$user@$hostname>, size=317011, nrcpt=1 (queue active)
        > Sep 17 14:13:10 helicon postfix/smtp[26858]: F4048C8CD1:
        > to=<qqqqqqqq@...>,
        > relay=mail-in.freeserve.com[193.252.22.141]:25, delay=5.2,
        > delays=0.05/0.03/5.1/0, dsn=4.0.0, status=deferred (host
        > mail-in.freeserve.com[193.252.22.141] refused to talk to me: 421
        > mwinf5c34 ME Trop de connexions, veuillez verifier votre configuration.
        > Too many connections, slow down. OUK004_104 [104])
        >
        > The remote server stop to talk to me because I sent too many mail, and
        > it's ok, what I can't figure out is from where these mail originates. In
        > the man pages I read that pickup get mail from maildrop queue, but how I
        > can understand which process put mail in maildrop?

        You can stop this with:

        # postconf -e 'authorized_submit_users = !username, static:all'

        Then, you can use "ps" to find out what processes are running with
        the privileges of that user. This may be a bad web application.

        Wietse
      Your message has been successfully submitted and would be delivered to recipients shortly.