Warning: Mail Queue Size Exceeded from anonymous@xxxx

General Interworx Control Panel Info General Inquries
, ,
1

Hello.

Seems i keep getting emails today (just started for 1st time) from the server notifying me:

--------------------[h=2]Warning: Mail Queue Size Exceeded[/h]
Hello, this is an automated e-mail generated by your control panel. I’ve detected a potential problem on this server ({$hostname}). You may want to look into it. Details of the problem are below.
Mail queue size limit of 1000 exceeded. The current number of messages in the mail queue is: 11590
There may be a spamming problem.

I am assuming this is spam as its a low utilized server. Anonymous@email.com does not exist. I assume i have ‘allow anonymous users on’ somewhere? Anyone able to point me in the right direction to disable/stop this?

2

Hi icer

I hope you don’t mind, but as these emails are in your que, cannot you just view one, to which domain they were sent to, then check if catchall is on for that domain, which if it is, turn it off

You can turn off catch all accounts as default, from nodeworx plugins I think memory

You may also want to consider spamdyke

I hope that helps a little

Many thanks

John

3

An easier solution is using tar baby.

http://wiki.junkemailfilter.com/index.php/Project_tarbaby

Project Tarbaby helps you reduce spam and helps us at Junk Email Filter build our blacklist. This is done by adding a fake MX record to your existing MX lists. The fake MX record will be your highest numbered MX and it will point to one of our servers. We will not actually receive any of your email under any circumstances. We will return a 451 temporary error immediately after the DATA command. This tells the sender to come back later and try again. Good email is never lost using this method. Here’s what a connection to tarbaby looks like:

mail.example.com 10
backup.example.com 20
tarbaby.junkemailfilter.com 30

4

“Tarpitting” has been added to InterWorx as well. Here is the configuration steps:

To enable Tarpitting edit

/etc/tcprules.d/tcp.smtp

Add

,GREETDELAY="5",DROP_PRE_GREET="1"

to end of the :allow line. For example.

:allow,LANG="en_US",QMAILQUEUE="/var/qmail/bin/simscan",CHKUSER_MBXQUOTA="99",GREETDELAY="5",DROP_PRE_GREET="1"

Run

~vpopmail/bin/clearopensmtp

Tarpitting will now be enabled. If a sender attempts to issue commands to the mail server before the banner they are dropped.

nathan@work ~ - $ telnet nate1.corp.interworx.com 25
Trying 10.1.16.140...
Connected to nate1.corp.interworx.com.
Escape character is '^]'.
HELO nate
554 SMTP protocol violation
Connection closed by foreign host.
5

Hi Nathan,

Can you do a cat /etc/tcprules.d/tcp.smtp

I am getting debug2: client_check_window_change: changed errors

6

Hi inodecloud

I just tried this this morning and it worked lovely

Centos 6.8, IW 5.1.17 RL

I am a little unclear where your getting your error - is it when your editing tcp.smtp

Many thanks

John

7

Hey John,

CentOS 6.8, IW 5.1.14 R(default)

I get that error when i test it with telnet.

8

Hi Inodecloud
Many thanks, and here is my cat, and test results
Just a thought, are you clustered and did you try restart qmail in full
Many thanks
John

cat /etc/tcprules.d/tcp.smtp

127.:allow,RELAYCLIENT="",JGREYLIST=""
::1:allow,RELAYCLIENT="",JGREYLIST=""
:allow,LANG=“en_US”,QMAILQUEUE="/var/qmail/bin/simscan",CHKUSER_MBXQUOTA=“99”,JGREYLIST_DIR="/var/qmail/jgreylist",JGREYLIST="",GREETDELAY=“5”,DROP_PRE_GREET=“1”
Telnet Test
telnet ns4.redacted.url 25
ehlo
554 SMTP protocol violation
Connection to host lost.
Telnet Good Connect after 5 secs
220 ns4.redacted.url InterWorx-CP SMTP Server ESMTP
helo me
250 ns4.redacted.url InterWorx-CP SMTP Server

9

I see what i did wrong now, thanks John.

10

sorry to bump up and old topic

is Tarpitting still added interworx ?
I tried just out of interest but don’t get the 5 second delay
thank you

11

Hi Bear

That’s a good question and the answer is it appears to have been dropped from been used. This appears to be on Centos 7 or later versions of IW perhaps.

However, you can add it as follows:

SSH into your server

vi /etc/tcprules.d/tcp.smtp

add the following to end of file, so it should appear as below. Note GREETDELAY= can be altered to any number of seconds you want, so 5 seconds could become 3 seconds if you alter 5 to 3 etc…

,GREETDELAY=“5”,DROP_PRE_GREET=“1”

so tcp.smtp should look like this:

127.:allow,RELAYCLIENT="",JGREYLIST=""
::1:allow,RELAYCLIENT="",JGREYLIST=""
:allow,LANG=“en_US”,QMAILQUEUE="/var/qmail/bin/simscan",CHKUSER_MBXQUOTA=“99”,JGREYLIST_DIR="/var/qmail/jgreylist",JGREYLIST="",GREETDELAY=“5”,DROP_PRE_GR EET=“1”

Save

run the following:

~vpopmail/bin/clearopensmtp

You should see no errors, if you see erorrs then you have mistyped or missed the comma at start of addition to add

Test and you should see greeting delay matching your delay time in seconds

Many thanks and stay safe

John

12

Hi Bear

Sorry I was thinking about this and reread the thread and I thnk it was added as an ability to have if you configure it.

So yes, it is still active if you configure it for use

If yours is not working, please post your error or contact IW support

Many thanks and stay safe

John

13

Yes it does in fact work after re-testing, not sure if its good to have enabled or not.
was just interested if it still worked.
thank you for your reply

14

This solution worked fine for me. After changes dont forget to restart to take effects.