Koozali.org formerly Contribs.org

Contribs.org Forums => SME Server 9.x => Topic started by: shawnbishop on April 07, 2019, 06:36:07 PM

Title: Mail Queue Increasing - Error in qpsmtpdl/current
Post by: shawnbishop on April 07, 2019, 06:36:07 PM
Good day

The mail queue on our Smeserver 9.2 is growing, it is now sitting at over 1200 emails from over a week ago. The server is up to date, and we have done a reboot.

We have checked the Blacklisting and it is not blacklisted.

We have this error in the qpsmtpd/current log

@400000005caa25283364557c 22684 (connect) earlytalker: pass, not spontaneous
@400000005caa25283380f984 22684 (connect) relay: skip, no match
@400000005caa25283388e4dc 22684 220 sbs-srv.sentinelle.co.za ESMTP
@400000005caa252a334f5294 22684 dispatching EHLO User
@400000005caa252a33b6d2ac 22684 FATAL PLUGIN ERROR [helo]:  Quantifier follows nothing in regex; marked by <-- HERE in m/* <-- HERE @range109-149.btcentralplus.com/ at /usr/share/qpsmtpd/plugins/helo line 336.
@400000005caa252a33c33a74 22684 250-sentinelle.co.za Hi Unknown [91.212.150.158]
@400000005caa252a33c3afa4 22684 250-PIPELINING
@400000005caa252a33c420ec 22684 250-8BITMIME
@400000005caa252a33c49a04 22684 250-SIZE 50000000
@400000005caa252a33c51704 22684 250-STARTTLS
@400000005caa252a33c5807c 22684 250 AUTH PLAIN LOGIN
@400000005caa252e0b0a976c 22684 dispatching RSET
@400000005caa252e0b0eeccc 22684 250 OK
@400000005caa253122653e94 22684 dispatching AUTH LOGIN
@400000005caa2531226ca134 22684 334 VXNlcm5hbWU6
@400000005caa253438d6125c 22684 334 UGFzc3dvcmQ6
Title: Re: Mail Queue Increasing - Error in qpsmtpdl/current
Post by: mmccarn on April 07, 2019, 09:00:52 PM
qpsmtpd is used for in-bound smtp connections; outbound smtp is handled by qmail.

If qpsmtpd is failing to accept messages due to the error you've posted, then the corresponding emails will not be in the mail queue.

Mail queue:
Take a look at /var/log/qmail/current to see what your server is doing instead of delivering mail.

qpsmtpd helohost plugin:
If you have made any customizations related to the qpsmtpd helo plugin, revert them and see if that eliminates the errors.

Here is the qpsmtpd config for 'helo' on my system - the declaration in peers/0 has 4 arguments ("policy rfc reject 1"):
Code: [Select]
# grep helo /var/service/qpsmtpd/config/peers/{0,local}
/var/service/qpsmtpd/config/peers/0:helo policy rfc reject 1
/var/service/qpsmtpd/config/peers/local:# 15helo disabled for local connections
Title: Re: Mail Queue Increasing - Error in qpsmtpdl/current
Post by: ReetP on April 07, 2019, 09:15:41 PM
Looks like a you may have modified your helo plugin ?

What does this say?

Code: [Select]
grep -rn "Quantifier" /usr/share/qpsmtpd/plugins/helo
And this?

Code: [Select]
/sbin/e-smith/audittools/templates
Below is the code from my helo plugin.

   321   sub is_regex_match {
   322       my ($self, $host, $pattern) = @_;
   323   
   324       my $error = "Your HELO hostname is not allowed";
   325   
   326       #$self->log( LOGDEBUG, "is regex ($pattern)");
   327       if (substr($pattern, 0, 1) eq '!') {
   328           $pattern = substr $pattern, 1;
   329           if ($host !~ /$pattern/) {
   330   
   331               #$self->log( LOGDEBUG, "matched ($pattern)");
   332               return $error, "badhelo pattern match ($pattern)";
   333           }
   334           return;
   335       }
   336       if ($host =~ /$pattern/) {
   337   
   338           #$self->log( LOGDEBUG, "matched ($pattern)");
   339           return $error, "badhelo pattern match ($pattern)";
   340       }
   341       return;
   342   }
 
Title: Re: Mail Queue Increasing - Error in qpsmtpdl/current
Post by: shawnbishop on April 08, 2019, 07:38:45 AM
Morning

@mmccarn

Mail queue:
The out put from the /var/log/qmail/current doesnt look unusual, except for all the anonymous emails

@400000005caada0f2bc5026c info msg 40370544: bytes 6713 from <anonymous@sentinelle.co.za> qp 4247 uid 0
@400000005caada0f2bd7abc4 starting delivery 6180: msg 40370544 to local alias-localdelivery-admin@sentinelle.co.za
@400000005caada0f2bd7afac status: local 1/20 remote 0/20
@400000005caada0f2cd6d414 new msg 40370730
@400000005caada0f2cd70eac info msg 40370730: bytes 6837 from <anonymous@sentinelle.co.za> qp 4312 uid 400
@400000005caada0f2ce4aef4 starting delivery 6181: msg 40370730 to local admin@sbs-srv.sentinelle.co.za
@400000005caada0f2ce4ddd4 status: local 2/20 remote 0/20
@400000005caada0f2ce5956c delivery 6180: success: forward:_qp_4312/did_0+0+1/
@400000005caada0f2ce6973c status: local 1/20 remote 0/20
@400000005caada0f2ce74704 end msg 40370544
@400000005caada0f2f7427bc delivery 6181: success: did_1+0+1/
@400000005caada0f2f742f8c status: local 0/20 remote 0/20
@400000005caada0f2f742f8c end msg 40370730
@400000005caada3e0dec2004 new msg 40370730
@400000005caada3e0dec27d4 info msg 40370730: bytes 4084 from <annap@icon.co.za> qp 4329 uid 453
@400000005caada3e0dfd90dc starting delivery 6182: msg 40370730 to local palesatsita-palesa@sentinelle.co.za
@400000005caada3e0dfdb404 status: local 1/20 remote 0/20
@400000005caada3e0dfe2934 starting delivery 6183: msg 40370730 to local mail.log-maillog@sentinelle.co.za
@400000005caada3e0dfe4c5c status: local 2/20 remote 0/20
@400000005caada3e0e38b964 delivery 6183: success: did_1+0+1/
@400000005caada3e0e38fbcc status: local 1/20 remote 0/20
@400000005caada3e186a8aac delivery 6182: success: did_1+0+1/
@400000005caada3e186a927c status: local 0/20 remote 0/20
@400000005caada3e186ae86c end msg 40370730
@400000005caada4f3670f93c new msg 40370730
@400000005caada4f3670fd24 info msg 40370730: bytes 96851 from <bounce-181_HTML-177192230-963747-7229598-2383@bounce.mails.takealot.com> qp 4343 uid 453
@400000005caada4f3682a894 starting delivery 6184: msg 40370730 to local kgomotsothantsha-kgomotso@sentinelle.co.za
@400000005caada4f3682c004 status: local 1/20 remote 0/20
@400000005caada4f3683391c starting delivery 6185: msg 40370730 to local mail.log-maillog@sentinelle.co.za
@400000005caada4f36834ca4 status: local 2/20 remote 0/20

qpsmtpd helohost plugin:
I have not made any modifications to the plugin

Output from qpsmtpd HELO plugin is as follows
grep helo /var/service/qpsmtpd/config/peers/{0,local}
/var/service/qpsmtpd/config/peers/0:helo policy lenient reject naughty
/var/service/qpsmtpd/config/peers/local:# 15helo disabled for local connections

Answers to ReetP

No modifications to the helo plugin done, the output as follows
[root@sbs-srv ~]# grep -rn "Quantifier" /usr/share/qpsmtpd/plugins/helo
[root@sbs-srv ~]#

Audittools output as follows
/sbin/e-smith/audittools/templates
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local/17check_basicheaders: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0/17check_basicheaders: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/crontab/weeklybackup: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/dhcpd.conf/25DomainNameServers: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/dhcpd.conf/25LeaseTimeMax: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/dhcpd.conf/25LeaseTimeDefault: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/dhcpd.conf/25Routers: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/hosts.allow/sshd: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates/var/service/tinydns/root/data/50domainARecords.bat: MANUALLY_ADDED


Title: Re: Mail Queue Increasing - Error in qpsmtpdl/current
Post by: ReetP on April 08, 2019, 10:26:51 AM
Whats here?

/qpsmtpd/config/peers/local/17check_basicheaders: MANUALLY_ADDED, ADDITION
Title: Re: Mail Queue Increasing - Error in qpsmtpdl/current
Post by: mmccarn on April 08, 2019, 02:45:53 PM
qpsmtpd
It looks to me like line 336 in /usr/share/qpsmtpd/plugins/helo is related to comparing the incoming email hostname to the regex values from /var/service/qpsmtpd/config/badhelo - take a look to make sure that file looks reasonable (the default content is a block of headers plus "aol.com" and "yahoo.com" on separate lines)

You can get more info by increasing the qpsmtpd loglevel to 'debug' temporarily
Code: [Select]
config setprop qpsmtpd LogLevel 8
signal-event email-update
(this makes the log files fill up and rotate very quickly...)

Revert to default logging using:
Code: [Select]
config setprop qpsmtpd LogLevel 6
signal-event email-update

mail queue
Look in the mail queue to see if you can figure out more information on the undelivered messages:
- do they share a common sender or recipient?
- do they share a common sending host HELO/EHLO or IP?
- are they being sent 'to' real mailboxes, or mailing lists (there were problems long ago related to spam filtering for mailing lists)

17check_basicheaders
SME 9.2 included an update to qpsmtpd 0.96 (https://wiki.contribs.org/Qpsmtpd); the new version removed the "check_basicheaders" plugin and introduced headers (https://wiki.contribs.org/Qpsmtpd:headers) -- your old templates related to check_basicheaders may need to be adjusted or removed.

(The 'headers' plugin solved the 'no date header' problem that plagued 'check_basicheaders')
Title: Re: Mail Queue Increasing - Error in qpsmtpdl/current
Post by: ReetP on April 08, 2019, 02:50:36 PM
Thank Mike.

Country hopping here !!
Title: Re: Mail Queue Increasing - Error in qpsmtpdl/current
Post by: CharlieBrady on April 10, 2019, 04:30:35 PM
@400000005caa252a334f5294 22684 dispatching EHLO User
@400000005caa252a33b6d2ac 22684 FATAL PLUGIN ERROR [helo]:  Quantifier follows nothing in regex; marked by <-- HERE in m/* <-- HERE @range109-149.btcentralplus.com/ at /usr/share/qpsmtpd/plugins/helo line 336.
@400000005caa252a33c33a74 22684 250-sentinelle.co.za Hi Unknown [91.212.150.158]

You have '*@range109-149.btcentralplus.com' I think in your 'badhelo' configuration file. That line is being interpreted as a regular expression, but you can't have a regular expression which starts with *. You could start it with .* and you won't see that error, but that wouldn't make sense for a 'badhelo' entry. Perhaps you mean 'range109-149.btcentralplus.com'. Or just delete that line. Or clear the related db entry.
Title: Re: Mail Queue Increasing - Error in qpsmtpdl/current
Post by: shawnbishop on April 15, 2019, 08:03:58 AM
Good day

Thanks for the valuable input, I will have a look today and provide feedback..
Title: Re: Mail Queue Increasing - Error in qpsmtpdl/current
Post by: CharlieBrady on April 16, 2019, 12:45:25 AM
Mail queue:
The out put from the /var/log/qmail/current doesnt look unusual, except for all the anonymous emails

@400000005caada0f2bc5026c info msg 40370544: bytes 6713 from <anonymous@sentinelle.co.za> qp 4247 uid 0
@400000005caada0f2bd7abc4 starting delivery 6180: msg 40370544 to local alias-localdelivery-admin@sentinelle.co.za
@400000005caada0f2bd7afac status: local 1/20 remote 0/20

Those messages have not come from the network via qpsmtpd. Those messages are being placed into the qmail queue by a process running as 'root'.

What is the content of those messages?