Mails with a link are not delivered

stephaneeybert

Valued Member
Hello,

I run a qmail server on a VPS and I noticed that if a mail contains a url, like Google or Yahoo! then it is never delivered.

This occurs for any email address hosted on the server.

But all other mails, those with no url in their body, are delivered fine.

I wonder what to do.

Is it some anti spam rule that I need to loosen a bit ?

Kind Regards,
 

stephaneeybert

Valued Member
Here one such email that bounced back:

Sorry, we were unable to deliver your message to the following address.

<christophe.luciani@europasprak.com>:
Message expired for domain europasprak.com. Remote host said: 451 qq temporary problem (#4.3.0) [BODY]

--- Below this line is a copy of the message.

Received: from [217.12.10.82] by nm11.bullet.mail.ukl.yahoo.com with NNFMP; 21 Dec 2012 10:32:40 -0000
Received: from [77.238.184.68] by tm16.bullet.mail.ukl.yahoo.com with NNFMP; 21 Dec 2012 10:32:40 -0000
Received: from [127.0.0.1] by smtp137.mail.ukl.yahoo.com with NNFMP; 21 Dec 2012 10:32:40 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.se; s=s1024; t=1356085960; bh=P4dmzwKCGSHuuO52G7BSLBM7W3yoAbztbcmZwwQ9zi8=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding; b=r9a9g2HNcuSArY0Zt8zO9v7f0b/jm9E02jSLx8Oc0mC6X2OCmDgQl3nO46ZPUsP8smtO+xagpIPmuzFIYCvqSXHlOjCnBzTT4SOFRSkV3AZw6FPsxXtkcfiMOtb2K+yBsXUksP/bR6Jr5Igihav2vKVpTP5YDShl5VjPwnrvG3A=
X-Yahoo-Newman-Id: 397286.73601.bm@smtp137.mail.ukl.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: BC7wrcUVM1k_AMX7qC4Ag1WLo4Dits_.X_cpNkPAEFqzW20
99fhNdR9SPAgx5_862KtGLZI0NU7SfgzH3jSYAjjBCxfZZHudwgpp61A.k.7
gV3WddETFAqjU_6BHYNY5SJMGFHMKH6SENdsOw02v0cx08dtYJBDBsWA64Lg
FSxAz.Fj8mFy6Ry9Wcaj0n2THqLZiDKCzLMRqYXqNvz6EkQuY6aZcGaFk9My
Xe1.eJlUrDdoY4A3wzg.Vi8wpTnNfIIoZk.Uc_P5m5Nc4HWES4DyKVgVwBDk
Rx44JSpvbGm7Fjt4KYONaZXn4Ffp__9BxcLh8x2zhwo83QtobG9ttmUevHk6
sVek58x9GAbipTdFhLhpYgeSoGjB1PlXjXr8iGCUmpc4x1xwmfvy80BshInC
ZO7WnoX1xJqPz0aPtDclhpwQPbvH.YhzZ12wpZ51kO.ToQ4utCt8p1bjY5mc
5xMy6whmuq8neoAIRqt2a0bn_RXxlilvgf4_N7hmIuL.moTjzDtUu6LLIZyb
be9U146jah7s-
X-Yahoo-SMTP: jqhnLSyswBAmheX07SXMvvUb.GeFUUuWQwA-
Received: from [192.168.1.10] (mittiprovence@62.16.249.43 with plain)
by smtp137.mail.ukl.yahoo.com with SMTP; 21 Dec 2012 10:32:40 +0000 GMT
Message-ID: <50D43AC7.8020207@yahoo.se>
Date: Fri, 21 Dec 2012 11:32:39 +0100
From: Stephane Eybert <mittiprovence@yahoo.se>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: Christophe Luciani <christophe.luciani@europasprak.com>
Subject: Mail with a url
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

This is a test with a url Google
 

EQ Admin

EQ Forum Admin
Staff member
Hello,

Which qmail-queue replacement are you running that is doing your anti-virus, spam filtering, and possibly other things to your email?

It's possible you have something running from your qmail-smtpd run script, but from the error I suspect it's a qmail-queue replacement / configuration that's causing you the trouble.

:welcome: to Email Questions!
 

stephaneeybert

Valued Member
Okay, I have never heard of qmail-queue before so I'll google on this and try to see what setup or config there is on my server. Thanks for the tip !
 

EQ Admin

EQ Forum Admin
Staff member
This is a good qmail resource if you would like to learn more about your server:

Life with qmail

Please let us know if you need any more help with this issue.

:thanks:
 

EQ Admin

EQ Forum Admin
Staff member
Can you post a copy of this file?

[FONT=Verdana,Arial,Helvetica][FONT=Verdana,Arial,Helvetica]/var/qmail/supervise/qmail-smtpd/run[/FONT][/FONT]
 

stephaneeybert

Valued Member
That file doesn't exist. But I do have one as in:

vps13495 stephane # cd /var/qmail/
vps13495 qmail # ll
total 32
drwxr-sr-x 2 alias qmail 4096 2006-05-24 18:13 alias
drwxr-xr-x 2 root qmail 4096 2011-11-06 17:32 bin
drwxr-xr-x 2 root qmail 4096 2006-05-24 18:18 boot
drwxr-xr-x 2 root qmail 4096 2012-11-09 16:27 control
drwxr-xr-x 3 root qmail 4096 2006-05-24 18:18 doc
drwxr-xr-x 10 root qmail 4096 2006-05-24 18:18 man
drwxr-x--- 11 qmailq qmail 4096 2006-05-24 18:18 queue
drwxr-xr-x 2 root qmail 4096 2012-11-09 16:27 users
vps13495 qmail #
vps13495 qmail # find . -name qmail-smtpd
./bin/qmail-smtpd
vps13495 qmail # file bin/qmail-smtpd
bin/qmail-smtpd: setuid setgid ELF 64-bit LSB executable, x86-64, version 1 (SYSV), for GNU/Linux 2.4.1, dynamically linked (uses shared libs), stripped
vps13495 qmail #
 

stephaneeybert

Valued Member
I had a look at my setup and now understand that /usr/local/bin/rblsmtpd is called instead of /var/qmail/bin/qmail-smtpd with the all.spam-rbl.fr mapping.

Indeed, the /etc/init.d/qmail file contains:
ebegin "Starting Smtp"
env - PATH="/var/qmail/bin:/usr/local/bin" CHKUSER_START="DOMAIN" \
tcpserver -v -H -R -x /etc/tcp.smtp.cdb -c100 -u508 -g503 0 smtp \
/usr/local/bin/rblsmtpd -r all.spam-rbl.fr -r list.dsbl.org -r relays.ordb.org /var/qmail/bin/qmail-smtpd >> /var/log/qmail/rbl.log 2>&1 \
| /usr/local/bin/tai64n \
| /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog s500000 n60 /var/log/qmailsmtp/ &
eend $?

And I can see the mails in the /var/log/qmail/rbl.log log file.

I get entries coming in every few seconds, like this one for example:
CHKUSER accepted rcpt: from <britt.hedenberg-magnusson@ftv.sll.se::> remote <FTVDEX01.ftvsll.local:unknown:192.44.242.22> rcpt <christophe.luciani@europasprak.com> : found existing recipient
tcpserver: end 13947 status 0
tcpserver: status: 1/100

I wonder what a typical legit email entry look like and what a typical junk mail entry look like.
 

stephaneeybert

Valued Member
The rbl.log file lists some entries that are, or should be, legit mail senders, like:
CHKUSER accepted rcpt: from <::> remote <glen.ministry.se:unknown:62.95.69.214> rcpt <christophe.luciani@europasprak.com> : found existing recipient
CHKUSER accepted rcpt: from <danielle.malmberg@gov.se::> remote <glen.ministry.se:unknown:62.95.69.214> rcpt <christophe.luciani@europasprak.com> : found existing recipient
CHKUSER accepted rcpt: from <emil.odling@dlanordic.se::> remote <mail2.dlanordic.se:unknown:62.181.210.226> rcpt <christophe.luciani@europasprak.com> : found existing recipient

I wonder if these entries mean they are seen as junk or not.

They should not be seen as junk as they are known persons and valid mail senders.
 

stephaneeybert

Valued Member
I just sent a mail, from mittiprovence@yahoo.se which is my personal address, one mail with a url in the body, and it showed up on the rbl.log with the entry:

tcpserver: ok 15796 vps13495.ovh.net:::ffff:46.105.8.54:25 :::ffff:74.125.83.43::43322
CHKUSER accepted rcpt: from <mittiprovence@yahoo.se::> remote <nm21-vm4.bullet.mail.ukl.yahoo.com:unknown:217.12.10.76> rcpt <christophe.luciani@europasprak.com> : found existing recipient
tcpserver: end 15715 status 0
tcpserver: status: 7/100
tcpserver: status: 8/100

But it never arrives in the inbox of christophe.luciani@europasprak.com
 

EQ Admin

EQ Forum Admin
Staff member
Hello,

To clarify the above please note that /usr/local/bin/rblsmtpd is not called instead of /var/qmail/bin/qmail-smtpd, but passes through if the connecting IP's get past your RBL's. Also, -r relays.ordb.org should be removed from your run script since that RBL no longer exists. What does a less of /var/qmail/bin/qmail-queue look like? Is it a replacement script?
 

stephaneeybert

Valued Member
Hello,

Thanks for your interest in my issue. I noticed this rbl file was not in use any longer so I had removed it. In fact I also removed the other two rbl files so as to test if they were responsible for the issue. Nothing conclusive yet. I must try again some testing.

Here is a less on the file you mentioned:

ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x400b80
Start of program headers: 64 (bytes into file)
Start of section headers: 19312 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 10
Size of section headers: 64 (bytes)
Number of section headers: 28
Section header string table index: 27

Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .interp PROGBITS 0000000000400270 00000270
000000000000001c 0000000000000000 A 0 0 1
[ 2] .note.ABI-tag NOTE 000000000040028c 0000028c
0000000000000020 0000000000000000 A 0 0 4
[ 3] .hash HASH 00000000004002b0 000002b0
00000000000000b8 0000000000000004 A 5 0 8
[ 4] .gnu.hash GNU_HASH 0000000000400368 00000368

Let me know if you would like the complete file.

Kind Regards,
 

stephaneeybert

Valued Member
The tech support notified me about a memory issue.

Here is what they saw in the log:

Des erreurs de dépassement de mémoire et d'erreurs de segmentation sont présentes dans les logs de votre machine :

Out of memory: Kill process 28165 (spamd) score 11 or sacrifice child
Killed process 28165 (spamd) total-vm:81696kB, anon-rss:2016kB, file-rss:236kB
UDP: bad checksum. From 199.30.58.106:32462 to 46.105.8.54:161 ulen 51
UDP: short packet: From 115.238.186.247:53 1032/42 to 46.105.8.54:8721
UDP: short packet: From 115.238.186.247:53 1032/44 to 46.105.8.54:9857
TCP: Peer 0000:0000:0000:0000:0000:ffff:d541:a38f:64058/110 unexpectedly shrunk window 539221321:539224241 (repaired)
TCP: Peer 0000:0000:0000:0000:0000:ffff:d541:a38f:64058/110 unexpectedly shrunk window 539221321:539224241 (repaired)
qmail-smtpd[27890]: segfault at 10000000b ip 000000000040a690 sp 00007fff7db58ef8 error 6 in qmail-smtpd[400000+1c000]
qmail-smtpd[28210]: segfault at 10000000b ip 000000000040a690 sp 00007fffaa927fd8 error 6 in qmail-smtpd[400000+1c000]
qmail-smtpd[28510]: segfault at 10000000b ip 000000000040a690 sp 00007fff9b71ceb8 error 6 in qmail-smtpd[400000+1c000]
qmail-smtpd[28977]: segfault at 10000000b ip 000000000040a690 sp 00007fff7d25f078 error 6 in qmail-smtpd[400000+1c000]
qmail-smtpd[2368]: segfault at 10000000b ip 000000000040a690 sp 00007fffe86ae198 error 6 in qmail-smtpd[400000+1c000]
qmail-smtpd[22256]: segfault at 10000000b ip 000000000040a690 sp 00007fff4e82c348 error 6 in qmail-smtpd[400000+1c000]
qmail-smtpd[28314]: segfault at 10000000b ip 000000000040a690 sp 00007fff199c79f8 error 6 in qmail-smtpd[400000+1c000]
qmail-smtpd[3019]: segfault at 10000000b ip 000000000040a690 sp 00007fff64c9b878 error 6 in qmail-smtpd[400000+1c000]
UDP: bad checksum. From 199.30.58.119:49249 to 46.105.8.54:137 ulen 58
qmail-smtpd[7317]: segfault at 10000000b ip 000000000040a690 sp 00007fffbefc27e8 error 6 in qmail-smtpd[400000+1c000]
vps13495 ~ # uname -r

Vos logs de mails sont remplis de logs également d'erreur pour des dépassements de mémoire :
Jan 11 13:05:41 vps13495 X-Qmail-Scanner-2.01st: [vps13495.ovh.net13579059417671916] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2
Jan 11 13:05:41 vps13495 X-Qmail-Scanner-2.01st: [vps13495.ovh.net13579059417671914] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2
Jan 11 13:05:48 vps13495 X-Qmail-Scanner-2.01st: [vps13495.ovh.net13579059477671936] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2
Jan 11 13:05:54 vps13495 X-Qmail-Scanner-2.01st: [vps13495.ovh.net13579059547671968] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2
Jan 11 13:06:43 vps13495 X-Qmail-Scanner-2.01st: [vps13495.ovh.net13579060027672029] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2
Jan 11 13:06:47 vps13495 X-Qmail-Scanner-2.01st: [vps13495.ovh.net13579060077672037] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2
Jan 11 13:07:00 vps13495 X-Qmail-Scanner-2.01st: [vps13495.ovh.net13579060207672052] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2


Votre serveur utilise déjà une partie de sa mémoire tampon :

vps13495 ~ # free -m
total used free shared buffers cached
Mem: 2004 1705 298 0 281 894
-/+ buffers/cache: 528 1475
Swap: 2046 68 1978
vps13495 ~ #


Le mail n'a pas pu vous être délivré car comportant une pièce jointe.

Celle-ci n'a pu être scanné par votre antivirus car votre serveur a des dépassements de mémoire en continu et n'a pas les ressources pour le faire.

De ce fait, le mail est resté en attente jusq'à être renvoyé en mailer-daemon à l'expéditeur.


Un envoi de mail sans pièce jointe est passé sans soucis :

vps13495 ~ # ls /home/vpopmail/domains/europasprak.com/christophe.luciani/Maildir/new/
vps13495 ~ # ls /home/vpopmail/domains/europasprak.com/christophe.luciani/Maildir/new/
1357906280.2671.vps13495.ovh.net,S=1031
vps13495 ~ # cat /home/vpopmail/domains/europasprak.com/christophe.luciani/Maildir/new/1357906280.2671.vps13495.ovh.net\,S\=1031
Delivered-To: christophe.luciani@europasprak.com
Received: (qmail 2668 invoked by uid 509); 11 Jan 2013 12:11:19 -0000
Received: from 213.186.41.8 by vps13495.ovh.net (envelope-from <retour_erreur@hellcorps.com>, uid 508) with qmail-scanner-2.01st
(clamdscan: 0.96.1/12620. spamassassin: 3.3.1. perlscan: 2.01st.
Clear:RC:0(213.186.41.8):SA:0(0.8/6.0):.
Processed in 4.275713 secs); 11 Jan 2013 12:11:19 -0000
X-Spam-Status: No, hits=0.8 required=6.0
Received: from unknown (HELO xxx.ovh.net) (213.186.xx.xx
by vps13495.ovh.net with AES256-SHA encrypted SMTP; 11 Jan 2013 12:11:15 -0000
Received: (qmail 21491 invoked by uid 1000); 11 Jan 2013 13:10:58 -0000
Date: 11 Jan 2013 13:10:58 -0000
Message-ID: <20130111131058.21490.qmail@xxx.ovh.net>
From: no_reply@ovh.net
To: christophe.luciani@europasprak.com
Reply-To: no_reply@ovh.net
Subject: Test de reception de mail

Does anyone know what I should do ?

Kind Regards,
 

EQ Admin

EQ Forum Admin
Staff member
Hello,

If you are running out of memory you can try increasing your softlimit.

See the line in bold text below that can be added in your run script:

env - PATH="/var/qmail/bin:/usr/local/bin" CHKUSER_START="DOMAIN" \
exec /usr/local/bin/softlimit -m 30000000 \
tcpserver -v -H -R -x /etc/tcp.smtp.cdb -c100 -u508 -g503 0 smtp \
/usr/local/bin/rblsmtpd -r all.spam-rbl.fr -r list.dsbl.org -r relays.ordb.org /var/qmail/bin/qmail-smtpd >> /var/log/qmail/rbl.log 2>&1 \

That will increase your ememory limit per process to 30MB

Make sure you put it in exactly that placement above the tcpserver line.
 

stephaneeybert

Valued Member
Thanks for your help. Can you tell me where I can find that run script ?

vps13495 qmail # pwd
/var/qmail
vps13495 qmail # find . -name run
vps13495 qmail # find . -name run.sh
 

EQ Admin

EQ Forum Admin
Staff member
I based my reponse on post #9, which says that your script is: /etc/init.d/qmail

Who/what installed your qmail? This appears to be a non-standard install that does not use supervise to run your qmail
 

stephaneeybert

Valued Member
Okay, I now did the edit the way you suggested:

env - PATH="/var/qmail/bin:/usr/local/bin" CHKUSER_START="DOMAIN" \
exec /usr/local/bin/softlimit -m 30000000 \
tcpserver -v -H -R -x /etc/tcp.smtp.cdb -c100 -u508 -g503 0 smtp \
/usr/local/bin/rblsmtpd /var/qmail/bin/qmail-smtpd >> /var/log/qmail/rbl.log 2>&1 \
| /usr/local/bin/tai64n \
| /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog s500000 n60 /var/log/qmailsmtp/ &

I then restarted the mail server:

vps13495 stephane # /etc/init.d/qmail restart
* Caching service dependencies ... [ ok ]
* Stopping Qmail ... [ ok ]
* Starting Qmail ... [ ok ]
* Starting Pop ... [ ok ]
* Starting Smtp ...

We'll see if it solves the issue.

A big thanks to you anyway !

Stephane
 

stephaneeybert

Valued Member
Hello,

It didn't really help in fact. I still got some mails not being delivered, those with a link inside the body, and with an attached file.

Today, my end user received this message:

Dear Web Mail Customer,
Web-mail Internet Service has detected malicious e-mail traffic
originating from your e-mail account. Typically, this is the result of a
virus infection on your computer or a third party gaining access to your
e-mail account user-name/password. In order to prevent our servers from
being blocked by other providers, we have blocked your e-mail account
from sending e-mail via OTHER Web-mail application.
Any messages being sent to your e-mail account are also temporarily
being queued on our servers. In order to have this account re-enabled
and have
all e-mail messages delivered, the following steps must be completed.Run
an anti virus/spy ware scan. If you have any anti-virus software, please
make sure that your virus definition files are updated and run a
complete scan of your computer to check for infection. You must reply to
this email
immediately, and provide the following details of your account:
***********************************************
CONFIRM YOUR EMAIL IDENTITY BELOW
Email User-name : .......................................
EMAIL Password : ........................................
Date of Birth : ................................................
Country or Territory : ...................................
************************************************
Violating any Web mail policy or guideline.
You are responsible for any misuse of our services that occurs through
your account.
For Help and Support, contact the Technical Support help desk at:
Thank you for choosing Our Web-mail Internet services Networks.

Is it that my server has been hacked ?

Kind Regards,

Stephane
 
Top