connections timed out

I am recieving several of these log errors when I do a mailq.
How can I prevent that from coming into the queue?

2F38DEC1D2 3459 Mon Sep 18 03:33:53 MAILER-DAEMON
(connect to brmail1.brassring.com[66.77.22.180]: Connection
refused)
cbrown@1-jobs.com

20A3CEC0DF 834 Tue Sep 19 12:54:54 email@test.com
(connect to test.com[208.48.34.132]: Connection
timed out)
dfddfdt@test.com

Also I am recieving connection refused.

thanks

rogv24@yahoo.com wrote:
> I am recieving several of these log errors when I do a mailq.
> How can I prevent that from coming into the queue?
>
> 2F38DEC1D2 3459 Mon Sep 18 03:33:53 MAILER-DAEMON
> (connect to brmail1.brassring.com[66.77.22.180]: Connection
> refused)
> cbrown@1-jobs.com
>
> 20A3CEC0DF 834 Tue Sep 19 12:54:54 email@test.com
> (connect to test.com[208.48.34.132]: Connection
> timed out)
> dfddfdt@test.com
>
> Also I am recieving connection refused.
>
> thanks

The MAILER-DAEMON message is probably a bounced email which will likely
sit in the queue retrying delivery, until it finally times out and
gets automatically deleted.

In main.cf, you can set
bounce_queue_lifetime = 0
and then for _bounced_ messages Postfix will try 1 immediate delivery,
and then delete the message. The logic is: "Hey, you just sent my system
a non-deliverable email, and you ought to be able to take it back right now.
If you won't, it's probably a relayed spam, so I'm deleting it".

Regarding the second message, you'd probably need to take a look at it's headers
and see how it got onto your system. You can look at it with the command:
postcat -q 20A3CEC0DF | less

If you decide to delete it: postsuper -d 20A3CEC0DF

It's probably some message that Postfix could have originally blocked if it
were configured better.

In either case, both messages are sitting in queue, retrying delivery to
the remote system, using an exponential backoff algorithm (each time it
fails, it waits longer before retrying).

Eventually the non-bounce will reach "maximal_queue_lifetime", which by default
is 5 days, but can be adjusted however you want.

--
Greg

hello Greg,

thanks for your help. I wanted to ask do you know why these emails are
coming
in to the server? This is suppose to be a mailout server.

regards
Roger

Greg Hackney wrote:
> rogv24@yahoo.com wrote:
> > I am recieving several of these log errors when I do a mailq.
> > How can I prevent that from coming into the queue?
> >
> > 2F38DEC1D2 3459 Mon Sep 18 03:33:53 MAILER-DAEMON
> > (connect to brmail1.brassring.com[66.77.22.180]: Connection
> > refused)
> > cbrown@1-jobs.com
> >
> > 20A3CEC0DF 834 Tue Sep 19 12:54:54 email@test.com
> > (connect to test.com[208.48.34.132]: Connection
> > timed out)
> > dfddfdt@test.com
> >
> > Also I am recieving connection refused.
> >
> > thanks
>
> The MAILER-DAEMON message is probably a bounced email which will likely
> sit in the queue retrying delivery, until it finally times out and
> gets automatically deleted.
>
> In main.cf, you can set
> bounce_queue_lifetime = 0
> and then for _bounced_ messages Postfix will try 1 immediate delivery,
> and then delete the message. The logic is: "Hey, you just sent my system
> a non-deliverable email, and you ought to be able to take it back right now.
> If you won't, it's probably a relayed spam, so I'm deleting it".
>
> Regarding the second message, you'd probably need to take a look at it's headers
> and see how it got onto your system. You can look at it with the command:
> postcat -q 20A3CEC0DF | less
>
> If you decide to delete it: postsuper -d 20A3CEC0DF
>
> It's probably some message that Postfix could have originally blocked if it
> were configured better.
>
> In either case, both messages are sitting in queue, retrying delivery to
> the remote system, using an exponential backoff algorithm (each time it
> fails, it waits longer before retrying).
>
> Eventually the non-bounce will reach "maximal_queue_lifetime", which by default
> is 5 days, but can be adjusted however you want.
>
> --
> Greg

rogv24@yahoo.com wrote:

> I wanted to ask do you know why these emails are
> coming in to the server? This is suppose to be a mailout server.

To figure that out, you'll need to carefully analyze the headers
of the mail files.

You can view them with the postcat -q command that I mentioned.
--
Greg

nothing comes out when I type postcat -q
I use mailq to view the emails thgat are hung in my server.

Greg Hackney wrote:
> rogv24@yahoo.com wrote:
>
> > I wanted to ask do you know why these emails are
> > coming in to the server? This is suppose to be a mailout server.
>
> To figure that out, you'll need to carefully analyze the headers
> of the mail files.
>
> You can view them with the postcat -q command that I mentioned.
> --
> Greg

rogv24@yahoo.com wrote:
> nothing comes out when I type postcat -q
> I use mailq to view the emails thgat are hung in my server.

The mailq command will furnish the ID numbers for the mail files,
such as 20A3CEC0DF

Then the postcat command can be used to read messages, such as:

postcat -q 20A3CEC0DF | less


--
Greg

This was new to me. Thank you. here it is:

the output from mailq is:
A66B3ED058 3392 Thu Sep 21 00:37:16 MAILER-DAEMON
(connect to mail.safetysynthesis.com[66.248.141.70]: Connection
refused)
trisha@safetysynthesis.com

the output from postcat:


*** ENVELOPE RECORDS deferred/A/A66B3ED058 ***
message_size: 3392 306 1
arrival_time: Thu Sep 21 00:37:16 2006
sender:
named attribute: client_name=simail1.si.edu
named attribute: client_address=160.111.103.92
named attribute: message_origin=simail1.si.edu[160.111.103.92]
named attribute: helo_name=simail1.si.edu
named attribute: protocol_name=ESMTP
original recipient: trisha@safetysynthesis.com
recipient: trisha@safetysynthesis.com
defer_warn_time: Wed Dec 31 19:00:00 1969
*** MESSAGE CONTENTS deferred/A/A66B3ED058 ***
Received: from simail1.si.edu (simail1.si.edu [160.111.103.92])
by si-mailout01.si.edu (SI-Mailer) with ESMTP id A66B3ED058
for <trisha@safetysynthesis.com>; Thu, 21 Sep 2006 00:37:16
-0400 (EDT)
Received: from si-av03.si.edu [160.111.252.24]
by simail1.si.edu; Thu, 21 Sep 2006 00:37:16 -0400
Received: from localhost (localhost [127.0.0.1])
by si-av03.si.edu (SI-Mailer) with ESMTP id 2A6602217
for <trisha@safetysynthesis.com>; Thu, 21 Sep 2006 00:37:16
-0400 (EDT)
Received: from si-av03.si.edu ([127.0.0.1])
by localhost (si-av03 [127.0.0.1]) (amavisd-new, port 10024) with
ESMTP
id 07304-09 for <trisha@safetysynthesis.com>;
Thu, 21 Sep 2006 00:37:14 -0400 (EDT)
Received: from si-ems02.si.edu (si-ems02.si.edu [160.111.252.34])
by si-av03.si.edu (SI-Mailer) with ESMTP id C92092951
for <trisha@safetysynthesis.com>; Thu, 21 Sep 2006 00:37:13
-0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
by si-ems02.si.edu (SI-Mailer) with ESMTP id 6A2D86E32
for <trisha@safetysynthesis.com>; Thu, 21 Sep 2006 00:37:13
-0400 (EDT)
MIME-Version: 1.0
Subject: Considered UNSOLICITED BULK EMAIL from you
In-Reply-To: <136501c6e380$ec6b93b0$8b07c2ad@melyk>
Message-Id: <SS04079-07@si-ems02>
Content-Type: multipart/report; report-type=delivery-status;
boundary="----------=_1158813433-4079-5"
From: amavisd-new <postmaster@si-ems02.si.edu>
To: <trisha@safetysynthesis.com>
Date: Thu, 21 Sep 2006 00:37:13 -0400 (EDT)
X-Virus-Scanned: SI-EMS border system (SI+SA)

This is a multi-part message in MIME format...

------------=_1158813433-4079-5
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Your message to:
-> seegera@si.edu

was considered unsolicited bulk e-mail (UBE).
Subject: Your mortgagerate search has produced a lower-rate Thu, 28 Sep
2006 22:32:35 -0800

Delivery of the email was stopped!

------------=_1158813433-4079-5
Content-Type: message/delivery-status
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Description: Delivery error report

Reporting-MTA: dns; si-ems02
Received-From-MTA: smtp; si-ems02.si.edu ([127.0.0.1])
Arrival-Date: Thu, 21 Sep 2006 00:37:13 -0400 (EDT)

Final-Recipient: rfc822; seegera@si.edu
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE,
id=04079-07
Last-Attempt-Date: Thu, 21 Sep 2006 00:37:13 -0400 (EDT)

------------=_1158813433-4079-5
Content-Type: text/rfc822-headers
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Description: Undelivered-message headers

Received: from safetysynthesis.com (unknown [72.46.131.85])
by si-ems02.si.edu (SI-Mailer) with ESMTP id 9A3736E95
for <seegera@si.edu>; Thu, 21 Sep 2006 00:37:12 -0400 (EDT)
MIME-Version: 1.0
Date: Thu, 28 Sep 2006 21:13:20 -0800
Message-ID: <136501c6e380$ec6b93b0$8b07c2ad@melyk>
To: <seegera@si.edu>
Subject: Your mortgagerate search has produced a lower-rate Thu, 28 Sep
2006 22:32:35 -0800
X-Sender: fredwl@safetysynthesis.com
From: "Trisha Hames" <trisha@safetysynthesis.com>
Reply-To: "redwstl" <fredwl@safetysynthesis.com>
MIME-Version: 1.0 <-*->=FF FAdi=[0F9n<-*->
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
X-OriginalArrivalTime:

------------=_1158813433-4079-5--
*** HEADER EXTRACTED deferred/A/A66B3ED058 ***
return_receipt:
errors_to:
*** MESSAGE FILE END deferred/A/A66B3ED058 ***



Greg Hackney wrote:
> rogv24@yahoo.com wrote:
> > nothing comes out when I type postcat -q
> > I use mailq to view the emails thgat are hung in my server.
>
> The mailq command will furnish the ID numbers for the mail files,
> such as 20A3CEC0DF
>
> Then the postcat command can be used to read messages, such as:
>
> postcat -q 20A3CEC0DF | less
>
>
> --
> Greg

rogv24@yahoo.com wrote:
> here it is:



Here's what happened:

Someone at IP address 72.46.131.85 (an ISP in Utah) sent a spam mail.

They forged a HELO name of safetysynthesis.com and forged a FROM address of
"Trisha Hames" <trisha@safetysynthesis.com>

They addressed the spam mail to: seegera@si.edu

The email was first received by the system named si-ems02.si.edu

Amavis then flagged it as spam. (Note: This must be a post-queue content
filter since it accepted the email and analyzed it, rather than analyzing
it as it arrived, and rejecting it immediately).

In an attempt to return the spam mail to the forged address
trisha@safetysynthesis.com:

si-ems02.si.edu handed off the email to si-av03.si.edu

si-av03.si.edu handed off the email to simail1.si.edu

simail1.si.edu haned off the email to si-mailout01.si.edu


And there the email is probably sitting in queue on the mailout01
system, because mail.safetysynthesis.com[66.248.141.70]
is refusing to accept incoming SMTP connections.

--
Greg

Well done. Thats exactly where it is in the mailout01 server. So
basically there is nothing for me to do to control the email landing
into mailout01.
The queue in mailout01 is over 5000.
Do you see any benefits from having post-queue? How can we update
that?
Thanks for your support.

Greg Hackney wrote:
> rogv24@yahoo.com wrote:
> > here it is:
>
>
>
> Here's what happened:
>
> Someone at IP address 72.46.131.85 (an ISP in Utah) sent a spam mail.
>
> They forged a HELO name of safetysynthesis.com and forged a FROM address of
> "Trisha Hames" <trisha@safetysynthesis.com>
>
> They addressed the spam mail to: seegera@si.edu
>
> The email was first received by the system named si-ems02.si.edu
>
> Amavis then flagged it as spam. (Note: This must be a post-queue content
> filter since it accepted the email and analyzed it, rather than analyzing
> it as it arrived, and rejecting it immediately).
>
> In an attempt to return the spam mail to the forged address
> trisha@safetysynthesis.com:
>
> si-ems02.si.edu handed off the email to si-av03.si.edu
>
> si-av03.si.edu handed off the email to simail1.si.edu
>
> simail1.si.edu haned off the email to si-mailout01.si.edu
>
>
> And there the email is probably sitting in queue on the mailout01
> system, because mail.safetysynthesis.com[66.248.141.70]
> is refusing to accept incoming SMTP connections.
>
> --
> Greg

rogv24@yahoo.com wrote:

> The queue in mailout01 is over 5000.

My suggestion is to run these 3 commands:

postconf -e bounce_queue_lifetime=0
postfix reload
postfix flush

and sit back and watch the queue get smaller...


> Do you see any benefits from having post-queue? How can we update
> that?

See: http://www.postfix.org/SMTPD_PROXY_R...html#pros_cons

--
Greg