These jerks will find ANY IP address that is open for relaying. You can't
leave any of them open with a SMTP server running. They will find you,
without a doubt. They have software running just looking for them.
Go to /var/spool/post.office/messages and delete all the message files. You
will have to do this from the terminal.
You can leave Post.office running on your local network but disconnect your
local network from the outside to get this running. Then nothing can come
in and disturb you as you try to get it going. You might have to use a
crossover cable and just have two machines cabled together with no access
out.
J
On 10/19/03 8:13p, "Alexei Zoubov" <azstech@xxxxxxxxx> wrote:
> Thanks!!!
>
> I did talk to Sue at Tenon about it and I was sure I set it up as
> directed long ago!
> There are 5 IP addresses I own that are the only ones open for relay,
> everything else is blocked.
>
> Now the problem right now is that I can not even open PostOffice
> administration page - if I start PostOffice, I can't work, and if it is
> off, I cannot change the settings.
>
> In iTools and Apache I know where the actual conf files are and how to
> fix them.
> In PostOffice I really cannot find anything!
>
> Sorry, my thoughts are not in good order!
>
> Alexei
>
>
> On Sunday, October 19, 2003, at 06:01 PM, John Sievert wrote:
>
>> Yup. After looking at your log, that is exactly what is happening -
>> Eric
>> hit the nail right on the head.
>>
>> Once these dirt ball spammers discover you are an open relay, they
>> will send
>> massive (as in 100K pcs per day or more) through you. That way you get
>> tagged with being the spammer instead of them. The fun part will also
>> come
>> when all the bad addresses bounce back to you and then fill your logs
>> up
>> again.
>>
>> You also need to protect your server from being a relay. I believe if
>> you
>> look at the archives, or talk to Tenon about this, there is a standard
>> set
>> up that they can provide you that will prevent you from being the open
>> relay.
>>
>> You need to do this just to be a good citizen but this open relay will
>> kill
>> you anyhow. You probably are listed on a bunch of black holes servers
>> already.
>>
>> You are going to have a bit of cleanup to do after this one.
>>
>> J
>>
>> On 10/19/03 7:19p, "Eric Yang" <eyang@xxxxxxxxx> wrote:
>>
>>> Hi Alexei,
>>>
>>> It seems like someone is trying to use your system as a relay server
>>> to
>>> send out massive amount of messages. It could be either a local user
>>> spamming other people, or someone from the net trying to spam. The
>>> SMTP traffic is so overwhelming that your server started to choke once
>>> Post.Office is started. I would suggest you to empty out
>>> /var/spool/post.office/messages and disconnect your mail server from
>>> the net. Then block IP addresses that is trying to spam your server,
>>> then reconnect the server to the net.
>>>
>>> regards,
>>> Eric
>>>
>>> On Oct 19, 2003, at 5:03 PM, Alexei Zoubov wrote:
>>>
>>>> Another addition: here are a few entries from the last PO log.
>>>> I just took a few lines, but there are tens if not hundreds of them
>>>> for every time I started with PO again!
>>>>
>>>> 20031019140638-0700:SMTP-Accept:Received:[213.196.43.215]:
>>>> 20031019210422.AAA899@xxxxxxxxxxxxxxxxx@mail6.mevershosting.nl:2585:
>>>> 137:<auto1266@xxxxxxxxxxxxxxxxxxxxxx>:<safelister@xxxxxxxxxxxxx>
>>>> 20031019140638-0700:SMTP-Accept:Received:[209.123.255.92]:
>>>> 20031019210408.AAE848@xxxxxxxxxxxxxxxxx@server145.ultimatesafelists.c
>>>> om
>>>> :2084:150:<bounce@xxxxxxxxxxxxxxxxxxxxx>:<safelister@xxxxxxxxxxxxx>
>>>> 20031019140651-0700:SMTP-Accept:Received:[65.57.110.50]:
>>>> 20031019210448.AAC873@xxxxxxxxxxxxxxxxx@server3.byteworks.ca:2465:123
>>>> :
>>>> <safepro@xxxxxxxxxxxxxxxxxxxx>:<safelister@xxxxxxxxxxxxx>
>>>> 20031019140652-0700:SMTP-Accept:Received:[65.57.110.50]:
>>>> 20031019210555.AAA924@xxxxxxxxxxxxxxxxx@server3.byteworks.ca:1788:84:
>>>> <sweet@xxxxxxxxxxxxxxxxxxxx>:<safelister@xxxxxxxxxxxxx>
>>>> 20031019140651-0700:Mailbox-Deliver:
>>>> 20031019210448.AAA886@xxxxxxxxxxxxxxxxx@addurl.entireweb.com:
>>>> A_Z_Systems1
>>>> 20031019140720-0700:SMTP-Accept:Received:[64.239.177.38]:
>>>> 20031019210555.AAA927@xxxxxxxxxxxxxxxxx@bebop.myultimatehosting.com:
>>>> 1985:85:<mg@xxxxxxxxxxxxxxxxxxxx>:<safelister2@xxxxxxxxxxxxx>
>>>> 20031019140706-0700:SMTP-Accept:Received:[65.57.110.50]:
>>>> 20031019210421.AAC863@xxxxxxxxxxxxxxxxx@server3.byteworks.ca:2579:165
>>>> :
>>>> <sweet@xxxxxxxxxxxxxxxxxxxx>:<safelister2@xxxxxxxxxxxxx>
>>>> 20031019140720-0700:Mailbox-Deliver:
>>>> 20031019210637.ABW664@xxxxxxxxxxxxxxxxx@server145.ultimatesafelists.c
>>>> om
>>>> :Alexei_Zoubov9
>>>> 20031019140720-0700:Mailbox-Deliver:
>>>> 20031019210652.AAG848@xxxxxxxxxxxxxxxxx@server145.ultimatesafelists.c
>>>> om
>>>> :Alexei_Zoubov9
>>>>
>>>> On Sunday, October 19, 2003, at 04:43 PM, Alexei Zoubov wrote:
>>>>
>>>>> Thanks for your reply!
>>>>>
>>>>> You are way over my head with this - sorry! If you mean filters
>>>>> that
>>>>> let the messages through or stop them - I don't have any at all, at
>>>>> least I didn't set any myself!
>>>>>
>>>>> What exactly ps -jax I grep smtp does?
>>>>>
>>>>> I didn't set any filters, because my business is exactly to receive
>>>>> a
>>>>> lot of "junk mail" from hundreds of mailing lists. That wasn't any
>>>>> problem before - my email client (mail from Apple) was set to get
>>>>> mail messages every 15 minutes and immediately delete them on the
>>>>> server.
>>>>>
>>>>> My problem is amplified by the fact that when I put PO folder in
>>>>> the
>>>>> Startupitems folder and then reboot, the server is practically down
>>>>> and stays down. Last time I tried to open the terminal, I waited
>>>>> more
>>>>> than 10 minutes for the system to react! After I take PO out it
>>>>> takes
>>>>> another 30 minutes or so to do single user repair - otherwise the
>>>>> server doesn't start at all!
>>>>>
>>>>> I didn't make any changes in the set-up in the last 3-4 weeks and
>>>>> this situation just hit from nowhere!
>>>>>
>>>>> Would re-installing PostOffice help? What is the easiest way to do
>>>>> it
>>>>> while saving all settings?
>>>>> I don't need to save anything in the mailboxes!
>>>>>
>>>>> Last question - I know how to stop PostOffice from the terminal, is
>>>>> there a command to start it?
>>>>> Thanks again, Alexei
>>>>>
>>>>> On Sunday, October 19, 2003, at 03:55 PM, John Sievert wrote:
>>>>>
>>>>>> The fact that everything slows down to a grind first is really
>>>>>> interesting.
>>>>>> This sort of indicates that the CPU is getting more and more bogged
>>>>>> down.
>>>>>>
>>>>>> One scenario were this can happen is if your SMTP-Accept processes
>>>>>> stack up.
>>>>>> This usually happens because of a filter that is bogging the system
>>>>>> down.
>>>>>> Boot up the system then watch through the terminal by doing
>>>>>> repetitive ps
>>>>>> -jax | grep smtp.
>>>>>>
>>>>>> If the number of processes keeps climging, then that is probably
>>>>>> the
>>>>>> problem. The remedy, is to delete filters one by one until you get
>>>>>> rid of
>>>>>> them. Generally, though this is related to body filters since they
>>>>>> can take
>>>>>> a long time to execute. These body filters would be my choice for
>>>>>> first
>>>>>> deletions.
>>>>>>
>>>>>> If you can boot this and then limit incoming connections - you can
>>>>>> do that
>>>>>> through the personal firewall by shutting down ports 25 and 110
>>>>>> (can't
>>>>>> remember which is which for POP and SMTP) so that nothing can reach
>>>>>> post.office.
>>>>>>
>>>>>> My bet is that this is the problem. Post.office has been shown to
>>>>>> be
>>>>>> exceptionally stable in almost everyone's installation EXCEPT with
>>>>>> the case
>>>>>> described above.
>>>>>>
>>>>>> J
>>>>>>
>>>>>> On 10/19/03 4:26p, "Alexei Zoubov" <azstech@xxxxxxxxx> wrote:
>>>>>>
>>>>>>> Addition - it looks like it is definitely PostOffice!
>>>>>>>
>>>>>>> If I boot with the PO folder in Startup items in about 5-10
>>>>>>> minutes
>>>>>>> computer slows down and responds to everything with a few minutes
>>>>>>> delay
>>>>>>> or just turns the ball!
>>>>>>>
>>>>>>> After taking PO out of Startup items, I have to reboot in single
>>>>>>> mode,
>>>>>>> run fsck -y for diagnostics and small repair, then iTools, Apache
>>>>>>> and
>>>>>>> everything else starts to work.
>>>>>>>
>>>>>>> It seems that the problem is in writing to some files! Looked into
>>>>>>> PostOffice manual index - couldn't find where to look for error
>>>>>>> log. In
>>>>>>> trouble shooting - just notes on undelivered messages, this and
>>>>>>> that.
>>>>>>>
>>>>>>> So, what do I do next? Should I just run the PO installer again?
>>>>>>> How
>>>>>>> do I clean PO mailboxes and/or logs? Where do I find error log to
>>>>>>> see
>>>>>>> what exactly went wrong?
>>>>>>>
>>>>>>> Desperate Alexei
>>>>>>>
>>>>>>> On Sunday, October 19, 2003, at 12:26 PM, Alexei Zoubov wrote:
>>>>>>>
>>>>>>>> PstOffice was behaving decently lately and suddenly the whole
>>>>>>>> computer
>>>>>>>> with itools 6.7 and PostOffice just stopped working. The mouse
>>>>>>>> would
>>>>>>>> move, but either would not have any effect or turn into rolling
>>>>>>>> ball
>>>>>>>> for a few minutes - then back.
>>>>>>>>
>>>>>>>> I restarted in single mode and checked with fsck -=y, there were
>>>>>>>> some
>>>>>>>> minor errors that were repaired. Computer still wouldn't start.
>>>>>>>>
>>>>>>>> Then I used single user mode to move PostOffice out of
>>>>>>>> Startupitems
>>>>>>>> folder. This time computer started, loaded iTools and started
>>>>>>>> serving
>>>>>>>> pages OK, but without the PostOffice, naturally.
>>>>>>>>
>>>>>>>> I couldn't find any hint on how to start PostOffice manually, so
>>>>>>>> I
>>>>>>>> put
>>>>>>>> the PO folder into Startupitems again and rebooted - computer
>>>>>>>> wouldn't
>>>>>>>> start again.
>>>>>>>>
>>>>>>>> After several unsuccessful tries, I managed to get computer up
>>>>>>>> without
>>>>>>>> PO, but now it started to act strangely even without PO - it
>>>>>>>> looks
>>>>>>>> that some work is going on that is preventing it from functioning
>>>>>>>> normally. The mouse either doesn't work or works with a several
>>>>>>>> seconds delay, or turns into the ball for 10-15 seconds!
>>>>>>>>
>>>>>>>> It may be overflooded logs, I would really appreciate any hints
>>>>>>>> on
>>>>>>>> how
>>>>>>>> to empty them and where they are!
>>>>>>>>
>>>>>>>> I don't think the mailboxes are full - they have been cleaned
>>>>>>>> regularly.
>>>>>>>>
>>>>>>>> I tried to find any troubleshooting hints but it looks that there
>>>>>>>> is
>>>>>>>> no advice on how to deal with such global failures!
>>>>>>>>
>>>>>>>> Anybody with an experience?
>>>>>>>>
>>>>>>>> Alexei
>>>>>>>>
>>>>>>>> ---------
>>>>>>>> Tenon Intersystems' Post.Office Mailing List
>>>>>>>> To unsubscribe: send mailto:post_office-request@xxxxxxxxxxxxxxx
>>>>>>>> with the body only containing: unsubscribe
>>>>>>>> Find the searchable mailing list archives at:
>>>>>>>> http://postoffice.computeroil.com/
>>>>>>>>
>>>>>>>
>>>>>>> ---------
>>>>>>> Tenon Intersystems' Post.Office Mailing List
>>>>>>> To unsubscribe: send mailto:post_office-request@xxxxxxxxxxxxxxx
>>>>>>> with the body only containing:
>>>>>>> unsubscribe
>>>>>>> Find the searchable mailing list archives at:
>>>>>>> http://postoffice.computeroil.com/
>>>>>>
>>>>>> --
>>>>>> It's what you do, not what you say.
>>>>>> If you're not part of the future, then stay out of the way.
>>>>>> -John Cougar Mellencamp
>>>>>>
>>>>>> John Sievert
>>>>>> Customer 1st, Inc
>>>>>> 2950 Metro Drive, Suite 101
>>>>>> Minneapolis, MN 55425
>>>>>> (952)851-7901
>>>>>> mailto:john@xxxxxxxxxxxxxxx
>>>>>>
>>>>>> ---------
>>>>>> Tenon Intersystems' Post.Office Mailing List
>>>>>> To unsubscribe: send mailto:post_office-request@xxxxxxxxxxxxxxx
>>>>>> with the body only containing:
>>>>>> unsubscribe
>>>>>> Find the searchable mailing list archives at:
>>>>>> http://postoffice.computeroil.com/
>>>>>>
>>>>>
>>>>> ---------
>>>>> Tenon Intersystems' Post.Office Mailing List
>>>>> To unsubscribe: send mailto:post_office-request@xxxxxxxxxxxxxxx
>>>>> with the body only containing:
>>>>> unsubscribe
>>>>> Find the searchable mailing list archives at:
>>>>> http://postoffice.computeroil.com/
>>>>>
>>>>
>>>> ---------
>>>> Tenon Intersystems' Post.Office Mailing List
>>>> To unsubscribe: send mailto:post_office-request@xxxxxxxxxxxxxxx
>>>> with the body only containing:
>>>> unsubscribe
>>>> Find the searchable mailing list archives at:
>>>> http://postoffice.computeroil.com/
>>>>
>>>
>>> ---------
>>> Tenon Intersystems' Post.Office Mailing List
>>> To unsubscribe: send mailto:post_office-request@xxxxxxxxxxxxxxx
>>> with the body only containing:
>>> unsubscribe
>>> Find the searchable mailing list archives at:
>>> http://postoffice.computeroil.com/
>>
>> --
>> It's what you do, not what you say.
>> If you're not part of the future, then stay out of the way.
>> -John Cougar Mellencamp
>>
>> John Sievert
>> Customer 1st, Inc
>> 2950 Metro Drive, Suite 101
>> Minneapolis, MN 55425
>> (952)851-7901
>> mailto:john@xxxxxxxxxxxxxxx
>>
>> ---------
>> Tenon Intersystems' Post.Office Mailing List
>> To unsubscribe: send mailto:post_office-request@xxxxxxxxxxxxxxx
>> with the body only containing:
>> unsubscribe
>> Find the searchable mailing list archives at:
>> http://postoffice.computeroil.com/
>>
>
> ---------
> Tenon Intersystems' Post.Office Mailing List
> To unsubscribe: send mailto:post_office-request@xxxxxxxxxxxxxxx
> with the body only containing:
> unsubscribe
> Find the searchable mailing list archives at:
> http://postoffice.computeroil.com/
--
The truth is more revealing.
It's a permanent reminder of a temporary feeling.
- Jimmy Buffett, 1999
John Sievert
Customer 1st, Inc.
2950 Metro Drive, #101
Mpls, MN 55425
952.851.7901 office
952.851.7907 fax
mailto:john.pager@xxxxxxxxxxxxxxx (150 chars, text pager)
---------
Tenon Intersystems' Post.Office Mailing List
To unsubscribe: send mailto:post_office-request@xxxxxxxxxxxxxxx
with the body only containing:
unsubscribe
Find the searchable mailing list archives at:
http://postoffice.computeroil.com/
|
