Mailq overload due to relay mails from other domains

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Marcosebas
Advanced member
Advanced member
Posts: 79
Joined: Tue Sep 13, 2016 11:25 pm

Mailq overload due to relay mails from other domains

Postby Marcosebas » Mon Jul 29, 2019 6:31 pm

Dear All,

I am facing the following issue. I have a ZCS 8.8.9 fresh installation. However, today I am suffering a serious problem that is causing a delay in my ZCS to receive and send mails. My queue is full of mails from domains that are not part of my zimbra and sending to other domains too. I found this with mailq finding in a certain moment more than 30000 requests and in my anstipam system which is blocking all of them. Luckily, if not I would be blacklisted :D

Image

I followed this wikis

1. Rejecting false "mail from" addresses: https://wiki.zimbra.com/wiki/Rejecting_false_%22mail_from%22_addresses
2. Enforcing a match between FROM address and sasl username: https://wiki.zimbra.com/wiki/Enforcing_a_match_between_FROM_address_and_sasl_username_8.5

Also te postconf mynetworks is set with the networks part of my system.

This is my postconf sender restriction

Code: Select all

[zimbra@postfix ~]$ postconf | grep 'smtpd_sender_restrictions ='
smtpd_sender_restrictions = check_sender_access lmdb:/opt/zimbra/conf/postfix_reject_sender, check_sender_access regexp:/opt/zimbra/common/conf/tag_as_originating.re, permit_mynetworks, reject_sender_login_mismatch, reject_unlisted_sender, reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname, permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access regexp:/opt/zimbra/common/conf/tag_as_foreign.re


These are my zimbra restrictions

Code: Select all

[zimbra@postfix ~]$ zmprov gacf | grep zimbraMtaRestriction 
zimbraMtaRestriction: reject_invalid_helo_hostname
zimbraMtaRestriction: reject_non_fqdn_helo_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_client_hostname
zimbraMtaRestriction: reject_unknown_helo_hostname
zimbraMtaRestriction: reject_unknown_reverse_client_hostname
zimbraMtaRestriction: reject_unknown_sender_domain
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org


In the admin console in global configuration > MTA all that rejects and RBLs are set:

Image


Please, any guess, advise or help in how to stop this is appreciated.

Regards,

Marco


Return to “Administrators”

Who is online

Users browsing this forum: Google [Bot] and 16 guests