Hi,

Email was working just fine (send and receive). Suddenly all "sent" email never arrives to recipients except for those on the same domain and no "mail delivery status" errors are received.

I´m able to receive email no matter what sender´s domain/address is. I´m using Outlook Express 6, Eudora and Webmail. Server is Linux with Plesk 7 Reloaded (7.1.4).

Anyone knows what the problem could be and how to resolve it?

Thank you in advance!

Ed

Have you tried watching your maillog file to see what error, if any, is being produced?

From command line: tail -f /usr/local/psa/var/log/maillog

What does it say when you send an email off of the server?

check you maillog for relevant information on the delivery to those addresses you've e-mail'ed to

tail gives a real time snapshot on how that file grows, make some tests and analyze that info

maybe paste some of that here (not a bunch of lines, just the ones you consider relevant)

regards

Thank you both for your reply.
I´ll check the maillog and let you know.

--
Ed

Hi,

Here is what maillog reports.
When sending to an address within the server:
(email is actually received)When sending to an outside address:
(email is never received)Many many records similar to:

My relaying setting is "authorization is required:" with a POP3 lock time of 60 minutes. Under "White List" is 127.0.0.1 / 32

Any ideas why the email is not working properly?

Many thanks for your time and efforts!!

--
Ed

I am having a similar problem.

I send email to "support@domain.com" which is setup to redirect all email to my Yahoo! email address.

I receive the autoresponder message from that email account, but the original email is not delivered.

I am not receiving any error messages from the server, such as "mail recipient not found" etc.

I tried rebooting the server, but this didn't work. :confused:

Thanks

Does your server hostname match your servers primary IP?
I found that mail would not be accepted by many servers if my server did not have a hostname that reveresed to it's IP address.
Once I fixed that problem, all my mail was getting delivered properly.

I am experiencing this exact same issue. I don't even see the entry in the maillog yet for the mail i am sending.

I think someone is mailling through me as I see tones of messages destined for AOL.com. my whitelist is only 127.0.0.1/32...the aol.com mailings are not normal.....what would be my next steps?

sorry one additional item. How in qmail can i determine which account on my server these aol.com mails are originating from? I am suspecting someone's mail account credentials have been comprimised.

I ran qmqtool and found out
./qmqtool -i
1 64.69.222.161
5 127.0.0.1
97 127.0.0.2

why would it be showing 127.0.0.2 as an IP in the queue waiting to send? and there is 97 of them which concerns me

A couple of general things...

If mail simply isn't going through to off-server addresses the first thing to check is whatever firewall you have set up. Lots of people use KISS and the last time I set that up by default it apparently had port 53 (the DNS Zone Transfer port) blocked. In KISS look for a section that has a heading of "Uncomment to allow DNS zone transfers" and make sure those are uncommented.

Davily: It's hard to say without more details. On the surface it almost sounds to me as if someone is running a script on your server to send emails. If you haven't already, I would suggest installing both qmHandle and qmail-remove as they'll make it easier to deal with all of those that may still be sitting in your mail queue.

First see how many emails are sitting in the queue. You can do that with qmail-qstat which should already be installed. eg run /var/qmail/bin/qmail-qstat You can also use qmail-qread to get a bit more info with /var/qmail/bin/qmail-qread that'll be helpful.

You'll want to read a few of those to see if you can spot anything that is in every spam being sent. qmail-qread will give you a line that includes an identifying number for each email that look something like:

[php]7 Apr 2005 08:54:31 GMT #623668 10917 <>[/php]

...where #623668 is the email message identifier we need.

With that you can do a locate 623668 to find where it's located in the queue. You'll want the entry that shows in the /mess/ folder to read the message.

Once you've identifed a pattern that appears in every spam (look in the headers for some type of X-Mailer line in case it's an old formmail installation) you can use grep to locate the possible scripts.

For instance, with your common phrase in hand you can cd to /home/httpd/vhosts and run:

[php]for i in * ; do grep -r 'your common phrase'.* ${i}/httpdocs; done[/php]

changing your common phrase to the phrase you found. If it's a script that should give you a heads up as to where the script resides.