[Mailman-Users] Mailman server consuming entire Internet pipe (dualT1)

Scott Race scott at 916networks.com
Wed Nov 24 20:16:35 CET 2010 

Thanks for the reply.

So it sounds like my iptables rule:

iptables -A INPUT -p tcp --dport 25 -j REJECT

also blocks outbound mail too.  Is there a preferred way to secure mailman SMTP traffic with iptables?  In our case, we would just need an inbound filter that only accepts mail from a few hosts, I thought this would do it, but mailman wouldn't send mail with rules like this:

# accept mail from two hosts, drop the rest
iptables -A INPUT -p tcp -s 192.168.1.245 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.1.246 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j REJECT

For the queues - I guess it's fine today - still reviewing the logs, and I will use those bin utilities to see the messages, that will be helpful...thanks!!

Scott


-----Original Message-----
From: Mark Sapiro [mailto:mark at msapiro.net] 
Sent: Tuesday, November 23, 2010 4:16 PM
To: Scott Race; mailman-users at python.org
Subject: Re: [Mailman-Users] Mailman server consuming entire Internet pipe (dualT1)

Scott Race wrote:
>
>Haven't been able to figure out exactly what's up - but I do know if I set an iptables rule to block all inbound port 25 traffic, issues go away - so...


So, assuming you are also blocking port 25 connects from the local host
via the loopback interface, you are blocking Mailman's connects to
Postfix, thus preventing Mailman from connecting to Postfix and the
resultant sending from Postfix of whatever Mailman is sending.

Take a look at Mailman's queues, particularly virgin, out and retry to
see what's there. Use Mailman's bin/dumpdb to see an individual
entry's message and metadata or bin/show_quefiles to see one or more
entries' messages.


[...]
>At this point I can't tell if I have a Postfix problem or Mailman problem. Any ideas?  Thanks!!


I suspect the actual network traffic is coming from Postfix sending the
stuff that Mailman is delivering to it. The question is what is
Mailman doing. Check the queues as above and also Mailman's smtp and
perhaps other logs.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list