LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-26-2011, 04:40 PM   #1
TheOnlyQ
Member
 
Registered: Apr 2011
Posts: 33

Rep: Reputation: 0
How to block email spamming coming from my server?


Hey LQ.

I don't know what to do, I know how to block and delete pretty much every other type of abuse.

I run a server with 500+ shared hosting clients and reseller clients and it was just blocked because of email spam.

I can keep on top of all other abuse (people trying to do dos attacks etc) but the one thing I can't get my head around is email spamming.

Any one have any information on how to stop people spamming emails from my server? This is really urgent.

Thanks.
 
Old 06-26-2011, 06:24 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
I assume that one (or several) of the client installs acts as
an open relay; check out who produces the traffic, and then
look at their e-Mail configuration.
 
Old 06-26-2011, 06:43 PM   #3
TheOnlyQ
Member
 
Registered: Apr 2011
Posts: 33

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Tinkster View Post
I assume that one (or several) of the client installs acts as
an open relay; check out who produces the traffic, and then
look at their e-Mail configuration.
This is a cPanel server. Where would I check who is using the most mail traffic?
 
Old 06-26-2011, 07:43 PM   #4
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Sorry, I can't answer that - I never used cPanel; hope some of our
other members have, and will be able to shed light.

Last edited by Tinkster; 06-26-2011 at 08:07 PM.
 
Old 06-26-2011, 08:19 PM   #5
TheOnlyQ
Member
 
Registered: Apr 2011
Posts: 33

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Tinkster View Post
Sorry, I can't answer that - I never used cPanel; hope some of our
other members have, and will be able to shed light.
Thanks for your help anyway.

Really hope someone can help, I'm getting screwed with this.
 
Old 06-28-2011, 02:23 AM   #6
TheOnlyQ
Member
 
Registered: Apr 2011
Posts: 33

Original Poster
Rep: Reputation: 0
Still looking for someone to help, please if anyone has any information I will appreciate it.
 
Old 06-28-2011, 10:56 AM   #7
ButterflyMelissa
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,686
Blog Entries: 23

Rep: Reputation: 398Reputation: 398Reputation: 398Reputation: 398
Okay...since you asked sooooo nicely - how about (long shot) mailsnarf? It's part of the dsniff package, a collection of nifty tools for all things network sniffing

Also, try this

Quote:
tcpdump -vvv port 25
to listen to the smpt port, granted, it will give you quite a bit to look at...but you will find out what time the spam is being pushed out...

Luck!

Thor
 
Old 06-28-2011, 12:45 PM   #8
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778
You will need to start by examining your log files. Undoubtedly there will be some indication of the spam messages and the user account from which they are originating. I don't mean to sound harsh, but I think you are also learning a really valuable lesson in the down side of the "install this gui application and go" without fully understanding the underlying how and why things work. Something in your system has clearly become compromised and you are responsible for it. The problem is that it is likely one of your customer's (?) hosted sites and / or mail servers. The problem could be a cracked password, SQL inejection, or a PWN of a process. Web stack applications are typically one of the most compromised systems, largely due to poorly written PHP or other script.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Help needed to permanently block access to my email server from japan Usalabs Linux - Server 5 10-31-2010 01:27 AM
linux how to check if email server machine doing spamming salimshahzad Linux - Server 3 04-28-2010 04:39 AM
how to block email in email server packets Linux - Software 3 04-02-2007 04:14 PM
block extesions on email server juniox Linux - Security 1 03-07-2006 01:36 PM
Email spamming prevention m_sree Linux - Security 4 01-16-2003 09:54 AM


All times are GMT -5. The time now is 08:51 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration