Server being used to relay spam (Pesk + Qmail), how do I stop it?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
one of the issues I'm running into is the spam is being sent to people not on our domain so I have no way of getting those headers, unless there is another way from the server level to obtain them.
I think the outgoing messages get queued into /var/qmail/queue/. I think that the headers may be split into separate files, and I'm not sure which subdirectory they go into (I only use qmail for incoming mail, and it's usually gone by the time I check the queue). But if you want to find a spam message then that would probably be the place to look.
I have no logs in the /var/qmail/queue directory, all I have is directories with 0-18 directories with no data in them.
There are a few places I looked like /usr/local/psa/var/ but didnt have anything helpfull in there
As an aside, FC4 is no longer receiving security updates, so you should think about upgrading as a priority.
I completely agree, I keep up with the server but have not set the plan into action to get it upgraded. This is absolutely the next thing I will do after I get this figured out. I really am afraid of getting on a blacklist that will cause even more issues.
I'm not sure on the verbose mode for qmail, I will have to look that up on there site.
One of your clients might have an insecure PHP form which is being attacked. This wouldn't show up as an email user on your system, and the attacker wouldn't have to break any passwords; that all would be taken care of by PHP.