LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 11-18-2008, 05:41 PM   #16
nepcw
Member
 
Registered: Mar 2004
Posts: 81

Original Poster
Rep: Reputation: 15

Quote:
Originally Posted by billymayday View Post
Do you mean Fedora Core 4?
Yes sir it is Fedora Core 4. And thanks to all you for taking the time to help me with this.
 
Old 11-18-2008, 05:47 PM   #17
rjlee
Senior Member
 
Registered: Jul 2004
Distribution: Ubuntu 7.04
Posts: 1,990

Rep: Reputation: 67
Quote:
Originally Posted by nepcw View Post
one of the issues I'm running into is the spam is being sent to people not on our domain so I have no way of getting those headers, unless there is another way from the server level to obtain them.
I think the outgoing messages get queued into /var/qmail/queue/. I think that the headers may be split into separate files, and I'm not sure which subdirectory they go into (I only use qmail for incoming mail, and it's usually gone by the time I check the queue). But if you want to find a spam message then that would probably be the place to look.
 
Old 11-18-2008, 05:50 PM   #18
nepcw
Member
 
Registered: Mar 2004
Posts: 81

Original Poster
Rep: Reputation: 15
I have no logs in the /var/qmail/queue directory, all I have is directories with 0-18 directories with no data in them.
There are a few places I looked like /usr/local/psa/var/ but didnt have anything helpfull in there
 
Old 11-18-2008, 05:55 PM   #19
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
I get better logging with postfix, eg

Quote:
Nov 19 09:44:09 gandalf postfix/smtpd[21688]: 4D6EF19AAD2B: client=xxxx[192.168.1.100], sasl_method=PLAIN, sasl_username=xxxx
Can you add verbosity to qmail logging somehow?
 
Old 11-18-2008, 05:56 PM   #20
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Quote:
Originally Posted by nepcw View Post
Yes sir it is Fedora Core 4. And thanks to all you for taking the time to help me with this.
As an aside, FC4 is no longer receiving security updates, so you should think about upgrading as a priority.
 
Old 11-18-2008, 05:58 PM   #21
nepcw
Member
 
Registered: Mar 2004
Posts: 81

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by billymayday View Post
As an aside, FC4 is no longer receiving security updates, so you should think about upgrading as a priority.
I completely agree, I keep up with the server but have not set the plan into action to get it upgraded. This is absolutely the next thing I will do after I get this figured out. I really am afraid of getting on a blacklist that will cause even more issues.

I'm not sure on the verbose mode for qmail, I will have to look that up on there site.
 
Old 11-18-2008, 06:04 PM   #22
rjlee
Senior Member
 
Registered: Jul 2004
Distribution: Ubuntu 7.04
Posts: 1,990

Rep: Reputation: 67
This may help; it contains an example of tracking down an account with a weak password:

http://www.cherpec.com/2008/07/plesk...spam-problems/
 
Old 11-18-2008, 07:08 PM   #23
internetSurfer
Member
 
Registered: Jan 2008
Location: w3c
Distribution: Slackware 12 Zenwalk 5.2
Posts: 71

Rep: Reputation: 16
There are many variables to this problem.
Here is some info for auditing.

 
Old 11-19-2008, 01:06 AM   #24
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 115Reputation: 115
One of your clients might have an insecure PHP form which is being attacked. This wouldn't show up as an email user on your system, and the attacker wouldn't have to break any passwords; that all would be taken care of by PHP.
 
Old 11-19-2008, 10:39 AM   #25
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by billymayday View Post
Do you mean Fedora Core 4?
I believe FDC4 is a legit name. Google hits show it is more than likely FeDora Core 4 (not sure on this, though).

If that's the case, that is a very OLD version!

EDIT - It appears that when I originally posted this, it didn't post but hung in dramatic fashion, which kept it from being posted in a timely fashion. I'm deleting the content of my next response.

Last edited by unixfool; 11-20-2008 at 09:52 AM.
 
Old 11-19-2008, 02:37 PM   #26
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Quote:
Originally Posted by unixfool View Post
I believe FDC4 is a legit name. Google hits show it is more than likely FeDora Core 4 (not sure on this, though).

If that's the case, that is a very OLD version!
Or because the D is next to the F? Anyway, he confirmed FC4
 
Old 11-19-2008, 03:50 PM   #27
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
<content removed to avoid confusion>

Last edited by unixfool; 11-20-2008 at 09:53 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
qmail - mail server hacked,sending spam - help.. > skate Linux - Server 8 07-29-2008 03:25 AM
spam relay question cylarz Linux - Security 5 04-16-2008 07:24 PM
LXer: Mandriva Postfix Anti-Spam, Anti-Virus Relay Server for Exchange Server 2000/2003 LXer Syndicated Linux News 0 06-29-2006 11:21 AM
Qmail as a relay server Jukas Linux - Software 1 10-07-2005 05:07 AM
spam filter for qmail server? maxut Linux - Networking 4 10-11-2004 12:05 PM


All times are GMT -5. The time now is 11:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration