Server being used to relay spam (Pesk + Qmail), how do I stop it?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
one of the issues I'm running into is the spam is being sent to people not on our domain so I have no way of getting those headers, unless there is another way from the server level to obtain them.
I think the outgoing messages get queued into /var/qmail/queue/. I think that the headers may be split into separate files, and I'm not sure which subdirectory they go into (I only use qmail for incoming mail, and it's usually gone by the time I check the queue). But if you want to find a spam message then that would probably be the place to look.
I have no logs in the /var/qmail/queue directory, all I have is directories with 0-18 directories with no data in them.
There are a few places I looked like /usr/local/psa/var/ but didnt have anything helpfull in there
As an aside, FC4 is no longer receiving security updates, so you should think about upgrading as a priority.
I completely agree, I keep up with the server but have not set the plan into action to get it upgraded. This is absolutely the next thing I will do after I get this figured out. I really am afraid of getting on a blacklist that will cause even more issues.
I'm not sure on the verbose mode for qmail, I will have to look that up on there site.
One of your clients might have an insecure PHP form which is being attacked. This wouldn't show up as an email user on your system, and the attacker wouldn't have to break any passwords; that all would be taken care of by PHP.