qmail - mail server hacked,sending spam - help.. >
Hello, I have problem with one of my mail servers...,
I am using qmail , from 2 days I notice that there is huge load average on the server - 9 and up :( ..., I stopped its wlan access , when I look at the top table the mail services make big load average, and when I stop qmail the average stops. (qmailctl stop) .. So I checked the queues of qmail, and saw that My server actually is sending hundreds of mails :/ (last time where 1000+), I deleted them and it starts to send again more and more..., My problem is that I can't locate the source of the hack, where should I look to stop the process which makes my server sending SPAM.. Thanks. |
They are most likely backscatter. Are you accepting mail using wildcard names, or do you do strict recipient validation. I'm betting those are all bounce messages to innocent third parties. If you don't get that under control, your site will be blacklisted, and that will trouble your ability to send mail.
|
Quote:
And if I stop and start or restart the server it starts sending spams and filling the queue with mails even if the LAN cable is unplugged ..... and load average getting high. |
You are repeating yourself, but didn't answer my question.
Are you accepting mail using wildcards? Are you performing strict recipient validation? Have you looked at any of those outbound messages? |
EDIT1: I have changed the Qmail hostname and there is not problem now.., load average is normal and the machine is not sending spam messages (I dont see any in qmail queue)
So what was the problem? Somebody or something is attacking/flooding the old hostname? |
You mean you changed your MX or the mail servers'c concept of its own domain? Simply changing the hostname shouldn't clearup old bounce messages. Perhaps they are no longer considered by your mailer as part of its domains.
This is the third time you've haven't bothered to respond to my questions... which are designed to help you. I won't ask or answer further questions here. |
Quote:
Are you accepting mail using wildcards? Are you performing strict recipient validation? |
What addresses are you accepting mail for ? anything @ yourdomain.com ?
|
Quote:
I think that there is some kind of bash perl script in the system that generates the mails :/ .... |
All times are GMT -5. The time now is 10:55 AM. |