LinuxQuestions.org
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Server being used to relay spam (Pesk + Qmail), how do I stop it? (https://www.linuxquestions.org/questions/linux-security-4/server-being-used-to-relay-spam-pesk-qmail-how-do-i-stop-it-684403/)

nepcw 11-18-2008 04:41 PM
Quote:
Originally Posted by billymayday (Post 3346792)
Do you mean Fedora Core 4?
Yes sir it is Fedora Core 4. And thanks to all you for taking the time to help me with this.

rjlee 11-18-2008 04:47 PM
Quote:
Originally Posted by nepcw (Post 3346791)
one of the issues I'm running into is the spam is being sent to people not on our domain so I have no way of getting those headers, unless there is another way from the server level to obtain them.
I think the outgoing messages get queued into /var/qmail/queue/. I think that the headers may be split into separate files, and I'm not sure which subdirectory they go into (I only use qmail for incoming mail, and it's usually gone by the time I check the queue). But if you want to find a spam message then that would probably be the place to look.

nepcw 11-18-2008 04:50 PM
I have no logs in the /var/qmail/queue directory, all I have is directories with 0-18 directories with no data in them.
There are a few places I looked like /usr/local/psa/var/ but didnt have anything helpfull in there

billymayday 11-18-2008 04:55 PM
I get better logging with postfix, eg

Quote:
Nov 19 09:44:09 gandalf postfix/smtpd[21688]: 4D6EF19AAD2B: client=xxxx[192.168.1.100], sasl_method=PLAIN, sasl_username=xxxx
Can you add verbosity to qmail logging somehow?

billymayday 11-18-2008 04:56 PM
Quote:
Originally Posted by nepcw (Post 3346794)
Yes sir it is Fedora Core 4. And thanks to all you for taking the time to help me with this.
As an aside, FC4 is no longer receiving security updates, so you should think about upgrading as a priority.

nepcw 11-18-2008 04:58 PM
Quote:
Originally Posted by billymayday (Post 3346821)
As an aside, FC4 is no longer receiving security updates, so you should think about upgrading as a priority.
I completely agree, I keep up with the server but have not set the plan into action to get it upgraded. This is absolutely the next thing I will do after I get this figured out. I really am afraid of getting on a blacklist that will cause even more issues.

I'm not sure on the verbose mode for qmail, I will have to look that up on there site.

rjlee 11-18-2008 05:04 PM
This may help; it contains an example of tracking down an account with a weak password:

http://www.cherpec.com/2008/07/plesk...spam-problems/

internetSurfer 11-18-2008 06:08 PM
There are many variables to this problem.
Here is some info for auditing.

jiml8 11-19-2008 12:06 AM
One of your clients might have an insecure PHP form which is being attacked. This wouldn't show up as an email user on your system, and the attacker wouldn't have to break any passwords; that all would be taken care of by PHP.

unixfool 11-19-2008 09:39 AM
Quote:
Originally Posted by billymayday (Post 3346792)
Do you mean Fedora Core 4?
I believe FDC4 is a legit name. Google hits show it is more than likely FeDora Core 4 (not sure on this, though).

If that's the case, that is a very OLD version!

EDIT - It appears that when I originally posted this, it didn't post but hung in dramatic fashion, which kept it from being posted in a timely fashion. I'm deleting the content of my next response.

billymayday 11-19-2008 01:37 PM
Quote:
Originally Posted by unixfool (Post 3347596)
I believe FDC4 is a legit name. Google hits show it is more than likely FeDora Core 4 (not sure on this, though).

If that's the case, that is a very OLD version!
Or because the D is next to the F? Anyway, he confirmed FC4

unixfool 11-19-2008 02:50 PM
<content removed to avoid confusion>


All times are GMT -5. The time now is 07:50 PM.
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page