Need help on preventing qMail to spam and bloating hard disk
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Need help on preventing qMail to spam and bloating hard disk
Hello everyone.
I am new to LQ and thought that my question would best fit in "Linux server". If not would a moderator please be so kind to move this thread to the corresponding thread group.
I have a problem with my qmail server. About 2 weeks ago I instantly received over 350,000 spam mails, which caused a full hard disk. I somehow managed to clean up my queue. But since then I receive about 150,000 mails a day, 99% of it being spam. Causing my hard disk to bloat up to full again.
Shortly after that it seems that my qmail server started sending spam. Today my provider shut down and blocked my server due to spamming. I contacted my provider and my server is up again but I have shut down my qmail completely and closed all mail relevant ports until my problems are solved.
I used the former qmailrocks.com guide to set it up, containing spam assassin, clamAV antivirus, a few qmail patches, qmail-queue, vqAdmin, qmailadmin, squirrelmail. clamAV updates on a daily basis. I am running this server for about 3 years now without any problems.
What I already did:
I. Shut down qmail.
II. Closed mail relevant ports.
III. Created a backup of the server. (The server is also automatically backed up incremently every week and a full back up every month).
IV. Ran 3 antivirus programms, root kits remover etc. There was nothing found.
V. Reduced the qmail-lifetime down to 24 hours.
What I want to do:
1. Prevent qmail from sending more spam.
2. Block mails to non-existing mailboxes.
3. Prevent relaying for not domain-targeted mailboxes and open relaying.
4. Clean up the qmail queue with currently 428,000+ queued mails.
I would appreciate any help for what I want to do (steps 1 - 4). I am not very familiar with qmail that's why I used a guide. I spent half of today googling for solutions but either I couldn't apply or understand them.
I am using a CEntOS 5.4 distro. If you need more information, please let me know.
I temporarely started up up my qmail server for an open relay test.
I used the the test on http://www.mailradar.com/openrelay/
6 out of 20 tests did not pass. so there are chances that my qmail
server is exploited for open relaying. Unfortunately the tests
are called Methods, numbered from 1 to 20, but there is no explanation
on them or how I could prevent them. Any ideas?
It looks like you should make a file called rcpthosts in /var/qmail/control/ and then put a list of users in there that can recieve mail. Then run your test again and see if that works.
thank you for your reply and efforts. I remember rcpthost from the install.
So I looked it up, currently there are only 2 entries:
Quote:
mail.myserver.net (SMTP Server forwarding)
myserver.net (Domain)
From my understanding I would assume that this would tell qmail to only
accept mails adressed only to that server / domain.
I also tried your link anti-relay guide. My qmail was already configured
as described in the guide with little difference tcpserver is run by vpopmail:vchkpw
instead od qmaild.
although I have no experience in qmail whatsoever (even postfix/dovecot I'm not very skilled)
I would give you this link to check to reject / filter unwanted senders from getting through your server
In postfix there is a good filter mechanism like described here with spam lists (list.dsbl.org, reject_rbl_client sbl.spamhaus.org,cbl.abuseat.org,dnsbl.sorbs.net)
but I really don't know how to do it in qmail (postfix rejects like 70% or more spammers with this checklists)
also here is some qmail anti-spam prevention explained.
thanks for your reply. I have read your thour your links. Unfortunately I was unable to apply spamdyke to my qmail. The postfix link wasn't appliable. The last link was more like a guide line for setting up qmail, without any modifiable examples.
[...]
What I want to do:
1. Prevent qmail from sending more spam.
2. Block mails to non-existing mailboxes.
3. Prevent relaying for not domain-targeted mailboxes and open relaying.
4. Clean up the qmail queue with currently 428,000+ queued mails.
Concernig point 1 you have to close your relay (start reading this http://www.palomine.net/qmail/relaying.html), but I think that at this time your IP is already banned by most RBL lists, so you will have to change your IP as well..
anyway 1 and 3 goes together. You will solve 2 and then 4 with a 'recipient verification' patch like chkuser (it's embedded in my combined patch)
Last edited by roberto967; 04-24-2012 at 03:45 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.