LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-20-2012, 01:16 PM   #1
Daft Punk
LQ Newbie
 
Registered: Apr 2012
Location: Germany
Distribution: Centos 5.x
Posts: 7

Rep: Reputation: Disabled
Exclamation Need help on preventing qMail to spam and bloating hard disk


Hello everyone.

I am new to LQ and thought that my question would best fit in "Linux server". If not would a moderator please be so kind to move this thread to the corresponding thread group.

I have a problem with my qmail server. About 2 weeks ago I instantly received over 350,000 spam mails, which caused a full hard disk. I somehow managed to clean up my queue. But since then I receive about 150,000 mails a day, 99% of it being spam. Causing my hard disk to bloat up to full again.

Shortly after that it seems that my qmail server started sending spam. Today my provider shut down and blocked my server due to spamming. I contacted my provider and my server is up again but I have shut down my qmail completely and closed all mail relevant ports until my problems are solved.

I used the former qmailrocks.com guide to set it up, containing spam assassin, clamAV antivirus, a few qmail patches, qmail-queue, vqAdmin, qmailadmin, squirrelmail. clamAV updates on a daily basis. I am running this server for about 3 years now without any problems.

What I already did:
I. Shut down qmail.
II. Closed mail relevant ports.
III. Created a backup of the server. (The server is also automatically backed up incremently every week and a full back up every month).
IV. Ran 3 antivirus programms, root kits remover etc. There was nothing found.
V. Reduced the qmail-lifetime down to 24 hours.

What I want to do:
1. Prevent qmail from sending more spam.
2. Block mails to non-existing mailboxes.
3. Prevent relaying for not domain-targeted mailboxes and open relaying.
4. Clean up the qmail queue with currently 428,000+ queued mails.

I would appreciate any help for what I want to do (steps 1 - 4). I am not very familiar with qmail that's why I used a guide. I spent half of today googling for solutions but either I couldn't apply or understand them.

I am using a CEntOS 5.4 distro. If you need more information, please let me know.

Best regards,
Daft Punk
 
Old 04-20-2012, 02:05 PM   #2
Daft Punk
LQ Newbie
 
Registered: Apr 2012
Location: Germany
Distribution: Centos 5.x
Posts: 7

Original Poster
Rep: Reputation: Disabled
I temporarely started up up my qmail server for an open relay test.

I used the the test on http://www.mailradar.com/openrelay/
6 out of 20 tests did not pass. so there are chances that my qmail
server is exploited for open relaying. Unfortunately the tests
are called Methods, numbered from 1 to 20, but there is no explanation
on them or how I could prevent them. Any ideas?
 
Old 04-20-2012, 03:30 PM   #3
drigby
LQ Newbie
 
Registered: Apr 2012
Location: Colorado
Distribution: CentOS
Posts: 11

Rep: Reputation: Disabled
I don't use qmail, so I can't speak from experience.

I did to a google search and find this: http://qmail.3va.net/qdp/qmail-antirelay.html

It looks like you should make a file called rcpthosts in /var/qmail/control/ and then put a list of users in there that can recieve mail. Then run your test again and see if that works.

Code:
cd /var/qmail/control
nano rcpthosts
Probably worth a try...

P.S. you might need to mkdir control...

Last edited by drigby; 04-20-2012 at 03:31 PM.
 
Old 04-21-2012, 06:07 AM   #4
Daft Punk
LQ Newbie
 
Registered: Apr 2012
Location: Germany
Distribution: Centos 5.x
Posts: 7

Original Poster
Rep: Reputation: Disabled
Hello drigby,

thank you for your reply and efforts. I remember rcpthost from the install.
So I looked it up, currently there are only 2 entries:

Quote:
mail.myserver.net (SMTP Server forwarding)
myserver.net (Domain)
From my understanding I would assume that this would tell qmail to only
accept mails adressed only to that server / domain.

I also tried your link anti-relay guide. My qmail was already configured
as described in the guide with little difference tcpserver is run by vpopmail:vchkpw
instead od qmaild.

Best regards,
Daft Punk

Last edited by Daft Punk; 04-21-2012 at 06:31 AM.
 
Old 04-21-2012, 06:30 AM   #5
lithos
Senior Member
 
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144

Rep: Reputation: 217Reputation: 217Reputation: 217
Hi,

although I have no experience in qmail whatsoever (even postfix/dovecot I'm not very skilled)
I would give you this link to check to reject / filter unwanted senders from getting through your server
In postfix there is a good filter mechanism like described here with spam lists (list.dsbl.org, reject_rbl_client sbl.spamhaus.org,cbl.abuseat.org,dnsbl.sorbs.net)
but I really don't know how to do it in qmail (postfix rejects like 70% or more spammers with this checklists)
also here is some qmail anti-spam prevention explained.

good luck
 
Old 04-24-2012, 04:41 AM   #6
Daft Punk
LQ Newbie
 
Registered: Apr 2012
Location: Germany
Distribution: Centos 5.x
Posts: 7

Original Poster
Rep: Reputation: Disabled
Hello lithos,

thanks for your reply. I have read your thour your links. Unfortunately I was unable to apply spamdyke to my qmail. The postfix link wasn't appliable. The last link was more like a guide line for setting up qmail, without any modifiable examples.

Best regards,
DP
 
Old 04-24-2012, 04:37 PM   #7
roberto967
Member
 
Registered: Apr 2011
Location: Cagliari, Italy
Distribution: Slackware64 latest stable
Posts: 69

Rep: Reputation: 12
Quote:
Originally Posted by Daft Punk View Post
[...]
What I want to do:
1. Prevent qmail from sending more spam.
2. Block mails to non-existing mailboxes.
3. Prevent relaying for not domain-targeted mailboxes and open relaying.
4. Clean up the qmail queue with currently 428,000+ queued mails.
I have an updated qmail guide and a combined patch which should serve to the purpose http://notes.sagredo.eu/node/8

Concernig point 1 you have to close your relay (start reading this http://www.palomine.net/qmail/relaying.html), but I think that at this time your IP is already banned by most RBL lists, so you will have to change your IP as well..

anyway 1 and 3 goes together. You will solve 2 and then 4 with a 'recipient verification' patch like chkuser (it's embedded in my combined patch)

Last edited by roberto967; 04-24-2012 at 04:45 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Blocking spam with qmail Apollo77 Linux - General 70 03-05-2009 03:22 AM
Spam Filtering in Qmail Joey.Dale Linux - Software 5 12-05-2004 02:29 PM
How to control Spam with Qmail dighorn Linux - General 4 11-17-2004 09:55 AM
Tracking Spam with Qmail kemplej Linux - Software 2 09-28-2004 05:31 PM
filtering spam in Qmail? IceNineJon Linux - Software 2 07-05-2003 03:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration