View Single Post
  #4  
Old 28th March 2013, 18:39
arraken arraken is offline
Member
 
Join Date: Mar 2010
Posts: 91
Thanks: 13
Thanked 3 Times in 3 Posts
Default server abused as spambot?

Ok, I think my server is abused for sending spam. I don't think it's an open relay however, so can it be some script on my server that sends the mails?

I followed the instructions from the first answer here: http://serverfault.com/questions/333...refusing-mails

I seem to have the same problem as the poster there.

when i execute "qshape deferred" i get the following output:

Code:
             yahoo.com.tw 70279  0 42  0 1998 5617 12254 39296 11072    0     0
          DomainOnMyServer.at 12583  0  0  0   17   31    36    73   885 1445 10096
                  kimo.com   310  0  0  0   16   24    48   159    63    0     0
     heattreatmentchina.ru    29  0  0  0    1    0     1     0     0    0    27
              yahoo.com.hk    22  0  0  0    1    2     9     9     1    0     0
             purifiercn.ru    16  0  0  0    0    0     1     1     0    1    13
             earthlink.net    12  0  0  0    0    0     0     0     0    0    12
                 ymail.com    11  0  0  0    0    0     6     4     1    0     0                  
               example.com     8  0  0  0    0    0     0     0     0    2     6            
                   aol.com     2  0  0  0    0    0     0     0     0    0     2
                  jumpy.it     2  0  0  0    0    0     0     0     0    0     2
                 gawab.com     2  0  0  0    0    0     0     0     0    0     2
            rocketmail.com     2  0  0  0    0    0     0     2     0    0     0
 gdp-globaldigitalpost.com     2  0  0  0    0    0     0     0     0    0     2
                   nsi.com     1  0  0  0    0    0     0     0     0    0     1
                   mxb.org     1  0  0  0    0    0     0     0     0    0     1
                   kjf.com     1  0  0  0    0    0     0     0     0    0     1
when i look in /var/spool/postfix/deferred/ there are masses of mails there - all apparently spam-mails.

What can i do to stop this? please help! - I had to shut down the mailserver already, which isn't good, as it is used by quite some customers..

Last edited by arraken; 30th March 2013 at 10:34.
Reply With Quote