Hi,
I hope someone can help us, we really need help with our mailserver. It looks like someone has managed to get in and use our mail server to send out SPAM. We are a school with apprx. 30 email users.
We have been using the ISP's smtp-port. Now they have blocked the smtp port from our school, since a lot of spam was sent out. This means that we can not send mail outside. We have checked everything inside, also turned off everything, all computers, servers the wireless network, just left the mail and webserver on. And through the logs it looks like someone is still trying to send spam.
We want to change our smtp so we use our own, not through the ISP's port, so they don’t block us anymore. And the other thing is that we have not used authentication for our mails.
Please help us!!!!! We don’t have much experience in this, the mailserver with Suse and Postfix was set up by someone else 4 years ago.
We have SUSE LINUX 10.0 (X86-64) OSS (VERSION = 10.0), postfix = 2.2.5, and ISPConfig Version: 2.2.18.
Here is a sample of /var/log:
Code:
/var/log # tail -f warn
Feb 10 17:25:31 kmail postfix/smtpd[3324]: warning: 94.97.209.201: hostname 94.96.209.201.dynamic.saudi.net.sa verific
ation failed: Name or service not known
Feb 10 17:25:32 kmail postfix/smtpd[3324]: warning: support for restriction "check_relay_domains" will be removed from
Postfix; use "reject_unauth_destination" instead
Feb 10 17:26:51 kmail postfix/smtpd[3324]: warning: 187.65.33.71: hostname bb412147.virtua.com.br verification failed: Name or service not known
Code:
/var/log # tail -f mail
Feb 10 17:12:24 kmail postfix/qmgr[2160]: 1B24818171: to=<alan@loandirect.com>, relay=none, delay=1832, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=localhost type=AAAA: Host not found)
Feb 10 17:12:24 kmail postfix/qmgr[2160]: 17C8A1817C: to=<alan@loandirect.com>, relay=none, delay=1822, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=localhost type=AAAA: Host not found)
Feb 10 17:12:24 kmail postfix/qmgr[2160]: 188031817F: to=<alan@loandirect.com>, relay=none, delay=1818, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=localhost type=AAAA: Host not found)
Feb 10 17:12:30 kmail postfix/smtpd[2722]: warning: 187.40.200.39: hostname 18740200039.user.veloxzone.com.br verification failed: Name or service not known
Feb 10 17:12:30 kmail postfix/smtpd[2722]: connect from unknown[187.40.200.39]
Feb 10 17:12:31 kmail postfix/smtpd[2722]: setting up TLS connection from unknown[187.40.200.39]
Feb 10 17:12:31 kmail postfix/smtpd[2722]: TLS connection established from unknown[187.40.200.39]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Feb 10 17:12:32 kmail postfix/smtpd[2722]: warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" instead
Best regards,
Mazgit
English | 
Deutsch
Our mailserver hacked ??? - a lot of SPAM is being send out
Threaded Mode
Recent comments
1 day 5 hours ago
1 day 14 hours ago
1 day 17 hours ago
1 day 18 hours ago
1 day 19 hours ago
1 day 21 hours ago
1 day 22 hours ago
2 days 4 min ago
2 days 16 hours ago
2 days 16 hours ago