Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > ISPConfig 3 Priority Support

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 25th September 2013, 14:23
robotjox robotjox is offline
Junior Member
 
Join Date: Jul 2008
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default How do I best troubleshoot my server sending spam?

Hi, I recently discovered that my Ubuntu 10.4 server was blaclisted at several sites (I used http://mxtoolbox.com to check).

Checking the logs I could see that one email account was sending several spam messages every second!

I have disabled the account, but my questions are:

1) How can I troubleshoot this problem in the best way? How can I see if the spam was sent from the persons own computer or from some exploit on my server? (I already checket for rootkits - none were discovered, and I have amavis running)

2) How can I make sure this doesn't happen again?

3) Should I contact the blacklisting servers directly to be removed or does that happen automatically after some time? Google is not accepting mails from my servers for instance :-(

This is a real big problem as it affects all my users, so any help is greatly appreciated :-)

thanks!
Reply With Quote
Sponsored Links
  #2  
Old 25th September 2013, 15:58
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,804
Thanks: 840
Thanked 5,613 Times in 4,424 Posts
 
Default

1) I described the procedure to find the source of outgoing spam here a few days ago:

http://www.howtoforge.com/forums/showthread.php?t=63319

So pbasically you get a email id from a spam email with:

postqueu -p

and then inspect it with postcat.

2) There is no 100% protection against that. Most spam is sent trough vulnerable websites, so ensure that the cms systems that are installed on your server are updated regularily. another option is to use policyd to restrict the number of emails that can be send by a user. You can also scan your server with maldet to find hacked websites: http://www.howtoforge.com/forums/showthread.php?t=58440

3) They will remove you automatically after some time (in most caese 1+ days). If you want to get whitelisted earlier, then you should contact them. But not before the source of the issue has been found and the spam sending stopped.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Tags
isp config 3, mail accounts

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig3 mail doesn't work pehden Installation/Configuration 20 9th December 2013 15:05
Problems with Roundcube on ISPConfig Daninor General 4 10th August 2013 14:11
Sending mail ISPConfig 3 but not receivind catza Installation/Configuration 20 19th May 2010 13:47
Webmail problems with only one domain? compner Installation/Configuration 14 16th February 2010 17:59
Ubuntu 8.04 Spamsnake - all SA scores 0.00 Thomas_Powers HOWTO-Related Questions 23 24th June 2008 18:37


All times are GMT +2. The time now is 07:28.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.