#1  
Old 8th July 2008, 17:08
Hans Hans is offline
Moderator
 
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,256
Thanks: 212
Thanked 648 Times in 294 Posts
Default Something to worry about?

After executing the mailq command, i saw this:

(See file included)

Is this something to worry about? How must i read this? Is the spammer unionchurch at infonegocio.net.pe sending spam to my server or is my server used to send spam?

i deleted it from the mailqueue using the postsuper command.
I do not know any of the e-mailaddresses in the output.
Attached Files
File Type: txt attachement.txt (3.4 KB, 224 views)
__________________
Hans

MrHostman | Master in managed hosting

Last edited by Hans; 8th July 2008 at 17:11.
Reply With Quote
Sponsored Links
  #2  
Old 9th July 2008, 15:16
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

It looks as if your server is used to send spam... Did you check if your server's blacklisted somewhere?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 9th July 2008, 22:53
Hans Hans is offline
Moderator
 
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,256
Thanks: 212
Thanked 648 Times in 294 Posts
Default

Falko,

I checked if my server is blacklisted on http://www.mxtoolbox.com/blacklists.aspx but it is not.
Also chexked for an open relay by using http://www.abuse.net/cgi-bin/relaytest but i don't have any open relay.

Now i must find out if they send spam by using my server indeed.
Do you have any tip/hint for me where to start?
__________________
Hans

MrHostman | Master in managed hosting

Last edited by Hans; 9th July 2008 at 23:05.
Reply With Quote
  #4  
Old 10th July 2008, 09:49
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,034
Thanks: 265
Thanked 152 Times in 132 Posts
Default

Hans,

Are you (or any of your clients) running a "phpBB2" forum?
If so, have a look in the "web/forum/pafiledb/images/screenshots" directory, and see if you can find any php files. If so, delete them!
__________________
Never execute code written on a Friday or a Monday.
Reply With Quote
  #5  
Old 10th July 2008, 10:43
Hans Hans is offline
Moderator
 
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,256
Thanks: 212
Thanked 648 Times in 294 Posts
Default

Thank you for your reply Edge,

No not one of my clients uses any forum software.
The cause is difficult to find, but i start to think that perhaps insecure contactforms or Joomla modules are used by one of my clients.

I have a close look to the logfiles on the moment.
__________________
Hans

MrHostman | Master in managed hosting
Reply With Quote
  #6  
Old 16th July 2008, 17:53
Hans Hans is offline
Moderator
 
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,256
Thanks: 212
Thanked 648 Times in 294 Posts
 
Default

It is inherent to the SMTP-protocol that mailusers can change their identity, but the ID-number of mail within the mailqueue pointed me to the right mailuser account within the maillog. I've contacted the client and the problem is solved now!

Log tells nothing else then what has happened!
__________________
Hans

MrHostman | Master in managed hosting
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Password Worry newblinux Installation/Configuration 5 2nd June 2007 11:05


All times are GMT +2. The time now is 20:57.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.