Find spam source in Qmail

Discussion in 'Server Operation' started by mi-lan, Feb 19, 2012.

  1. mi-lan

    mi-lan New Member

    Hello, I use Qmail on mail server. From today is my IP on many blacklist, reason is spam. In mail.log I find many spam from one IP, here is log:
    Code:
    Feb 19 23:07:10 mailserver qmail-scanner-queue.pl: qmail-scanner[13046]: Clear:RC:0(68.114.99.137): 0.297978 1262 [email protected] [email protected] You_Have_One_New_Message <[email protected]> mailserver132968922977713046-unpacked:1262
    I stopped also apache, but spam go next.
     
  2. mi-lan

    mi-lan New Member

    Code:
    # cat /etc/tcp.smtp
    127.:allow,RELAYCLIENT=""
    
    Code:
    telnet mailserver 25
    Trying mailserver...
    Connected to mailserver.
    Escape character is '^]'.
    220 mail.example.com ESMTP
    helo test
    250 mail.example.com
    mail from: [email protected]
    250 ok
    rcpt to: [email protected]
    553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
    
    
     
    Last edited: Feb 20, 2012
  3. falko

    falko Super Moderator ISPConfig Developer

    As a first measure you can block that IP: http://www.howtoforge.com/forums/showpost.php?p=38142&postcount=4

    Then find out if you are an open relay: http://www.spamhelp.org/shopenrelay/

    If you are not, try to find out if the spammer is abusing a web application: http://www.howtoforge.com/how-to-log-emails-sent-with-phps-mail-function-to-detect-form-spam

    If so, update your web applications. If that's not the case, the spammer probably knows the login details of an email account, so you might have to change your passwords.
     

Share This Page