help my server is sending spam

Discussion in 'Installation/Configuration' started by nokia80, Mar 26, 2012.

  1. nokia80

    nokia80 HowtoForge Supporter

    hi all

    when i do postqueue -p i see a error list

    .... Email addresses removed by admin ....

    because this problem mysql fails please any ideas
     
    Last edited by a moderator: Mar 26, 2012
  2. sjau

    sjau Local Meanie

    you first have to figure out where the spam is being sent from. What does the mail.log say about it?
     
  3. nokia80

    nokia80 HowtoForge Supporter

    problem solved thanks to till
     
  4. edge

    edge HowtoForge Supporter

    Maybe it's a good idea to remove all the email addresses that you posted in your 1st post.
    Spam bot's will index them, causing the users to get even more spam!
     
  5. vaio

    vaio New Member

    Hello,
    how did you solve it?

    I got spam sended from my server today... Please help me.
    Thanks,
    V.
     
  6. pititis

    pititis Member

    First step is to know the source of your problem. Can you give us more details or mail log?
     
  7. vaio

    vaio New Member

    Hello pititis,
    it looks like this:


    Code:
    -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
    5D40D42AA19* 4331 Fri Jul 20 02:24:11 marketing@somemail.tld
    (lost connection with mg.atlantech.tld[209.183.192.125] while receiving the initial server greeting)
    cjdouglass@xx.tld
    (connect to xxx.tld[203.92.211.31]:25: Connection timed out)
    cosmos@xx.tld
    craft@xx.tld
    (connect to athena.athenet.tld[209.103.196.19]:25: Connection timed out)
    cmuller@xx.athenet.tld
    creative@athena.xx.tld
    deanna.xxx@ast.lmco.tld
    
    7953842A607* 4428 Wed Jul 18 15:30:33 marketing@somemail.tld
    (connect to flash.laxxxxeheadu.ca[xx.xx.xx.xxx]:25: Connection refused)
    dly@flash.xx.ca
    (connect to fn1.freenet.xxxx.ab.ca[216.xxx.xx.xxx]:25: Connection timed out)
    karpo@fn1.freenet.xxxxx.ab.ca
    xx@xxxx.tld
    
    
    7953842A607* 4428 Wed Jul 18 15:30:33 marketing@somemail.tld
    (connect to flash.lakeheadu.ca[65.39.15.21]:25: Connection refused)
    dly@flash.lakeheadu.ca
    (connect to fn1.freenet.edmonton.ab.ca[216.xxx.xxx.xx]:25: Connection timed out)
    karpo@fn1.freenet.xx.ab.ca
    rthommen@xx.net
    
    24CFB42AA0F* 3029 Fri Jul 20 11:28:45 marketing@somemail.tld
    (host mx.xx.ca[24.xxx.xxx.37] refused to talk to me: 452 try later)
    genesismarketing@xxxx.xx
    xxxxx@videotron.xx
    (connect to mx3.wellsfargo.tld[151.151.26.152]:25: Connection refused)
    george.bloomfield@wachoviasec.tld
    (host mxb-000c7201.gslb.xx.tld[xxx.xxx.xxx.xx] refused to talk to me: 554 Blocked - see https://support.proofpoint.tld/dnsbl-lookup.cgi?ip=192.168.0.1)
    Gerard.xx@wal-xxxx.tld
    georgina.xx@xxxx-xxxx.tld
    NOTE: i have masked or deformed addresses and IP's.


    It sends from email address i have first disabled, but than completly deleted...

    Any suggestions?
    THANKS
     
  8. sjau

    sjau Local Meanie

    you have to find out from which account it is being sent
     
  9. vaio

    vaio New Member

    Hello friend,
    it is always being sent from one account - one email, for example marketing@xxxxx.tld, but i have online and manually checked this xxxxx.tld website and doesn't seem to be leaking...

    Is it possible to find out some other way?
    Thanks for efforts!!
     
  10. sjau

    sjau Local Meanie

    well, one can put any sender into.... so are you sure it's being sent from that account? You could also alter PHP in such a way that it logs when the php mail() is being used and store from where it was used...
     
  11. vaio

    vaio New Member

    Hey Sjau,
    would you be so kind and give me example or point me to some online example? I am so-so by programming - still learning hehe.

    What if i don't use php mailer? I remember on some Wordpress it didn't work and had to set SMTP settings...

    Thank you for advices :)
     
  12. sjau

    sjau Local Meanie

    you have to find out first who sends the spam and where it is sent from... is it a hacked account, is it a rogue php script.... after that you can take measures.
     
  13. pititis

    pititis Member

    The easy way is looking your mail.log

    Please post your mail.log with the suspicious senders/email. More details more easy.

    To enable php to log the mail() please read this:

    http://www.howtoforge.com/forums/showthread.php?t=53617

    Don't worry you don't need advanced linux skills

    Cheers
     

Share This Page