spam sending from my server

Discussion in 'Installation/Configuration' started by nokia80, May 13, 2010.

  1. nokia80

    nokia80 Member HowtoForge Supporter

    hello

    all for some days my server sent spam code that says one thing.


    May 13 12:58:45 ns2 postfix/qmgr[3314]: C6DB6232457: from=, size=1140, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: CF09223232A: from=, size=1139, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: 0E2EB23244C: from=, size=1156, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: 08470232435: from=, size=1131, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: 0E827232459: from=, size=1150, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: 574D3232371: from=, size=1147, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: 1FB282324EA: from=, size=1142, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: 17267232421: from=, size=1133, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: 304A5232455: from=, size=1171, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: 3C9B8232466: from=, size=1146, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: F2FBA23244E: from=, size=1132, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: DC0B4232422: from=, size=1164, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: DE73423234B: from=, size=1202, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: DCC09232388: from=, size=1153, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: 4A1EA232427: from=, size=1146, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: 641A823232D: from=, size=1171, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: 61FF023242F: from=, size=1141, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: 7ACAF23234D: from=, size=1190, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: 766CC232468: from=, size=1131, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: 78D6423246C: from=, size=1143, nrcpt=1 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: 2B4CD2322E4: from=, size=18878, nrcpt=5 (queue active)
    May 13 12:58:45 ns2 postfix/qmgr[3314]: 8B938232396: from=, size=1176, nrcpt=1 (queue active)



    thanks a lot

    michael
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Hi,

    please check if your server is a open relay:

    http://www.abuse.net/relay.html

    If thats not the case, then there are 2 common possibilitys:

    a) There is a vulnerable cms or contact form on your system that is misused to send spam. You can find the script with this tutorial, if its written in PHP:

    http://www.howtoforge.com/how-to-log-emails-sent-with-phps-mail-function-to-detect-form-spam

    b) A hacker knows the password of a smtp account. To check this, look at the mail log to see if someone authenticates with a smtp password when a new spam sending "wave" begins.
     
  3. nokia80

    nokia80 Member HowtoForge Supporter

    hello till


    I just sent a mail i' have been doing one week to try to find out what it is I agree with your help and price

    with kind regards michael
     

Share This Page