Hello, I use Qmail on mail server. From today is my IP on many blacklist, reason is spam. In mail.log I find many spam from one IP, here is log: Code: Feb 19 23:07:10 mailserver qmail-scanner-queue.pl: qmail-scanner[13046]: Clear:RC:0(68.114.99.137): 0.297978 1262 support@merchant [email protected] You_Have_One_New_Message <1329689230107213046@mailserver> mailserver132968922977713046-unpacked:1262 I stopped also apache, but spam go next.
Code: # cat /etc/tcp.smtp 127.:allow,RELAYCLIENT="" Code: telnet mailserver 25 Trying mailserver... Connected to mailserver. Escape character is '^]'. 220 mail.example.com ESMTP helo test 250 mail.example.com mail from: support@merchant 250 ok rcpt to: [email protected] 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
As a first measure you can block that IP: http://www.howtoforge.com/forums/showpost.php?p=38142&postcount=4 Then find out if you are an open relay: http://www.spamhelp.org/shopenrelay/ If you are not, try to find out if the spammer is abusing a web application: http://www.howtoforge.com/how-to-log-emails-sent-with-phps-mail-function-to-detect-form-spam If so, update your web applications. If that's not the case, the spammer probably knows the login details of an email account, so you might have to change your passwords.
