help my server is sending spam

Discussion in 'Installation/Configuration' started by nokia80, Mar 26, 2012.

  1. nokia80

    nokia80 Member

    hi all

    when i do postqueue -p i see a error list

    .... Email addresses removed by admin ....

    because this problem mysql fails please any ideas
     
    Last edited by a moderator: Mar 26, 2012
  2. sjau

    sjau Local Meanie Moderator

    you first have to figure out where the spam is being sent from. What does the mail.log say about it?
     
  3. nokia80

    nokia80 Member

    problem solved thanks to till
     
  4. edge

    edge Active Member Moderator

    Maybe it's a good idea to remove all the email addresses that you posted in your 1st post.
    Spam bot's will index them, causing the users to get even more spam!
     
  5. vaio

    vaio New Member

    Hello,
    how did you solve it?

    I got spam sended from my server today... Please help me.
    Thanks,
    V.
     
  6. pititis

    pititis Member

    First step is to know the source of your problem. Can you give us more details or mail log?
     
  7. vaio

    vaio New Member

    Hello pititis,
    it looks like this:


    Code:
    -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
    5D40D42AA19* 4331 Fri Jul 20 02:24:11 [email protected]
    (lost connection with mg.atlantech.tld[209.183.192.125] while receiving the initial server greeting)
    [email protected]
    (connect to xxx.tld[203.92.211.31]:25: Connection timed out)
    [email protected]
    [email protected]
    (connect to athena.athenet.tld[209.103.196.19]:25: Connection timed out)
    [email protected]
    [email protected]
    [email protected]
    
    7953842A607* 4428 Wed Jul 18 15:30:33 [email protected]
    (connect to flash.laxxxxeheadu.ca[xx.xx.xx.xxx]:25: Connection refused)
    [email protected]
    (connect to fn1.freenet.xxxx.ab.ca[216.xxx.xx.xxx]:25: Connection timed out)
    [email protected]
    [email protected]
    
    
    7953842A607* 4428 Wed Jul 18 15:30:33 [email protected]
    (connect to flash.lakeheadu.ca[65.39.15.21]:25: Connection refused)
    [email protected]
    (connect to fn1.freenet.edmonton.ab.ca[216.xxx.xxx.xx]:25: Connection timed out)
    [email protected]
    [email protected]
    
    24CFB42AA0F* 3029 Fri Jul 20 11:28:45 [email protected]
    (host mx.xx.ca[24.xxx.xxx.37] refused to talk to me: 452 try later)
    [email protected]
    [email protected]
    (connect to mx3.wellsfargo.tld[151.151.26.152]:25: Connection refused)
    [email protected]
    (host mxb-000c7201.gslb.xx.tld[xxx.xxx.xxx.xx] refused to talk to me: 554 Blocked - see https://support.proofpoint.tld/dnsbl-lookup.cgi?ip=192.168.0.1)
    [email protected]
    [email protected]
    NOTE: i have masked or deformed addresses and IP's.


    It sends from email address i have first disabled, but than completly deleted...

    Any suggestions?
    THANKS
     
  8. sjau

    sjau Local Meanie Moderator

    you have to find out from which account it is being sent
     
  9. vaio

    vaio New Member

    Hello friend,
    it is always being sent from one account - one email, for example [email protected], but i have online and manually checked this xxxxx.tld website and doesn't seem to be leaking...

    Is it possible to find out some other way?
    Thanks for efforts!!
     
  10. sjau

    sjau Local Meanie Moderator

    well, one can put any sender into.... so are you sure it's being sent from that account? You could also alter PHP in such a way that it logs when the php mail() is being used and store from where it was used...
     
  11. vaio

    vaio New Member

    Hey Sjau,
    would you be so kind and give me example or point me to some online example? I am so-so by programming - still learning hehe.

    What if i don't use php mailer? I remember on some Wordpress it didn't work and had to set SMTP settings...

    Thank you for advices :)
     
  12. sjau

    sjau Local Meanie Moderator

    you have to find out first who sends the spam and where it is sent from... is it a hacked account, is it a rogue php script.... after that you can take measures.
     
  13. pititis

    pititis Member

    The easy way is looking your mail.log

    Please post your mail.log with the suspicious senders/email. More details more easy.

    To enable php to log the mail() please read this:

    http://www.howtoforge.com/forums/showthread.php?t=53617

    Don't worry you don't need advanced linux skills

    Cheers
     

Share This Page