Mail "bombing" after SquirrelMail installation?

Discussion in 'Server Operation' started by ggouts, Aug 26, 2006.

  1. ggouts

    ggouts New Member

    Hi all,

    I used the Perfect Setup of SuSE 9.3 for my server, and all went well!
    My server has an uptime of about three months without any problem. A week ago I decided to install SquirrelMail so as I can view my e-mails from everywhere, but suddenly I started receiving tons (about 3000) of e-mails from my Email Delivery System which was informing me about Undelivered mails. The sender is <[email protected]> and the receipient is [email protected]. In these emails I can see other e-mail addresses (receipients), i.e.:

    This is the Postfix program at host mail.domain.gr.

    I'm sorry to have to inform you that your message could not
    be delivered to one or more recipients. It's attached below.

    For further assistance, please send mail to <postmaster>

    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.

    The Postfix program

    <[email protected]>: host mail.saso.com[64.14.68.53] said: 511 sorry, no
    mailbox here by that name (#5.1.1 - chkuser) (in reply to RCPT TO command)


    I don't know if I misconfigured SquirrelMail, I don't know even if this webmail system is responsible for the e-mails I keep receiving....
    A quick solution I thought of is to stop postfix running, but know I can not receive any mail!!!!!!
    Is there a way to stop this happening?

    Thanks a lot,
    John
     
    Last edited: Jun 10, 2007
  2. falko

    falko Super Moderator ISPConfig Developer

    As wwwrun is the Apache user on SuSE systems, I'm almost sure that someone is abusing some web application on your server (e.g. a guest book, a forum (maybe phpBB?), etc.) for sending spam. You should check your mail log and your Apache logs to find out what's going on.
     
  3. ggouts

    ggouts New Member

    Hello everyone,

    OK, this is fair enough, but what am I looking for?
    I' m really sorry for this stupid question, but I can't figure out what is going on in here....!
    By the way, since I shut SquirrelMail site down, there are no e-mails in Postfix's queue. Is that OK or my mail server delivers tons of e-mails to others?
    I' m sure that the answer is in my log files, but I can't figure out, where to look for....

    Any help?

    Thanks again,
     
  4. falko

    falko Super Moderator ISPConfig Developer

    The logs are in /var/log. Please check if some unappropriate/unexpected action is logged there.
     

Share This Page