Need Help !!

Hello Guys,

I need your help urgently. Have i been hacked/relay?! I need your help urgently in order for me to solve the problem.

Thanks

Mode


Below showing partially of the log file from postfix.


Nov 24 15:49:02 serv postfix/qmgr[11507]: 6659A65440C: from=<[email protected]>, size=2094, nrcpt=100 (queue active)
Nov 24 15:49:02 serv postfix/qmgr[11507]: 60013654423: from=<[email protected]>, size=2093, nrcpt=100 (queue active)
Nov 24 15:49:02 serv postfix/qmgr[11507]: 6CC2C654429: from=<[email protected]>, size=2097, nrcpt=100 (queue active)
Nov 24 15:49:02 serv postfix/qmgr[11507]: 428BC6543C4: from=<[email protected]>, size=2089, nrcpt=100 (queue active)
Nov 24 15:49:02 serv postfix/qmgr[11507]: D0E1D65443F: from=<[email protected]>, size=2109, nrcpt=100 (queue active)
Nov 24 15:49:02 serv postfix/qmgr[11507]: CA184654427: from=<[email protected]>, size=2105, nrcpt=100 (queue active)
Nov 24 15:49:02 serv postfix/qmgr[11507]: 5B82465442B: from=<[email protected]>, size=2087, nrcpt=100 (queue active)
Nov 24 15:49:02 serv postfix/qmgr[11507]: 86EC065442A: from=<[email protected]>, size=2104, nrcpt=100 (queue active)
Nov 24 15:49:02 serv postfix/qmgr[11507]: 8936A654422: from=<[email protected]>, size=2092, nrcpt=100 (queue active)
Nov 24 15:49:02 serv postfix/qmgr[11507]: 82248654421: from=<[email protected]>, size=2086, nrcpt=100 (queue active)
Nov 24 15:49:02 serv postfix/smtp[6481]: 21530654457: to=<[email protected]>, relay=none, delay=563, delays=104/428/31/0, dsn=4.4.1, status=deferred (connect to ukwa111.com[208.67.219.132]:25: Connection timed out)
Nov 24 15:49:02 serv postfix/qmgr[11507]: 8335365442C: from=<[email protected]>, size=2092, nrcpt=100 (queue active)
Nov 24 15:49:02 serv postfix/qmgr[11507]: EB7FF65441D: from=<[email protected]>, size=2099, nrcpt=100 (queue active)
Nov 24 15:49:02 serv postfix/qmgr[11507]: 71E1B65441F: from=<[email protected]>, size=2105, nrcpt=100 (queue active)
Nov 24 15:49:02 serv postfix/error[6544]: 5B82465442B: to=<[email protected]>, relay=none, delay=734, delays=733/0.01/0/0.05, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to nomail.tpe.yahoo.com[208.67.219.132]:25: Connection timed out)

 

Hi Till,

First of all thanks for the reply, after i checked mail relay test using anonymous test, the result return "All tests performed, no relays accepted".

For the next comment that you quoted, i don't really understand what is "vulnerable cms or shhop system or contact form on your server" (after i try to google). Can you please kindly elaborate more?

I'm just following the perfect install fedora 9 with ISP ver 2.2.23 installed.

Truly appreciated your help again.

Mode

 

Hi Till,

Do you mean a local email user's pc infected by virus/script and use the server to send out spam? or outsider is using a script to relay the server to send out emails? or the server is infected by virus and it start sending out spam emails? If above were the case and how should i to protect the server? Is there any solution for it?

Furthermore, i have been searching high n low in the forum and googling as well but seems like nobody in the forum has been suffer from this kind of issue. I just want to find the root cause and rectify the issue asap before my IP/domain become blacklisted

TQ

Mode

 

If you want to go sure, you could change all email passwords on the server. But if the spammers are using a vulnerable web form on one of the web sites on the server, that this does not help.

 

Hi Falko,

I shall try to reset all the emails password in the server first as per your advice cause there are only 2 domains hosted in the server at this moment.

On the other hand, as per your statement on the "vulnerable web form", i don't think it is much applicable on the issue as i do not host any web sites in the 2 domain. It is purely meant for emails only thus the 2 domain is still on the default page of ISPConfig.

I shall post back the feed back.

TQ

Mode