After executing the mailq command, i saw this: (See file included) Is this something to worry about? How must i read this? Is the spammer unionchurch at infonegocio.net.pe sending spam to my server or is my server used to send spam? i deleted it from the mailqueue using the postsuper command. I do not know any of the e-mailaddresses in the output.
It looks as if your server is used to send spam... Did you check if your server's blacklisted somewhere?
Falko, I checked if my server is blacklisted on http://www.mxtoolbox.com/blacklists.aspx but it is not. Also chexked for an open relay by using http://www.abuse.net/cgi-bin/relaytest but i don't have any open relay. Now i must find out if they send spam by using my server indeed. Do you have any tip/hint for me where to start?
Hans, Are you (or any of your clients) running a "phpBB2" forum? If so, have a look in the "web/forum/pafiledb/images/screenshots" directory, and see if you can find any php files. If so, delete them!
Thank you for your reply Edge, No not one of my clients uses any forum software. The cause is difficult to find, but i start to think that perhaps insecure contactforms or Joomla modules are used by one of my clients. I have a close look to the logfiles on the moment.
It is inherent to the SMTP-protocol that mailusers can change their identity, but the ID-number of mail within the mailqueue pointed me to the right mailuser account within the maillog. I've contacted the client and the problem is solved now! Log tells nothing else then what has happened!
