Just about half an hour ago I found that my server's cpu was heavily loaded and the smtp was now working.

I restarted the mail service and a few other things and the CPU level dropped back to normal and the smtp service resumed working there.

However I decided to check my Admin mail(normally I only check my admin mail if something is wrong or every couple months).

I was Shocked to see there was 13,000 e-mails there, most e-mails that were like "Returned mail: User unknown"

Looking through random ones they all look Spam e-mails. And they look like they are mostly bouncing back from either hotmail or msn or aol or other free e-mail accounts

My questions are:

1. Does this mean a lot of spam is going through my server?

2. Are there any recent security updates for the mail service?

3. What else can I do or should I do fix whatever may be wrong?

Please any help would be appreciated.

Try this:
http://www.abuse.net/relay.html

If your server is being used as a relay or can be used as one it should tell you.

Hi Andrew,

Just last week I bailed out a client who had the exact same problem. Which RaQ are you running? If it's a RaQ3, is the POP-before-SMTP patch installed? Is it enabled? It'd better be! :)

Do you have any instances of formmail.pl on your server? Get rid of them, use something else.

If you've got a mail problem, it's likely due to one of the two above issues.

Good luck,

Brandon

My server is a Raq4

I think the problem may be that I have a couple of Matt's script formmail.pl/formmail.cgi

I am currently replacing them and that should resolve the problem.

Part of the problem is that someone can send an email from "any address". Namely, I can send a forged email from any e-mail address I want, and all the replies and bounce messages go to that person.

I caught someone doing that to one of my clients, so I forwarded all the mail to that account to a file, and put a cronjob to 0 the file every hour so all the bounces get cleared up (I estimate I had about 700,000 bounce messages in the queue). Once it's in the queue nothing to do but try to clear them all out.

It probably means you do have a spammer customer though (unless it is that pop-before-smtp patch).

Originally posted by Andrew Pakula Just about half an hour ago I found that my server's cpu was heavily loaded and the smtp was now working. I restarted the mail service and a few other things and the CPU level dropped back to normal and the smtp service resumed working there. However I decided to check my Admin mail(normally I only check my admin mail if something is wrong or every couple months). I was Shocked to see there was 13,000 e-mails there, most e-mails that were like "Returned mail: User unknown" Looking through random ones they all look Spam e-mails. And they look like they are mostly bouncing back from either hotmail or msn or aol or other free e-mail accounts. My questions are:1. Does this mean a lot of spam is going through my server? 2. Are there any recent security updates for the mail service? 3. What else can I do or should I do fix whatever may be wrong? Please any help would be appreciated.

Had the identical problem with my raq3 almost since day one. I contacted the web server firm zillions of times about this and they could never suggest any solution to the spam problem and brushed it off as unimportant, though zillions of spams were being sent every week thru my raq with false return addresses indicating falsely they were coming from my domain. This large well known international firm simply did not care. No wonder spammers get away with it!

Finally, after God knows how many zillions of Spams over 2+ yrs I figured it out myself this week. I have never used my raq to send emails (only use my local ISP). Use it exclusively to host my mostly static web-sites (290 of them).

Thanks to this forum and posting feedback and critical personal emails, it finally dawned on me that my RaQ was an open relay since the raq had all the website emails addresses listed under the menu item "Relay for following domains"

For more than 2-yrs whenever I added new virtual sites they automatically went into the Relaying Allowed List somehow, having no idea how or why the Cobalt program would insert them into that allowed list. It still does that so I have to check the list whenever a new site is put on the raq and delete the names.

After all this time I suddenly realized all I needed to do was delete all the virtual sites from the Relaying List, and that seems to have stopped the spam relaying as spams being falsely sent via my raq have dropped significantly now.

Oddly, I learned of the spamming many times due to returned mails as Andrwe Pakula did too. Some days it seems like they all strangely bounce back to me since my address was falsely used as the senders address. It seems like most of them somehow use MSN email recipient addresses. No idea why MSN.

However, I still have a problem (actually relatively minor vs the much larger and now solved open relay problem) with spammers somehow using my FormMail which is used on several sites. Next, I need to solve the formmail problem. Any ideas? Still, with the Relaying domains gone 90% or more of the outgoing spam has gone away.

There were no negatives to me deleting all the relaying allowed domains since I never use the server for sending email anyway, only for receiving some email from the web-sites.

I want to thank cbtrussell (Brandon), Chicken, Hitspot and others for finally waking me up to this issue and causing me to think about what was causing it and the obvious solution.

Too bad that happened to me with an unknowledgable and uncaring colocated hosting frim, as my spam worries is what made me so nervous about signing Hitspot's TOS. Wish that would not have happened as I really wanted to go with Hitspot and David Kiley as I thought they had the best deal plus was very impressed with their helpful personal emails and fine customer service commitment, etc.

I also regret and apologize over saying some negative things I should not have said on this forum. Thanks Chicken for alerting me to that! I really am sad I was not able to use Hitspot's excellent offer to switch my RaQ3 to his firm, wishing I could somehow redo the past as I still want to migrate away from my uncaring poor cust service colocated firm who seemingly did not care about this problem. :bawling:

Good to hear you got everything straightened out! I appreciate your candor, and your comments above. I'm sure you'll have better success with your next host... just be sure to hire a little help at first to help you get your next RaQ buttoned up! :)

Brandon

Originally posted by RealNames



I also regret and apologize over saying some negative things I should not have said on this forum. Thanks Chicken for alerting me to that! I really am sad I was not able to use Hitspot's excellent offer to switch my RaQ3 to his firm, wishing I could somehow redo the past as I still want to migrate away from my uncaring poor cust service colocated firm who seemingly did not care about this problem. :bawling:

Hi RealNames
I had a reseller account with Hitspot.net for a while before I decided to get my own server. I can tell you that you have nothing to worry about with their TOS. If there was any problems, David would gladly help you to find it and solve it. The TOS is there to protect them from unscruplulous people, not to make things difficult for you.
They have good prices, they are very helpful and honest... a class act which sometimes seems to be a rare commodity these days.

I don't know them personally, I have never met them as I live on the west coast. My comments are based on my experience with them. If I need any of their services, I wouldn't hesitate to use them again.

Originally posted by Ivan Hi RealNames, I had a reseller account with Hitspot.net for a while before I decided to get my own server. I can tell you that you have nothing to worry about with their TOS. If there was any problems, David would gladly help you to find it and solve it. The TOS is there to protect them from unscruplulous people, not to make things difficult for you. They have good prices, they are very helpful and honest... a class act which sometimes seems to be a rare commodity these days.I don't know them personally, I have never met them as I live on the west coast. My comments are based on my experience with them. If I need any of their services, I wouldn't hesitate to use them again.

Thanks, I now realize what you and others are saying is correct. I wish I could do it over again as I would love to let Hitspot host my RaQ3 and want to get away from my current firm real bad.

This entire problem was mostly due to the uncaring and unknowedgable web server firm I am with, and their non-concerned attitude about spams, now mostly solved by myself, no thanks to them.

Of course, I did way overeact to David's TOS which caught me by surprise, not dealing with TOS's before. My current firm (though one of the largest out there) oddly never had me sign a TOS when I went with their colocation service more than 2 yrs ago.

As I said before, they also oddly seem to not care about zillions of spams going thru their server from my raq for more than 2 yrs without my knowledge. Oddly, if I was really a spammer that would be a great benefit to me, rather than a negative. LOL.

Thanks for your feedback Brandon and Ivan.

Ivan and Dave (Realnames),
Thanks for the kind words. :)

Dave, We have not burned any bridges, so if you would like to use our services please contact me and I would be happy to work with you.

Regarding form-to-email spam hijacking, I would highly recommend changing to a secure form-to-email such as NMS Formail at http://nms-cgi.sourceforge.net
It works fairly well as a replacement for matt's formail.

Originally posted by hitspot Ivan and Dave (Realnames), Thanks for the kind words. :) Dave, We have not burned any bridges, so if you would like to use our services please contact me and I would be happy to work with you. Regarding form-to-email spam hijacking, I would highly recommend changing to a secure form-to-email such as NMS Formail at http://nms-cgi.sourceforge.net It works fairly well as a replacement for matt's formail.

Great, thanks David for being so understanding. Glad we did not burn any bridges :) I apologize over some things I said :bawling: Please sign me up again at your earliest convenience, no rush. We can go slowly as I will keep the acct at the other place temporarily and maintain both raq 3's until I am sure the migration went well.

Re the Formail scripts. The reason I may have to stay with the old one (I have been using for many yrs) is I am embarrased to say I simply do not know how to change it since I am not a programmer :o

P.S. Are you sure there is no hard-coded or physical limit on the number of virtual sites? I now have 301 small (mostly static) virtual sites and it still is working fine, never having even 1 crash in more than 2 yrs. I have read several postings claiming there were limits of 200 or 250 sites, that's obviously not so.

Originally posted by RealNames Great, thanks David for being so understanding. Glad we did not burn any bridges :) I apologize over some things I said :bawling: Please sign me up again at your earliest convenience, no rush. We can go slowly as I will keep the acct at the other place temporarily and maintain both raq 3's until I am sure the migration went well.

Re the Formail scripts. The reason I may have to stay with the old one (I have been using for many yrs) is I am embarrased to say I simply do not know how to change it since I am not a programmer :o

P.S. Are you sure there is no hard-coded or physical limit on the number of virtual sites? I now have 301 small (mostly static) virtual sites and it still is working fine, never having even 1 crash in more than 2 yrs. I have read several postings claiming there were limits of 200 or 250 sites, that's obviously not so.

Are you still here Hitspot? :)

Hi Dave,
Sorry to have missed your post.
I have replied to you by both email and PM.