Results 1 to 3 of 3
  1. #1

    Compromised QMail Server

    I don't know most of what I'm talking about since I didn't configure it, myself, so bare with me here...

    I've found that my email server has been blacklisted in a couple places and I've been trying to get it secured. It's running QMail w/ vpopmail, requiring authentication for SMTP use. So I don't think it's being used as a "relay"...

    But, I'm still finding emails put into the QMail queue I can't account for. My only assumption is that something nefarious is running on my server, sending direct through localhost.

    I cleared the queue out earlier which looked to be filled with suspicious messages hoping and since then I've had these two entries show up in the queue:

    Code:
    4 Feb 2012 08:42:03 GMT  #2973832  4676  <> 
            remote  annualsnp@admail.com.ar
    4 Feb 2012 08:45:23 GMT  #2973835  1700  <> 
            remote  susyora@visionsolutions.com
    There isn't much there to go on and none of the qmail logs are much of a help either. Is there a way to figure out where these messages originated from? Or am I just completely misreading the situation?

    Thanks in advance

  2. #2
    Join Date
    Feb 2004
    Location
    UK
    Posts
    1,431
    Hi

    One of your websites maybe is sending out the emails.

    If you dont have to use qmail then switch to another one, postfix or exim are two of the better ones, at least you can track things down a lot easier.

    Thanks

  3. #3
    Quote Originally Posted by abtme View Post
    Hi

    One of your websites maybe is sending out the emails.

    If you dont have to use qmail then switch to another one, postfix or exim are two of the better ones, at least you can track things down a lot easier.

    Thanks
    I considered that, but right I'm only hosting a single site and can account for its emailing operations.

    I'll think about switching to another one. I just hate to have the downtime and uncertainty of my mail server, since I use it for my personal, primary email address.

    I do want the experience of doing it, myself, since my former co-admin set all this up. It's always hard to get into a system someone else installed. I just wish this stuff was as easy as installing MySQL, Apache, PHP... even bind/named was easier than this seems to be.

Similar Threads

  1. Is my server compromised?
    By viettechorg in forum Hosting Security and Technology
    Replies: 6
    Last Post: 10-09-2007, 08:13 PM
  2. How to Install a proper HELP : QMAIL mail server with qmail admin and all..
    By SHELLHOSTER in forum Hosting Security and Technology
    Replies: 7
    Last Post: 08-25-2007, 05:28 AM
  3. server compromised?
    By lkbryant in forum Hosting Security and Technology
    Replies: 9
    Last Post: 10-21-2005, 05:01 PM
  4. Server Compromised
    By NameSniper in forum Dedicated Server
    Replies: 20
    Last Post: 01-27-2005, 06:10 PM
  5. Does my server be compromised?
    By asc2000 in forum Hosting Security and Technology
    Replies: 9
    Last Post: 12-25-2004, 11:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •