1 of my servers is rarely letting any of my hosting clients pop the server to collect their mail. maybe 1 in 10 tries gets them access. im at a loss, this has been going on for a week.
i have just logged onto the server via ssh, and run mailq - to see what is in the mail queue. there is at least 100 emails sitting in there, all saying connection was denied by the recipient. am i being used for spam?
100 does not seem like a lot. What span of time do they cover?
Are they all from the same account? May be a virus on that user's pc doing it. Is the server just overloaded? (type 'top' to see what resources are in use.)
Another thought. Last time we saw this on our own Raq it was a user with anti-spam software that automatically send a faked 'bounce' message to the spammer. Of course most of these were undeliverable as the spammers were using faked addresses, so they ended up in the mail queue.
i looked at the mail q from midnight commander, and there were tons in there. so i had a look at most of them definately resembled spam. so whether this was right or not, i deleted them all. and the mail q just starts to fill up with emails straight away, probably 10 a minute or more..
Sounds like a user spamming. You need to see what account they come from. You should be able to see that in mailq. (It will be the account name, not the email address). Suggest you change the password on that account and see what happens. Could be the user is spamming, or has chosen an easy password that someone has been able to crack.
2. Examine your maillogs for emails with a high number of recipients per wrapper. This is the number of emails specified in the To: area of an email. Often, if a spammer has found a way to exploit your system via a web form, they will send many (>100) emails per wrapper.
grep "nrcpts=[1-9][0-9]" /var/log/maillog
This will pull out the lines that have 10 or addresses specified in the email.
3. If you find that there are large numbers >100. Look at the relay. If the relay is [email protected], then you may have an insecure form on your server.
We save you time, money, and frustration by handling the server management tasks required to run an online business successfully.
No prodding required. We just do it right the first time. Red Hat, MySQL, Plesk, and cPanel certified staff.