Results 1 to 11 of 11
  1. #1
    Join Date
    May 2004
    Location
    Toronto, Canada
    Posts
    632

    Server being used to send spam.

    Hello,

    I have had this problem for a long time but now it is getting worse.
    Someone is using my server to send email and it is not coming from my server. Someone else is using my server to send out spam and that spam is getting thrown in my Mail Queue. I have around 300000 mails in the queue. Is there anything I can do to block this. I have looked around and cannot find the solution. Even my server load is around 10. Here is the TOP command preview:

    ==========================
    Tasks: 151 total, 1 running, 145 sleeping, 3 stopped, 2 zombie
    Cpu(s): 19.1% us, 6.7% sy, 0.0% ni, 14.6% id, 58.4% wa, 0.0% hi, 1.1% si
    Mem: 514356k total, 499580k used, 14776k free, 28352k buffers
    Swap: 2562328k total, 35544k used, 2526784k free, 81632k cached

    PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
    9608 mailnull 16 0 11176 3524 2584 S 7.9 0.7 0:00.04 exim
    9640 mailnull 16 0 11856 3520 2580 S 7.9 0.7 0:00.04 exim
    9636 mailnull 18 0 11852 3460 2560 D 5.9 0.7 0:00.03 exim
    9642 root 16 0 11360 3364 2484 D 5.9 0.7 0:00.03 exim
    29393 mailnull 18 0 14872 9124 1272 D 2.0 1.8 0:02.23 exim
    1 root 15 0 3636 476 448 S 0.0 0.1 1:04.41 init
    2 root RT 0 0 0 0 S 0.0 0.0 0:02.14 migration/0
    3 root 34 19 0 0 0 S 0.0 0.0 0:00.07 ksoftirqd/0
    4 root RT 0 0 0 0 S 0.0 0.0 0:02.08 migration/1
    5 root 34 19 0 0 0 S 0.0 0.0 0:00.09 ksoftirqd/1
    6 root 5 -10 0 0 0 S 0.0 0.0 0:00.07 events/0
    7 root 5 -10 0 0 0 S 0.0 0.0 0:00.00 events/1
    8 root 6 -10 0 0 0 S 0.0 0.0 0:00.00 khelper
    9 root 15 -10 0 0 0 S 0.0 0.0 0:00.00 kacpid
    29 root 5 -10 0 0 0 S 0.0 0.0 0:00.00 kblockd/0
    30 root 5 -10 0 0 0 S 0.0 0.0 0:00.00 kblockd/1
    40 root 15 0 0 0 0 S 0.0 0.0 0:12.00 pdflush



    ==========

    Thank you.
    Hussain Baig - 1-866-954-6747
    Toronto based VPS - Dedicated Servers - Colocation
    VPS Fusion - Providing scalable and reliable hosting solutions.

  2. #2
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,574
    MediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
    The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business

  3. #3
    Join Date
    May 2004
    Location
    Toronto, Canada
    Posts
    632
    Can anybody help me out so I can learn... It wouldn't help me if I pay someone to do it and it ends up happening again.
    Hussain Baig - 1-866-954-6747
    Toronto based VPS - Dedicated Servers - Colocation
    VPS Fusion - Providing scalable and reliable hosting solutions.

  4. #4
    Join Date
    Oct 2003
    Posts
    566
    shutdown -h now

  5. #5
    Join Date
    Dec 2004
    Posts
    350
    first question is why you are allowing your sever to run as an open relay.

    1) killall exim
    2) delete all messages from queue
    3) learn how to use google
    4) search for exim+pop+before+smtp
    http://www.google.com/search?q=exim+...en-US:official

    or

    exim+smtp_auth
    http://www.google.com/search?hs=fbR&...22&btnG=Search

    My additional advice would be to block all traffic to the box until you learn how to manage/secure it properly

    Good Luck

  6. #6
    Join Date
    May 2004
    Location
    Toronto, Canada
    Posts
    632
    How do you diable the server from running as an Open Relay
    Hussain Baig - 1-866-954-6747
    Toronto based VPS - Dedicated Servers - Colocation
    VPS Fusion - Providing scalable and reliable hosting solutions.

  7. #7
    Join Date
    Dec 2004
    Posts
    350
    Originally posted by dbgohan
    How do you diable the server from running as an Open Relay
    That's where Step3: comes in "google"

    though a strong hint would be to read Step4

  8. #8
    Join Date
    May 2004
    Location
    Toronto, Canada
    Posts
    632
    I have looked at those results and am a bit confused at which page to actually follow.... There are too many pages with useless information.
    Hussain Baig - 1-866-954-6747
    Toronto based VPS - Dedicated Servers - Colocation
    VPS Fusion - Providing scalable and reliable hosting solutions.

  9. #9
    Join Date
    May 2004
    Location
    Toronto, Canada
    Posts
    632
    Which one of these would you recommend?

    DRAC
    popbsmtp
    EXACT
    smtp-poplock
    Hussain Baig - 1-866-954-6747
    Toronto based VPS - Dedicated Servers - Colocation
    VPS Fusion - Providing scalable and reliable hosting solutions.

  10. #10
    Join Date
    Dec 2004
    Posts
    350
    I'd recommend SMTP_AUTH, or alternatly pop-before-smtp

    I've used the later w/ sendmail and have had no problems, The prior (smtp_auth) is the current method used (they both do pretty much the same thing)

    The others you've listed I've never heard of, nor have I used so I can't really say.

    As far as which link to follow, that would depend on which method you decide to use. I wouldn't bother with lists, but instead looking for a well written how-to.

    I'm not intentionally trying to be harsh, but I firmly believe that giving someone the answers isnt' going to do a thing for you.

    I could set it up for you, give you step by step instructions, but in the end you'd gain nothing out of it.

    I'll point you in the right direction, provide insight or advice to direct questions, but I wont' do the leg work for you.

    You're taking it upon yourself to run a server. For that I commend you, but there's more to it than installing Linux, and asking for help.

    [with the power of root comes great responcibility]

    If at all possible I'd suggest you take your server off "live" status.
    (this can be done by denying all but local traffic to everything via your firewall)

    From there go to the site of the dist you're using they usually have various how-to's or google for security tips for linux or your dist.

    There's more to securing your box than preventing relaying of email (actually that is a rather small matter) compared to other things you may have left yourself open to.

    Some tips on this can be found at http://www.linuxgazette.com/issue58/sharma.html

    please note this is by no means complete.

    Good luck

  11. #11
    Join Date
    May 2004
    Location
    Toronto, Canada
    Posts
    632
    my stupid server just got hacked..... check this out.

    http://www.webhostingtalk.com/showth...hreadid=424748
    Hussain Baig - 1-866-954-6747
    Toronto based VPS - Dedicated Servers - Colocation
    VPS Fusion - Providing scalable and reliable hosting solutions.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •