main site has 4000 emails, and another user has 3000 emails.. alll spam, some mortgage BS!
a) how can i mass delete all of them? It tkaes for ever with neomail. SSH? step by step, please.
b)I've since deleted all the sites from Relay for the following Hosts/Domains in email paramerters ( i did however already have POP Before SMTP Relaying checked )
c)how can i protect the server from future spam?
d) the site below (www.ONESITEWEHOST.com) does have the formmail.pl installed, but if i remember correctly we did correctly use refers etc within the script?
d) the spam seems to be looking like so:
Date: 10/28/2002 02:01:40 +0900
From: Mail Delivery Subsystem <[email protected]>
Subject: Returned mail: see transcript for details All headers
This is a MIME-encapsulated message
Reporting-MTA: dns; rmail-117.hanmail.net
Arrival-Date: Mon, 28 Oct 2002 02:01:33 +0900
Final-Recipient: RFC822; [email protected]
Diagnostic-Code: X-Unix; 552 blueprint: mbox is over quota
Last-Attempt-Date: Mon, 28 Oct 2002 02:01:40 +0900
Below is the result of your feedback form. It was submitted by [email protected] ([email protected]) on Sunday, October 27, 2002 at 11:59:32
ARE YOU CONSIDERING A FIRST OR EVEN A SECOND MORTGAGE?
MAYBE YOU JUST WANT TO DO A FEW HOME REPAIRS?
If so, let us make the process easy and stress free!
Put an end to all the hassle and endless forms you
have to fill out.
Visit us today - fill out one simple form, absolutely
FREE, and we will search thousands of lenders and
programs to find the best value for you! Why suffer
through the headache? Save your precious time and use
the power of technology to do all the work for you.
There couldnít be a better time to apply!! Take
advantage of the super low mortgage rates available!!
Itís absolutely FREE! You have nothing to lose but A
LOT to gain! Visit us today!
inetnum: 188.8.131.52 - 184.108.40.206
descr: China Netcom Corp.
descr: New Telecommunication Carrier Based on IP Backbone
remarks: This is a replacement object as they have four /17
remarks: objects in this range so we make it to one /15.
changed: [email protected] 20000314
changed: [email protected] 20000627
changed: [email protected] 20001011
changed: [email protected] 20020130
changed: [email protected] 20020703
status: ALLOCATED PORTABLE
I'm sorry these spammers are attacking you. It seems they are using your machine (220.127.116.11) to send these mails. So, your formmail script (maybe tell_friend.php?) is being used against you. I'm assuming you posted the full headers and I interpreted them correctly.
He included aol because his came from an AOL formmail.
To prevent this spam, you'll have to fix the formmail problem that I suspect you have.
To prevent spam in the future, look at the various spam blocking lists out there. There are a variety of them, with different purposes/criteria. They'll block open relays or known spammers. Be aware that there is always some chance of blocking legit email. One list takes pride in listing ISPs instead of just spam sources, so be sure the list you get is the list you want.
The contents of the sendmail que are relatively simple to remove.
Telnet into the server
use the su command to gain root access
type the following commands:
rm -rf /var/spool/mqueue/*
This will remove all queued mail on the server. You can check by typing in mailq.
to remove the main in queue
now to figure out how to remove the mail in the root/admin mailbox ( 7000 of them ) bbl
su - to root
chmod 600 <username>
chown <username>.<site#> <username>
this seems to remove the user and all his email.. can someone clear this up for me before I actully use it? I want to quickly remove all 7000 emails from the email account, using neomail, it would take a week LOL