Results 1 to 7 of 7
  1. #1

    Possible spam from server

    Hi there,

    I noticed that reported server usage from Plesk is 2.x - 3.x, so I went to mail queue (in Plesk) and saw lots of mails that shouldn't be there.

    There were several senders under the domain dedibox.fr sendint LOTS of emails to lots of addresses in the same email. There shouldn't be a sender @dedibox.fr, as that domain isn't hosted on our dedicated server.

    I know little about Linux administration... I tried going to the /var/log folder and grep for dedibox on the messages and maillog files, but nothing found...

    How can I know if someone connected to our server as an user or something like that?

    Thanks in advance.
    Everyday above ground is a good day.

  2. #2
    Join Date
    May 2009
    Location
    SLASH ROOT
    Posts
    853

  3. #3
    get yourself a proper outgoing filter i'd say - you can have one that filters all outgoing mail, locks spamming accounts and notifies admin about it. Quite handy if you don't want to get blacklisted
    Leading Webhosting Email Security Solutions, Incoming & Outgoing Filtering + Email Archiving!
    Clusterable, Scalable, in the Cloud or on Premises, Fully Managed, 4-Tier Control, Plugins for all Major Control Panels, and an Extensive API!
    SpamExperts - "The way email was meant to be - Simply SpamFree"
    (www.spamexperts.com)

  4. #4
    Quote Originally Posted by whrss View Post
    Seems like other hosts are relaying mails through your server.

    Perform a relay test at "http://www.mailradar.com/openrelay/".

    The mail logs can be found at "/usr/local/psa/var/log/maillog". Dig this file to get more info on the spammer.
    Thanks. I checked the relay and all seems to be OK, as reported by that website.

    Also, I downloaded the maillog file but I find nothing ... understandable.

    Here is a quote:
    Jul 14 04:31:55 mlwe358 qmail-remote-handlers[23158]: Handlers Filter before-remote for qmail started ...
    Jul 14 04:31:55 mlwe358 qmail-local-handlers[23159]: Handlers Filter before-local for qmail started ...
    Jul 14 04:31:55 mlwe358 qmail-remote-handlers[23158]: [email protected]
    Jul 14 04:31:55 mlwe358 qmail-remote-handlers[23158]: [email protected]

    But I see no login request or something like that. I was looking for a log that shows what user logs, requests the mail sending, etc...

    Quote Originally Posted by srenkema View Post
    get yourself a proper outgoing filter i'd say - you can have one that filters all outgoing mail, locks spamming accounts and notifies admin about it. Quite handy if you don't want to get blacklisted
    Thanks, but could you give an example about what filter I could use? If I could just block any outgoing emails from "dedibox" would be a huge step forward.
    Everyday above ground is a good day.

  5. #5
    Join Date
    May 2009
    Posts
    300
    You would need to go through the maillogs available at /usr/local/psa/var/log/maillog. Also check if domains have the option 'Mail to non-existing user' set to 'reject' and not to 'forward'. You can change this setting to all domains using "Group Operations" in the "Domains" tab in control panel.

  6. #6
    could you give an example about what filter I could use?
    Send me a PM and I can inform you about your options.
    Leading Webhosting Email Security Solutions, Incoming & Outgoing Filtering + Email Archiving!
    Clusterable, Scalable, in the Cloud or on Premises, Fully Managed, 4-Tier Control, Plugins for all Major Control Panels, and an Extensive API!
    SpamExperts - "The way email was meant to be - Simply SpamFree"
    (www.spamexperts.com)

  7. #7
    Join Date
    May 2009
    Location
    SLASH ROOT
    Posts
    853
    Thanks. I checked the relay and all seems to be OK, as reported by that website.
    Can I know the result of the relay test?

    Do check if your MTAs settings comply with the settings mentioned at http://kb.parallels.com/en/1394

    I would suggest you to install Atomic Rocket Turtle's qmail-scanner software.

    It combines with SA and ClamAV and if configured correctly, it will help fight spam to a large extent.

Similar Threads

  1. Replies: 3
    Last Post: 10-08-2007, 02:02 AM
  2. Replies: 0
    Last Post: 12-04-2006, 03:55 PM
  3. Replies: 3
    Last Post: 03-18-2005, 09:59 AM
  4. spam SPAM spam SPAM - everyday! barf!
    By kipasa in forum Hosting Security and Technology
    Replies: 2
    Last Post: 11-01-2003, 10:07 AM
  5. Replies: 8
    Last Post: 09-08-2003, 08:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •