KrazyBob
Regular Pleskian
Somehwere on a Linux Plesk 8.2 server is a hole that is allowing spammers from all over the world to spam through. I am blocking IP's as fast as possible, but this isn't the solution. It seems that even with mail stopped from within Plesk the mail still flows. Stopping mail from SSH with
does not stop the flow.
I have modified the sendmail file to show PHP senders and none seem to appear. All users are reported to have changed their passwords and by the looks of their passwords, they are secure and not dictionary.
The symptom is running out of SMTP connections and this is being logged in /var/log/messages as xinetd stopping for 30 seconds.
qmail-smtpd appears to be the sending mechanism.
The OS is CentOS 4.5 on Virtuozzo 3.0
running the PID using lsof -p <PID> doesn't reveal anything helpful.
I simply do not know where to look further.
Code:
/usr/local/psa/admin/bin/mailmng --stop-qmail-send
does not stop the flow.
I have modified the sendmail file to show PHP senders and none seem to appear. All users are reported to have changed their passwords and by the looks of their passwords, they are secure and not dictionary.
The symptom is running out of SMTP connections and this is being logged in /var/log/messages as xinetd stopping for 30 seconds.
Code:
Jul 11 12:51:47 abb01 xinetd[13631]: Activating service smtp
Jul 11 12:51:48 abb01 xinetd[13631]: Deactivating service smtp due to excessive incoming connections. Restarting in 30 seconds.
Jul 11 12:52:16 abb01 xinetd[13631]: Service smtp: server exit with 0 running servers
Jul 11 12:52:18 abb01 xinetd[13631]: Activating service smtp
Jul 11 12:52:18 abb01 xinetd[13631]: Deactivating service smtp due to excessive incoming connections. Restarting in 30 seconds.
qmail-smtpd appears to be the sending mechanism.
The OS is CentOS 4.5 on Virtuozzo 3.0
running the PID using lsof -p <PID> doesn't reveal anything helpful.
I simply do not know where to look further.