1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Finding a Spammer - Qmail

Discussion in 'Plesk for Linux - 8.x and Older' started by KrazyBob, Jul 11, 2008.

  1. KrazyBob

    KrazyBob Regular Pleskian

    27
    40%
    Joined:
    Nov 28, 2006
    Messages:
    141
    Likes Received:
    0
    Somehwere on a Linux Plesk 8.2 server is a hole that is allowing spammers from all over the world to spam through. I am blocking IP's as fast as possible, but this isn't the solution. It seems that even with mail stopped from within Plesk the mail still flows. Stopping mail from SSH with

    Code:
    /usr/local/psa/admin/bin/mailmng --stop-qmail-send
    
    does not stop the flow.

    I have modified the sendmail file to show PHP senders and none seem to appear. All users are reported to have changed their passwords and by the looks of their passwords, they are secure and not dictionary.

    The symptom is running out of SMTP connections and this is being logged in /var/log/messages as xinetd stopping for 30 seconds.

    Code:
    Jul 11 12:51:47 abb01 xinetd[13631]: Activating service smtp
    Jul 11 12:51:48 abb01 xinetd[13631]: Deactivating service smtp due to excessive incoming connections.  Restarting in 30 seconds.
    Jul 11 12:52:16 abb01 xinetd[13631]: Service smtp: server exit with 0 running servers
    Jul 11 12:52:18 abb01 xinetd[13631]: Activating service smtp
    Jul 11 12:52:18 abb01 xinetd[13631]: Deactivating service smtp due to excessive incoming connections.  Restarting in 30 seconds.
    
    qmail-smtpd appears to be the sending mechanism.

    The OS is CentOS 4.5 on Virtuozzo 3.0

    running the PID using lsof -p <PID> doesn't reveal anything helpful.

    I simply do not know where to look further.
     
Loading...