Facebook
Twitter
S
seanstephens
Guest
Hello All,
I have a serious problem, as now my server has been added to multiple blacklists and I am getting complaints from all over the place about email.
The problem is that somehow a non local user was able to send out thousands of emails using my server and some of those emails were spamtrap addresses.
Now I have smtp relaying allowed WITH AUTHENTICATION REQUIRED of course! How is it that a person with an email address not even from my server is allowed to send email?
I only have 1 domain installed on the server with php turned on and I've checked all over the place for a hidden script or something and I cant find one. Also in the maillogs I can see that its actually using the Qmail user to send the email. (Not sure if even when you use php to send an email if it gets logged as the apache user or only qmail, perhaps somebody could clarify that for me as well!)
Another issue that I noticed is that all these emails are getting logged in the mail queue, and in the headers of the email its actually showing:
Received: from unknown (HELO User)
Now this strikes me as bizare because normally there is a mailserver in there with some domain info. Why does qmail allow email to be sent from an unknown source if it requires it to be authenticated before sending?
I can always just blacklist that domain from sending email from my server, but I would love to know how this is possible so I can try and prevent it from happening in the future. If anybody has any insight into these issues it would be greatly appreciated.
Thanks Much!
I have a serious problem, as now my server has been added to multiple blacklists and I am getting complaints from all over the place about email.
The problem is that somehow a non local user was able to send out thousands of emails using my server and some of those emails were spamtrap addresses.
Now I have smtp relaying allowed WITH AUTHENTICATION REQUIRED of course! How is it that a person with an email address not even from my server is allowed to send email?
I only have 1 domain installed on the server with php turned on and I've checked all over the place for a hidden script or something and I cant find one. Also in the maillogs I can see that its actually using the Qmail user to send the email. (Not sure if even when you use php to send an email if it gets logged as the apache user or only qmail, perhaps somebody could clarify that for me as well!)
Another issue that I noticed is that all these emails are getting logged in the mail queue, and in the headers of the email its actually showing:
Received: from unknown (HELO User)
Now this strikes me as bizare because normally there is a mailserver in there with some domain info. Why does qmail allow email to be sent from an unknown source if it requires it to be authenticated before sending?
I can always just blacklist that domain from sending email from my server, but I would love to know how this is possible so I can try and prevent it from happening in the future. If anybody has any insight into these issues it would be greatly appreciated.
Thanks Much!
