1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Mail Problems

Discussion in 'Plesk for Linux - 8.x and Older' started by ichthy, May 24, 2006.

  1. ichthy

    ichthy Guest

    0
     
    I've been running Plesk with no problems on my server for about a year.

    Today I found out that all email forwarding on the server is not working. Email "mailboxes" work fine, but email that's supposed to be redirected never gets delivered.

    I did the most obvious stuff like rebooting/checking disk space/etc. Here's what I see in the maillog for a vanishing email...

    Email sent
    From ichthy@pacbell.net
    To press@myserver.com
    Plesk set to forward to final@email.com

    May 24 14:58:46 myserver qmail-queue: dwlib[1756]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
    May 24 14:58:46 myserver qmail-queue: dwlib[1756]: scan: the message(drweb.tmp.UGFpBg) sent by ichthy@pacbell.net to press@myserver.com should be passed without checks, beca
    use contains uncheckable addresses
    May 24 14:58:46 myserver qmail: 1148507926.589064 new msg 6111802
    May 24 14:58:46 myserver qmail: 1148507926.589110 info msg 6111802: bytes 1310 from <ichthy@pacbell.net> qp 1757 uid 2020
    May 24 14:58:46 myserver qmail: 1148507926.626533 starting delivery 54: msg 6111802 to local 2-press@myserver.com
    May 24 14:58:46 myserver qmail: 1148507926.626580 status: local 1/10 remote 20/20
    May 24 14:58:46 myserver qmail-queue: dwlib[1761]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
    May 24 14:58:46 myserver qmail-queue: dwlib[1761]: scan: the message(drweb.tmp.rTCXuN) sent by ichthy@pacbell.net to final@email.com should be passed without checks, because contains uncheckable addresses
    May 24 14:58:46 myserver qmail: 1148507926.991796 new msg 6114893
    May 24 14:58:46 myserver qmail: 1148507926.991843 info msg 6114893: bytes 1418 from <ichthy@pacbell.net> qp 1762 uid 110
    May 24 14:58:47 myserver qmail: 1148507927.020128 delivery 54: success: did_1+1+1/qp_1761/
    May 24 14:58:47 myserver qmail: 1148507927.020171 status: local 0/10 remote 20/20
    May 24 14:58:47 myserver qmail: 1148507927.020181 end msg 6111802


    Any ideas?

    Furthermore, this is what I see when I run the following command... ps -ax |grep 'qmail'

    I know thousands of spam emails are being sent to the many email addresses on the server, but does this mean our server is being used to send spam?

    [root@asdf log]# ps -ax |grep 'qmail'
    11073 ? S 0:00 qmail-send
    11074 ? S 0:00 splogger qmail
    11075 ? S 0:00 qmail-lspawn ./Maildir/
    11077 ? S 0:00 qmail-rspawn
    11078 ? S 0:00 qmail-clean
    14710 ? S 0:00 qmail-remote meet.datingland.co.uk hawky@meet.datingland.co.uk
    14800 ? S 0:00 qmail-remote meet.love.clubnx.com barker@meet.love.clubnx.com
    15100 ? S 0:00 qmail-remote itsower.com herman.bollers@itsower.com
    15270 ? S 0:00 qmail-remote my.contactos.mibrujula.com bond007@my.contactos.mibrujula.com
    15596 ? S 0:00 qmail-remote matrixservice.com kkipxnv@firstusa.com jbarron@matrixservice.com
    16041 ? S 0:00 qmail-remote cheating-spouse-software.com Smuoku@cheating-spouse-software.com
    16042 ? S 0:00 qmail-remote 00inkjets.com cartridges@00inkjets.com
    16051 ? S 0:00 qmail-remote lhuh.com tkuwqqp@lhuh.com
    16052 ? S 0:00 qmail-remote myglobalnet.net tuolq@myglobalnet.net
    16057 ? S 0:00 qmail-remote 01shoes.com admin@01shoes.com
    16096 ? S 0:00 qmail-remote netbird.com TwilaMadrid@netbird.com
    16117 ? S 0:00 qmail-remote claudiasmail.com jeunesafonta@claudiasmail.com
    16137 ? S 0:00 qmail-remote 00inkjets.com affiliates@00inkjets.com
    16151 ? S 0:00 qmail-remote cleartouch.com unbkmoe@cleartouch.com
    16152 ? S 0:00 qmail-remote lucymail.com amedivester@lucymail.com
    16162 ? S 0:00 qmail-remote 1-way.com alex@1-way.com
    16169 ? S 0:00 /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
    16178 ? S 0:00 qmail-remote 1-way.com alex@1-way.com
    16186 ? S 0:00 qmail-remote wimol.ksc.co.th dongkilian@wimol.ksc.co.th
    16204 ? S 0:00 bin/qmail-queue
    16217 ? S 0:00 qmail-remote cumbriamail.com korinnae@cumbriamail.com
    16230 ? S 0:00 qmail-remote donau.in-ulm.de croso@donau.in-ulm.de
    16252 pts/0 S 0:00 grep qmail
     
  2. ichthy

    ichthy Guest

    0
     
    Problem fixed. Turned out it was a poorly written perl script that was being exploited by spammers...
     
Loading...