Prevent sending spam

[bonjurkes]

Hello,

I got an abuse report for sending spam mails from my server. I have like 45 domains on my server (not all of them are mine) and i really dont know which site is causing it. I guess there must be a security flow at one of their scripts.

Anyway, the only solution is stopping qmail, checking all mails 1 by 1 and then deleting the spam mails. But if there is much mail like 1000 with spam mails, plesk gets frozen.

The sender of the spam mails looks like anonymous@hostname, hostname is our main domain so its like [email protected]. So i cant find the original sender, i mean from which domain it sent.

Is there a program that can scan outgoing mails and delete the spam ones by using rules?

 

[atomicturtle]

Sure, qmail-scanner will scan both incoming and outgoing mail for spam. You can set a threshold on when to delete, or reject messages based on the spam score. Id start by setting that up to contain the damage, and then looking through your logs to figure out where this is coming from. If you capture a message (you can set qmail-scanner to quarantine as well), look at the senders user id in the headers, if its 48 and/or apache, then its through a web app. If its 110 and/or popuser, then its through a compromised email account.

 

[bonjurkes]

hey,

i installed qmail scanner using atomic's repo, but i guess it messed up something because i can't even send a message from my server to my users.