1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

QMail spam suspicions...

Discussion in 'Plesk for Linux - 8.x and Older' started by EnigmaBurn, Jun 20, 2006.

  1. EnigmaBurn

    EnigmaBurn Guest

    I am hoping one of you *nix people can clue me on what is really going on. I know nothing of QMail, and have only research it tiny bit before seeking your insight.

    Now we all know of various spoofs and exploits that spammers use to send email from servers and supposedly valid accounts, this has me worried. I am on a dedicated Plesk 7.5 running Fedora core Linux - I send a couple emails a day at best via the ONLY account I have on it (but there are 50 domains on it, but I cannot vouche for how many emails are sent from those domains), still it should not be that much - I would guess outgoing mail is not more than 100 a day, and incoming - due only to spam is no more than maybe 500-1000.

    The point is as my site has gained popularity I have noticed an increase in 'bounced' messages and rather regularly I get 'mail could not be delviered' messages on my main account - messages I never initiated anyway...?

    When I connect to the server and run 'top' I can see that there are multiple 'qmaild' procecesses and specifically qmail-smtp processes running... Now I am not sending mail? Maybe somebody on the other 50 domains is, but it still seems like these process are too numerous, and seem to be running too long (sometimes as much as an hour), to be innocuous...?

    Is something going on here - or is this all innocent and I am being paranoid?

    Thanks in advance!
  2. jamesyeeoc

    jamesyeeoc Guest

    You should not have the server set to 'bounce', use 'reject' instead. Then emails addressed to non-existant users will be stopped at the SMTP level, and qmail will not see them. Nor will any bounce message be sent back to (mostly) non-existant From or Reply-to addresses which the spammers use.

    Bounce messages to bad spammer return addresses will cause 'delivery failure' messages.

    Also make sure your mail settings are for SMTP Auth, not POP3 auth.

    If your site has any PHP scripts (forums, formmail, etc) make *sure* they are secure and not exploitable.

    Make sure you are prepared *beforehand* - secure kernel, mod_security, rkhunter, chkrootkit, anti-virus (multiple if possible), spamassassin, qmail-scanner, the list can go on....