N
nullsystems
Guest
Earlier today I found that my server had been used to send over 192,000 emails in 4 days.
I couldnt believe my eyes.
So, I decided to take some action:
FIRST STOP YOUR MAIL SERVER !
/etc/init.d/./qmail stop
1. Mail > Settings > White List.
Make sure only 127.0.0.1/32 is allocated. ( revised )
2. Domain > Group Opperations:
Select "Reject" to all failed mail on all domains
3. Mail > Settings:
Relay control to "Authorization Required" and select both SMTP and POP locks
4. /var/qmail/control/
Edit your rcpthosts file to include only domains you wish to allow mail for. ( I may be wrong, this is what ive done, perhaps its incorrect or incomplete, any ideas? I will then edit this piece. ).
4a. Are there any other files in the /var/qmail/control which will allow mail sending, and receiving from only the domains hosted on the server?
5. SSH ( or local ), /var/qmail/bin/
Perform: /qmail-qstat and /qmail-queue
Both these commands will confirm you have a queue of spam, you will be able to easily detect what is being used as spam, most will say (bounce) afterwords with some random addresses you dont recognise.
What you need to do now is clear the queue.
1. Download from: http://www.stuckiniowa.com/how-to-clear-clean-qmail-queue-instantly-blog-78/
2. Run this shell script, after first making sure it is valid and the directories are correctly located using your favorite editor, such as vi, nano etc.
This script should remove the mail queue from your Qmail /var/qmail/ directories.
This script finnished and I ran the /qmail-qstat command from /var/qmail/bin directory. This was the final output:
messages in queue: 0
messages in queue but not yet preprocessed: 0
Success. All spam deleted. Now im waiting to see if the changes I made will make a difference, will keep you updated.
RESTART YOUR MAIL SERVER
Anyone got any notes, messages, changes or helpfull hints?
Have I gone wrong somewhere, is there anything else you could do?
This was in aid to help solve the constant qmail spam and relay problems.
I couldnt believe my eyes.
So, I decided to take some action:
FIRST STOP YOUR MAIL SERVER !
/etc/init.d/./qmail stop
1. Mail > Settings > White List.
Make sure only 127.0.0.1/32 is allocated. ( revised )
2. Domain > Group Opperations:
Select "Reject" to all failed mail on all domains
3. Mail > Settings:
Relay control to "Authorization Required" and select both SMTP and POP locks
4. /var/qmail/control/
Edit your rcpthosts file to include only domains you wish to allow mail for. ( I may be wrong, this is what ive done, perhaps its incorrect or incomplete, any ideas? I will then edit this piece. ).
4a. Are there any other files in the /var/qmail/control which will allow mail sending, and receiving from only the domains hosted on the server?
5. SSH ( or local ), /var/qmail/bin/
Perform: /qmail-qstat and /qmail-queue
Both these commands will confirm you have a queue of spam, you will be able to easily detect what is being used as spam, most will say (bounce) afterwords with some random addresses you dont recognise.
What you need to do now is clear the queue.
1. Download from: http://www.stuckiniowa.com/how-to-clear-clean-qmail-queue-instantly-blog-78/
2. Run this shell script, after first making sure it is valid and the directories are correctly located using your favorite editor, such as vi, nano etc.
This script should remove the mail queue from your Qmail /var/qmail/ directories.
This script finnished and I ran the /qmail-qstat command from /var/qmail/bin directory. This was the final output:
messages in queue: 0
messages in queue but not yet preprocessed: 0
Success. All spam deleted. Now im waiting to see if the changes I made will make a difference, will keep you updated.
RESTART YOUR MAIL SERVER
Anyone got any notes, messages, changes or helpfull hints?
Have I gone wrong somewhere, is there anything else you could do?
This was in aid to help solve the constant qmail spam and relay problems.