Server is sending spam from an email account

[JasonBibby]

How to clear the mail queue?

EDIT: How can I clear the mail queue? I seem to have stopped the messages getting to the server however there's 123639 still in the queue...


# /var/qmail/bin/qmail-qstat
messages in queue: 123639
messages in queue but not yet preprocessed: 0



I know which domain the spam is being sent out from, how can I stop it connecting to the server through 1&1?

I've deleted the account and domain from parallels, however the maillog is still being over run by requests and bounce backs.

I've requested for the DNS to be changed via 1&1 however what else can I do to stop this account bombarding my server?

Thanks in advance.

 

[DaveKay]

Are you sure the emails are originating from your server?

Is a spammer using your email address in the from field for the emails. When they can not be delivered to their recipient, they are bounced from the recipients mail servers and are returned to your server as bounce notifications.

Can you post some entries from the mail logs / an example of a bounced message.

I had a similar issue when I setup my first Plesk server. Spammer using one of my email domains. Bounces from other servers would hit my server and it would try and send an account not found non-delivery email . This would then bounce and fill up the mail queue. Changed the "address not found" behaviour to reject and this issue more or less stopped straight away. If your server sends out lots of bounces, your IP's can end up on BACKSCATTER block lists.

I may have completely mis-understood your issue though!

 

[JasonBibby]

I'm not 100% sure, however they are going through my server.

Random grab rom the sever report. Its the richard@xxx I'm having trouble with.

This is spitting out reports constantly, as you can see by the time.

They were more detailed before I removed the hosting and email accounts.

Jan 14 21:09:51 s15859492 qmail: 1358197791.237057 status: local 0/10 remote 19/20
Jan 14 21:09:51 s15859492 qmail: 1358197791.237068 starting delivery 2300646: msg 1588068 to remote [email protected]
Jan 14 21:09:51 s15859492 qmail: 1358197791.237077 status: local 0/10 remote 20/20
Jan 14 21:09:51 s15859492 qmail-remote-handlers[11828]: Handlers Filter before-remote for qmail started ...
Jan 14 21:09:51 s15859492 qmail: 1358197791.277868 delivery 2300642: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
Jan 14 21:09:51 s15859492 qmail: 1358197791.277897 status: local 0/10 remote 19/20
Jan 14 21:09:51 s15859492 qmail: 1358197791.277907 starting delivery 2300647: msg 1588068 to remote [email protected]
Jan 14 21:09:51 s15859492 qmail: 1358197791.277917 status: local 0/10 remote 20/20
Jan 14 21:09:51 s15859492 qmail-remote-handlers[11829]: Handlers Filter before-remote for qmail started ...
Jan 14 21:09:51 s15859492 qmail-remote-handlers[11828]: from=richard@
Jan 14 21:09:51 s15859492 qmail-remote-handlers[11828]: [email protected]
Jan 14 21:09:51 s15859492 qmail-remote-handlers[11829]: from=richard@
Jan 14 21:09:51 s15859492 qmail-remote-handlers[11829]: [email protected]
Jan 14 21:09:51 s15859492 qmail: 1358197791.644169 delivery 2300637: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/

 

[MislavO]

Simple, disable email service for that domain, disable php function mail and contact them and inform them about the spam.

 

[JasonBibby]

How can I clear the mail queue? I seem to have stopped the messages getting to the server however there's 123639 still in the queue...


# /var/qmail/bin/qmail-qstat
messages in queue: 123639
messages in queue but not yet preprocessed: 0

 

[MislavO]

http://www.cyberciti.biz/tips/howto-postfix-flush-mail-queue.html

# postsuper -d ALL

 

[JasonBibby]

http://www.cyberciti.biz/tips/howto-postfix-flush-mail-queue.html

# postsuper -d ALL

This doesn't work # mailq bring back -bash: mailq: command not found

# postsuper -d ALL

doesn't bring back anything.


# /var/qmail/bin/qmail-qstat
messages in queue: 122634

messages are still dropping and not adding, which is a good thing. I just need to get rid of the queue.

 

[MislavO]

And your system is?

 

[JasonBibby]

And your system is?

Information I have is as follows..


CPU AuthenticAMD, Dual-Core AMD Opteron(tm) Processor 1216 HE
Version Parallels Plesk Panel v11.0.9_build110120608.16 os_CentOS 6
OS CentOS 6.2 (Final)

 

[MislavO]

Try this (didn't saw at first we're talking about qmail, i apologize):
http://forums.contribs.org/index.php?topic=23311.0
http://www.qmail.org/qmail-manual-html/man8/qmail-clean.html

 

[JasonBibby]

Thanks for the replies, solved the problem by installing Postfix.

All is well now and there are no queues.

Thanks for your help!