Spam in Mail Queue

[Thomas_Krcal]

Hello.
I have Spam in the Mail Queue.
How can I detect, where it come from, or how can I avoid it ?



Thank you !

 

[IgorG]

Plesk has many spam protection solutions. Have you tried to use them, read Plesk documentation about these solutions?

 

[Thomas_Krcal]

Yes. I read and learned a lot, but befor I decide for any action, I want to understand where it come from.

As I understood, a Mailbox from any owner must be hacked by Virus or anything else.
So I want to find out witch one it is, to contact the owner of the mailbox.

Following also confuse me:
When I grep for the IP of the Spamer in /usr/local/psa/var/log/maillog
I find an e-Mailadress, that is only an e-mail alias and not a mailbox.

So it seems, that Spamer can authenticates on e-mail alias ?

 

[Faris Raouf]

yes, you can authenticate on an alias. I was surprised when I found this out a year or two ago! But it does make sense.
If you use qmail, then qmhandle.pl (available from the Atomic repo or you can compile from source) is a good tool to deal with queues full of spam.

It sounds like you have found the mailbox that has been compromised. Otherwise you need to look at one of the spam emails, find the source IP, search for that IP in the maillog, and locate the compromised mailbox that way.

Please note that changing the password does not ALWAYS stop the spam sending. Some spam systems connect and keep sending, so there's no re-authentication. Changing the password does not stop these types. Restarting qmail does not resolve the problem. Adding the IP to a direwall does not help. In all these cases it is because the spammer is already connected. You have to kill the actual process the spammer is connected to (or just reboot). Using netstat -avnp can help.