Find the answer to your Linux question:
Results 1 to 4 of 4
I just recently got a dedicated server from godaddy. I added a few domains, sites, and email addresses. Less than one week from my purchase/configuration my mail server was intercepted. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2010
    Posts
    2

    My Mail Server Being Used For SPAM


    I just recently got a dedicated server from godaddy. I added a few domains, sites, and email addresses. Less than one week from my purchase/configuration my mail server was intercepted. Now someone is using my mail server to send out spam. I have done all the recommend tasks, but no luck.

    The SMTP relays are set to be authenticated.

    1. I disabled all the mail accounts (BC there were not that many on the server). --> spam still being sent from server.
    2. I changed all the passwords to the email addresses, and gave the passwords to nobody. --> spam still being sent from server.
    3. I added SPF records --> spam still being sent from server.
    4. I changed other configurations in Plesk --> spam still being sent from server.

    here is the header info for one of the emails:
    I cannnot post urls bc i do not have 15 posts. so you cannot see all the info:

    Received: (qmail 26266 invoked by alias); 5 Feb 2010 15:54:00 -0500
    Delivered-To:anonymous...
    Received: (qmail 26262 invoked from network); 5 Feb 2010 15:54:00 -0500
    Received: from ... (HELO p3plsmtpout003-01.prod.phx3.secureserver.net) (208.109.80.53)
    by ...with SMTP; 5 Feb 2010 15:54:00 -0500
    Received: (qmail 20968 invoked for bounce); 5 Feb 2010 20:40:27 -0000
    Date: 5 Feb 2010 20:40:27 -0000
    From: MAILER-DAEMON ...
    To: anonymous...
    Subject: failure notice

    How is this happening? How can i stop this? Thank you much in advance.

  2. #2
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Location
    Western Kentucky
    Posts
    626
    what makes you think you are sending out spam? spammers often invoke forged domain names. if they are forging your domain, you will get bounce messages. AKA: a backscatter attack.

    What i do is use mailscanner, and i assign a watermark. if a bounce message like this delivered AND it does not correspond to a message my server send it is flagged as super spam and dropped for lack of watermark.

    But again this is bounce messages, other measures are used for different spam scenarios.

  3. #3
    Just Joined!
    Join Date
    Feb 2010
    Posts
    2
    Come to think of it you may be right. I have a 1000k /day SMTP relay limit, which is reached right now. All the emails sitting in the queue are FAILURE NOTICES. There are none that are actual messages (except the good ones). Do you have any other advice/directions on stopping this?

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Location
    Western Kentucky
    Posts
    626
    unfortunately nothing effective comes to mind. watermarking is the best way to stop that kind of attack. i thought qmail was abandonware anyways.

    at any rate, i'd recommend adding mailscanner onto your mail server, it makes so much easier to deal with things of this nature.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •