Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Feb 2010
My Mail Server Being Used For SPAM
The SMTP relays are set to be authenticated.
1. I disabled all the mail accounts (BC there were not that many on the server). --> spam still being sent from server.
2. I changed all the passwords to the email addresses, and gave the passwords to nobody. --> spam still being sent from server.
3. I added SPF records --> spam still being sent from server.
4. I changed other configurations in Plesk --> spam still being sent from server.
here is the header info for one of the emails:
I cannnot post urls bc i do not have 15 posts. so you cannot see all the info:
Received: (qmail 26266 invoked by alias); 5 Feb 2010 15:54:00 -0500
Received: (qmail 26262 invoked from network); 5 Feb 2010 15:54:00 -0500
Received: from ... (HELO p3plsmtpout003-01.prod.phx3.secureserver.net) (184.108.40.206)
by ...with SMTP; 5 Feb 2010 15:54:00 -0500
Received: (qmail 20968 invoked for bounce); 5 Feb 2010 20:40:27 -0000
Date: 5 Feb 2010 20:40:27 -0000
From: MAILER-DAEMON ...
Subject: failure notice
How is this happening? How can i stop this? Thank you much in advance.
what makes you think you are sending out spam? spammers often invoke forged domain names. if they are forging your domain, you will get bounce messages. AKA: a backscatter attack.
What i do is use mailscanner, and i assign a watermark. if a bounce message like this delivered AND it does not correspond to a message my server send it is flagged as super spam and dropped for lack of watermark.
But again this is bounce messages, other measures are used for different spam scenarios.
- Join Date
- Feb 2010
Come to think of it you may be right. I have a 1000k /day SMTP relay limit, which is reached right now. All the emails sitting in the queue are FAILURE NOTICES. There are none that are actual messages (except the good ones). Do you have any other advice/directions on stopping this?
unfortunately nothing effective comes to mind. watermarking is the best way to stop that kind of attack. i thought qmail was abandonware anyways.
at any rate, i'd recommend adding mailscanner onto your mail server, it makes so much easier to deal with things of this nature.