+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Development Area (/forum-1.html)
+--- Forum: Small Talk (/forum-20.html)
+--- Thread: mail spam help (/thread-16234.html)
mail spam help - gromsp - 08-15-2012 08:53 PM
Hy all,
i'm new to ispcp omega and ready to learn. Recently instaled ispcp omega 1.0.7 on debian server and everything works fine, but
Im my mail.log file i recently get a lot off log like this:
Aug 15 12:12:06 server postfix/qmgr[1135]: CCA58108B8BC: to=<prefeiturasfs@uol.com>, relay=none, delay=25640, delays=25618/21/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to uol.com[200.147.3.205]:25: Connection timed out)
I think someone is relaying spam mesages thru my mail server, but server is not an open relay. I'm realy confused and dont now what to check next and how to stop spam. I'm afraid that my mail server dont get to blacklist.
Thanks in advance
P.S. sory for my English
RE: mail spam help - joximu - 08-16-2012 09:25 PM
Hi
you need to find out how the spam came to your server.
There are several ways...
Here some commands to find more infos...
Code:
mailq
zgrep CCA58108B8BC /var/log/mail*
grep -r prefeiturasfs@uol.com /var/spool/postfix/defer*I hope you get the idea where to look further...
/J
RE: mail spam help - gromsp - 08-16-2012 10:07 PM
(08-16-2012 09:25 PM)joximu Wrote: Hi
you need to find out how the spam came to your server.
There are several ways...
Here some commands to find more infos...
Code:
mailq
zgrep CCA58108B8BC /var/log/mail*
grep -r prefeiturasfs@uol.com /var/spool/postfix/defer*
I hope you get the idea where to look further...
/J
TNX for your reply.
It get very interesting i got output like this:
/var/log/mail.log.0:Aug 16 01:03:02 server postfix/qmgr[845]: CCA58108B8BC: from=<webmaster@mydomain.com>, size=3817, nrcpt=1 (queue active)
/var/log/mail.log.0:Aug 16 01:03:02 server postfix/qmgr[845]: CCA58108B8BC: to=<prefeiturasfs@uol.com>, relay=none, delay=71896, delays=71896/0/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to uol.com[200.147.3.205]:25: Connection timed out)
webmaster@mydomain.com is not valid email account (do not exist in ISPCP omega)
RE: mail spam help - joximu - 08-17-2012 01:35 AM
well - then you may have a look some lines before this entry to see if it was a connection from "outer space" or localhost.
And then - if localhost (or local ip) - you may need to find out which website...
you also may have a look at the content of the mail - in /var/spool/postfix/deferred/c/.... number...
or "defer" instead of deferred... I don't know by heart.. (one is content the other place stores the headers)
Sometimes the content also helps to find the origin....
/J
RE: mail spam help - gromsp - 08-20-2012 06:22 PM
(08-17-2012 01:35 AM)joximu Wrote: well - then you may have a look some lines before this entry to see if it was a connection from "outer space" or localhost.
And then - if localhost (or local ip) - you may need to find out which website...
you also may have a look at the content of the mail - in /var/spool/postfix/deferred/c/.... number...
or "defer" instead of deferred... I don't know by heart.. (one is content the other place stores the headers)
Sometimes the content also helps to find the origin....
/J
Thanks for the help
the problem is solved.
During server testing it was open relay for a short time and that spam mail was only in mailQ. Flushing mailq resoved problem. Youre post was very helpful thanks once more
RE: mail spam help - joximu - 08-20-2012 09:35 PM
You're welcome...
sometimes it only takes some seconds and the server can be missused...
/Joxi
RE: mail spam help - santiagojohn888 - 08-23-2012 10:34 PM
Hi everyone.......
I have just added as a member to this forum and hope will learn many things from here and will get a lots of friends… .
Now, just want to say Hello..
