+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Development Area (/forum-1.html)
+--- Forum: General discussion (/forum-11.html)
+--- Thread: How to disable a user account that is spamming big time (/thread-1828.html)
Pages: 1 2
How to disable a user account that is spamming big time - Tzvook - 11-21-2007 08:01 PM
Hello All
One account on my server is spamming (right as we speak) ... it may be an issue with his website, though I seem to got over that, spamming continues (10,000 mails @ 2 hours or so).
it is being sent as a user mail something like vu2038@my-main-domain.com (not the username@his-domain.com ) ?
I know there is a command-line for disabling this account from sending mail, but don't know ecsactly how to ...
Help is badly needed here ...
RE: How to disable a user account that is spamming big time - rbtux - 11-21-2007 08:05 PM
1.
create a file:
/etc/postfix/spamblock.hash with following content:
vu2038@my-main-domain.com REJECT
2.
postmap /etc/postfix/spamblock.hash
3.
and insert the following in the smtpd_recipient_restrictions (of /etc/postfix/main.cf) as first entry:
check_recipient_access hash:/etc/postfix/spamblock.hash,
4.
postfix reload
5.
check logs...
RE: How to disable a user account that is spamming big time - Tzvook - 11-21-2007 08:25 PM
10x rbtux
I did what you wrote, since I still get the rejected mails, it's kinda hard to see if it helped, hope it does: you made my day: I had no clue what to do :-)
I'll be back to report in case somebody else will face that.
Again, thank you for the prompt reply.
Tzvook
RE: How to disable a user account that is spamming big time - rbtux - 11-21-2007 08:29 PM
don't forget the reputation ;-)
RE: How to disable a user account that is spamming big time - rbtux - 11-21-2007 08:31 PM
you should search the source of the mails... maybe cronjob or website script gone mad...
RE: How to disable a user account that is spamming big time - Tzvook - 11-21-2007 09:40 PM
Yep, no more spam !!
RE: How to disable a user account that is spamming big time - pgentoo - 11-22-2007 03:45 AM
If it is coming from the vuXXXX account, it is likely that the website has some mailform exploit or something that is being exploited. I've had this happen on several sites in the past. At least since its running as the user, you have it narrowed down to what site is making the calls. Thats a lot better than where i have been stuck in the past, with apache sending out mails as itself.
If they do have a mailform on their site, just a reminder that all the legitimate email that would have been sent from that (customers, etc) will now be dropped! You need to get to the real issue of what is being exploited.
-
Jesse
RE: How to disable a user account that is spamming big time - Tzvook - 11-29-2007 08:08 PM
pasichnyk Wrote:If it is coming from the vuXXXX account, it is likely that the website has some mailform exploit or something that is being exploited. I've had this happen on several sites in the past. At least since its running as the user, you have it narrowed down to what site is making the calls. Thats a lot better than where i have been stuck in the past, with apache sending out mails as itself.
If they do have a mailform on their site, just a reminder that all the legitimate email that would have been sent from that (customers, etc) will now be dropped! You need to get to the real issue of what is being exploited.
-
Jesse
10X for reply
I looked at their mailforms (they have 3 of them) and it wasn't checking http referer, so I added it to the forms processors.
The issue now is that my spool is full of junk and server is getting chunk.
Is there any way to empty the spool safely ?
I can simply delete, but I don't want to damage the server/postfix
RE: How to disable a user account that is spamming big time - BeNe - 11-29-2007 08:10 PM
Code:
postsuper -d ALLFor more info
Code:
man postsuperGreez BeNe
RE: How to disable a user account that is spamming big time - Tzvook - 11-29-2007 08:50 PM
BeNe Wrote:Code:
postsuper -d ALL
For more infoCode:
man postsuper
Greez BeNe
10X BeNe
It did the Job :-)
Hope it solved all the problems