Current time: 12-13-2018, 12:43 PM Hello There, Guest! (LoginRegister)


Post Reply 
mail spam help
Author Message
gromsp Offline


Posts: 3
Joined: Aug 2012
Reputation: 0
Post: #1
mail spam help
Hy all,
i'm new to ispcp omega and ready to learn. Recently instaled ispcp omega 1.0.7 on debian server and everything works fine, but
Im my mail.log file i recently get a lot off log like this:

Aug 15 12:12:06 server postfix/qmgr[1135]: CCA58108B8BC: to=<prefeiturasfs@uol.com>, relay=none, delay=25640, delays=25618/21/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to uol.com[200.147.3.205]:25: Connection timed out)

I think someone is relaying spam mesages thru my mail server, but server is not an open relay. I'm realy confused and dont now what to check next and how to stop spam. I'm afraid that my mail server dont get to blacklist.

Thanks in advance

P.S. sory for my English
(This post was last modified: 08-15-2012 08:54 PM by gromsp.)
08-15-2012 08:53 PM
Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,034
Joined: Jan 2007
Reputation: 92
Post: #2
RE: mail spam help
Hi

you need to find out how the spam came to your server.

There are several ways...

Here some commands to find more infos...
Code:
mailq

zgrep CCA58108B8BC /var/log/mail*

grep -r prefeiturasfs@uol.com /var/spool/postfix/defer*

I hope you get the idea where to look further...

/J
08-16-2012 09:25 PM
Visit this user's website Find all posts by this user Quote this message in a reply
gromsp Offline


Posts: 3
Joined: Aug 2012
Reputation: 0
Post: #3
RE: mail spam help
(08-16-2012 09:25 PM)joximu Wrote:  Hi

you need to find out how the spam came to your server.

There are several ways...

Here some commands to find more infos...
Code:
mailq

zgrep CCA58108B8BC /var/log/mail*

grep -r prefeiturasfs@uol.com /var/spool/postfix/defer*

I hope you get the idea where to look further...

/J

TNX for your reply.
It get very interesting i got output like this:
/var/log/mail.log.0:Aug 16 01:03:02 server postfix/qmgr[845]: CCA58108B8BC: from=<webmaster@mydomain.com>, size=3817, nrcpt=1 (queue active)
/var/log/mail.log.0:Aug 16 01:03:02 server postfix/qmgr[845]: CCA58108B8BC: to=<prefeiturasfs@uol.com>, relay=none, delay=71896, delays=71896/0/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to uol.com[200.147.3.205]:25: Connection timed out)

webmaster@mydomain.com is not valid email account (do not exist in ISPCP omega)
08-16-2012 10:07 PM
Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,034
Joined: Jan 2007
Reputation: 92
Post: #4
RE: mail spam help
well - then you may have a look some lines before this entry to see if it was a connection from "outer space" or localhost.

And then - if localhost (or local ip) - you may need to find out which website...

you also may have a look at the content of the mail - in /var/spool/postfix/deferred/c/.... number...
or "defer" instead of deferred... I don't know by heart.. (one is content the other place stores the headers)

Sometimes the content also helps to find the origin....

/J
08-17-2012 01:35 AM
Visit this user's website Find all posts by this user Quote this message in a reply
gromsp Offline


Posts: 3
Joined: Aug 2012
Reputation: 0
Post: #5
RE: mail spam help
(08-17-2012 01:35 AM)joximu Wrote:  well - then you may have a look some lines before this entry to see if it was a connection from "outer space" or localhost.

And then - if localhost (or local ip) - you may need to find out which website...

you also may have a look at the content of the mail - in /var/spool/postfix/deferred/c/.... number...
or "defer" instead of deferred... I don't know by heart.. (one is content the other place stores the headers)

Sometimes the content also helps to find the origin....

/J

Thanks for the help
the problem is solved.
During server testing it was open relay for a short time and that spam mail was only in mailQ. Flushing mailq resoved problem. Youre post was very helpful thanks once more
08-20-2012 06:22 PM
Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,034
Joined: Jan 2007
Reputation: 92
Post: #6
RE: mail spam help
You're welcome...

sometimes it only takes some seconds and the server can be missused...

/Joxi
08-20-2012 09:35 PM
Visit this user's website Find all posts by this user Quote this message in a reply
santiagojohn888 Offline


Posts: 1
Joined: Aug 2012
Reputation: 0
Post: #7
RE: mail spam help
Hi everyone.......
I have just added as a member to this forum and hope will learn many things from here and will get a lots of friends… .
Now, just want to say Hello.. Smile
08-23-2012 10:34 PM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)