[NCLUG] spam problem with qmail

listz at hate.cx listz at hate.cx
Mon Jan 12 22:29:07 MST 2004 

how did you setup qmail? i'd imagine that you have some process that starts up
like:

/usr/local/bin/tcpserver -H -P -R -l 0 -x /etc/tcp.smtp.cdb -v -u 2850 \ 
-g 32750 0 smtp /var/qmail/bin/qmail-smtpd | /var/qmail/bin/splogger smtpd 3 &

is this accurate? Is the /etc/tcp.smtp.cdb line really there? in this
configuration that is what controls what can relay through through the machine.
does /etc/tcp.smtp exist? howabout, what's in /var/qmail/control, this also
plays a part in relay control. i'm just looking at these things, because its far
easier for a spammer to simply find an open relay rather than compromise a
machine to send spam. i use qmail at work and home, so i can see if i can help
you stop relaying.


on Mon Jan 12 18:32, mherndon disclosed: 
> Hello all,
> 
> I've a little experience with Linux, but consider myself very much so a newbie 
> in this arena.
> 
> I have a mail server running Slackware with qmail 1.03.
> 
> Over the last couple of days, the server has been compromised and appears to 
> be relaying spam.  When I generate a ps aux, it informs me that it's running 
> on qmail-remote process.  The qmail-queue reflects 1000's of messages with the 
> from address showing the same address everytime.  The address reflected was 
> actually an alias account which has since been removed.
> 
> I'm in the process of removing all messages from the qmail-queue related to 
> that address, and I have already killed the qmail processes.
> 
> I'm stumped on what I need to exactly do now.  I would be greatful for any 
> help or suggestions.
> 
> Thanks.  -Mark
> 
> 
> _______________________________________________
> NCLUG mailing list       NCLUG at nclug.org
> 
> To unsubscribe, subscribe, or modify 
> your settings, go to: 
> http://www.nclug.org/mailman/listinfo/nclug

<EOF>
::[ RFC 2795 ]::
 "Democracy means simply the bludgeoning of the
 people by the people for the people."
 -Oscar Wilde
statik at hate.cx | "It's like a koala crapped a rainbow in my brain!"
PGP fingerprint: D656 01EB 79FC 9285 F110  2AB1 D8BC B3BA BEA2 E0C5

More information about the NCLUG mailing list