Results 1 to 4 of 4

Thread: Server is sending spam

Hybrid View

  1. #1
    Join Date
    Jan 2009
    Location
    Palermo
    Posts
    43
    Rep Power
    6

    Default Server is sending spam

    Today the server is sending al lots of spam:

    Code:
    Feb  7 04:52:33 mail amavis[7678]: (07678-01-19) Checking: uzaQQkfPSLGD <root@mail.XXXX.XX> -> <gaber31678@hotmail.com>
    Feb  7 04:52:33 mail amavis[9221]: (09221-01-5) Checking: zXz9Rqmrx3hj <root@mail.XXXX.XX> -> <mean-man@hotmail.com>
    Feb  7 04:52:33 mail postfix/qmgr[15358]: B9E1E944548: from=<root@mail.XXXX.XX>, size=110361, nrcpt=1 (queue active)
    Feb  7 04:52:34 mail postfix/qmgr[15358]: E1877944497: from=<root@mail.XXXX.XX>, size=110363, nrcpt=1 (queue active)
    Feb  7 04:52:34 mail postfix/qmgr[15358]: 4BC321C4417E: from=<root@mail.XXXX.XX>, size=110820, nrcpt=1 (queue active)
    Feb  7 04:52:34 mail amavis[6936]: (06936-01-29) FWD via SMTP: <root@mail.XXXX.XX> -> <j.horton@hotmail.com>,BODY=7BIT 250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4315C1C4404F
    I changed the root password, checked the system with rkhunter and chkrootkit but no result.

    I tested with mxtoolbox if openrelay and is closed.

    If something open on Postfix?

    What i can do to block sending from root user?

  2. #2
    Join Date
    Jan 2009
    Location
    Palermo
    Posts
    43
    Rep Power
    6

    Default

    Quote Originally Posted by babyporch View Post
    Today the server is sending al lots of spam:

    Code:
    Feb  7 04:52:33 mail amavis[7678]: (07678-01-19) Checking: uzaQQkfPSLGD <root@mail.XXXX.XX> -> <gaber31678@hotmail.com>
    Feb  7 04:52:33 mail amavis[9221]: (09221-01-5) Checking: zXz9Rqmrx3hj <root@mail.XXXX.XX> -> <mean-man@hotmail.com>
    Feb  7 04:52:33 mail postfix/qmgr[15358]: B9E1E944548: from=<root@mail.XXXX.XX>, size=110361, nrcpt=1 (queue active)
    Feb  7 04:52:34 mail postfix/qmgr[15358]: E1877944497: from=<root@mail.XXXX.XX>, size=110363, nrcpt=1 (queue active)
    Feb  7 04:52:34 mail postfix/qmgr[15358]: 4BC321C4417E: from=<root@mail.XXXX.XX>, size=110820, nrcpt=1 (queue active)
    Feb  7 04:52:34 mail amavis[6936]: (06936-01-29) FWD via SMTP: <root@mail.XXXX.XX> -> <j.horton@hotmail.com>,BODY=7BIT 250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4315C1C4404F
    I changed the root password, checked the system with rkhunter and chkrootkit but no result.

    I tested with mxtoolbox if openrelay and is closed.

    If something open on Postfix?

    What i can do to block sending from root user?
    I've blocked the spam using salocal.cf.in.

    But how can i find the compromised account?

    No particular activity on logs.

  3. #3
    Join Date
    Oct 2006
    Posts
    21
    Rep Power
    8

    Default

    Quote Originally Posted by babyporch View Post
    I've blocked the spam using salocal.cf.in.

    But how can i find the compromised account?

    No particular activity on logs.
    I am having the same issue. spam are being sent every weekend. and all sent from root@mydomain.com. How did you blocked using salocal.cf.in?

    Thanks.

  4. #4
    Join Date
    May 2014
    Location
    Madrid
    Posts
    202
    Rep Power
    1

    Default

    Hi dongqiu,
    Maybe the spammers are using a typical design-fail in Zimbra, fake sender, please follow these steps for fix, is in spanish, but commands, in bold are pretty use to follow:
    Zimbra: Seguridad (I Parte) » Blog de Jorge de la Cruz

    Tell us if works.

Similar Threads

  1. Server is sending spam
    By arunn17817 in forum Administrators
    Replies: 16
    Last Post: 02-10-2013, 12:19 PM
  2. Email Server Sending Spam
    By profediego in forum Administrators
    Replies: 5
    Last Post: 05-04-2011, 09:37 AM
  3. Problem: server being used for sending spam
    By darlanart in forum Administrators
    Replies: 6
    Last Post: 07-28-2010, 05:16 AM
  4. [SOLVED] Somebody is sending spam through my server??
    By mazive in forum Administrators
    Replies: 6
    Last Post: 07-06-2009, 11:12 AM
  5. Someone is sending spam from my server
    By DMRDave in forum Administrators
    Replies: 3
    Last Post: 07-28-2008, 04:48 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •