Results 1 to 2 of 2

Thread: Server is sending spam

  1. #1
    babyporch is offline Active Member
    Join Date
    Jan 2009
    Location
    Palermo
    Posts
    43
    Rep Power
    6

    Default Server is sending spam

    Today the server is sending al lots of spam:

    Code:
    Feb  7 04:52:33 mail amavis[7678]: (07678-01-19) Checking: uzaQQkfPSLGD <root@mail.XXXX.XX> -> <gaber31678@hotmail.com>
    Feb  7 04:52:33 mail amavis[9221]: (09221-01-5) Checking: zXz9Rqmrx3hj <root@mail.XXXX.XX> -> <mean-man@hotmail.com>
    Feb  7 04:52:33 mail postfix/qmgr[15358]: B9E1E944548: from=<root@mail.XXXX.XX>, size=110361, nrcpt=1 (queue active)
    Feb  7 04:52:34 mail postfix/qmgr[15358]: E1877944497: from=<root@mail.XXXX.XX>, size=110363, nrcpt=1 (queue active)
    Feb  7 04:52:34 mail postfix/qmgr[15358]: 4BC321C4417E: from=<root@mail.XXXX.XX>, size=110820, nrcpt=1 (queue active)
    Feb  7 04:52:34 mail amavis[6936]: (06936-01-29) FWD via SMTP: <root@mail.XXXX.XX> -> <j.horton@hotmail.com>,BODY=7BIT 250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4315C1C4404F
    I changed the root password, checked the system with rkhunter and chkrootkit but no result.

    I tested with mxtoolbox if openrelay and is closed.

    If something open on Postfix?

    What i can do to block sending from root user?

  2. #2
    babyporch is offline Active Member
    Join Date
    Jan 2009
    Location
    Palermo
    Posts
    43
    Rep Power
    6

    Default

    Quote Originally Posted by babyporch View Post
    Today the server is sending al lots of spam:

    Code:
    Feb  7 04:52:33 mail amavis[7678]: (07678-01-19) Checking: uzaQQkfPSLGD <root@mail.XXXX.XX> -> <gaber31678@hotmail.com>
    Feb  7 04:52:33 mail amavis[9221]: (09221-01-5) Checking: zXz9Rqmrx3hj <root@mail.XXXX.XX> -> <mean-man@hotmail.com>
    Feb  7 04:52:33 mail postfix/qmgr[15358]: B9E1E944548: from=<root@mail.XXXX.XX>, size=110361, nrcpt=1 (queue active)
    Feb  7 04:52:34 mail postfix/qmgr[15358]: E1877944497: from=<root@mail.XXXX.XX>, size=110363, nrcpt=1 (queue active)
    Feb  7 04:52:34 mail postfix/qmgr[15358]: 4BC321C4417E: from=<root@mail.XXXX.XX>, size=110820, nrcpt=1 (queue active)
    Feb  7 04:52:34 mail amavis[6936]: (06936-01-29) FWD via SMTP: <root@mail.XXXX.XX> -> <j.horton@hotmail.com>,BODY=7BIT 250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4315C1C4404F
    I changed the root password, checked the system with rkhunter and chkrootkit but no result.

    I tested with mxtoolbox if openrelay and is closed.

    If something open on Postfix?

    What i can do to block sending from root user?
    I've blocked the spam using salocal.cf.in.

    But how can i find the compromised account?

    No particular activity on logs.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Server is sending spam
    By arunn17817 in forum Administrators
    Replies: 16
    Last Post: 02-10-2013, 01:19 PM
  2. Email Server Sending Spam
    By profediego in forum Administrators
    Replies: 5
    Last Post: 05-04-2011, 09:37 AM
  3. Problem: server being used for sending spam
    By darlanart in forum Administrators
    Replies: 6
    Last Post: 07-28-2010, 05:16 AM
  4. [SOLVED] Somebody is sending spam through my server??
    By mazive in forum Administrators
    Replies: 6
    Last Post: 07-06-2009, 11:12 AM
  5. Someone is sending spam from my server
    By DMRDave in forum Administrators
    Replies: 3
    Last Post: 07-28-2008, 04:48 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •