Page 3 of 3
Re: Flooded with Spam
Posted: Thu Apr 16, 2009 10:32 am
by scott
Yeah you need to remove it first thats all
Re: Flooded with Spam
Posted: Thu Apr 16, 2009 11:06 am
by coolemail
Thanks Scott. I removed it and then re-installed it. do I have to restart anything to get it working, because
tail -f /usr/local/psa/var/log/maillog
is still not showing anything, and there is definitely Spam getting through.
EDIT. Re-started qmail and POP3, and now greylisting is definitely working in the maillog. My only issue now is trying to resolve why some emails are not getting through - the subject of a separate forum if you can help with that
http://www.atomicrocketturtle.com/forum ... f=1&t=3097. Thanks for the help Scott
Re: Flooded with Spam
Posted: Fri Apr 17, 2009 7:12 am
by JnascECSI
scott wrote:Yeah theres a module in ASL that will dump out the weak accounts to /var/asl/reports/password.report
Sorry to hijack into this thread but how do you run this module to check passwords, i looked around in the forums but could'nt find anything.
Re: Flooded with Spam
Posted: Fri Apr 17, 2009 9:14 am
by coolemail
JnascECSI wrote:
Sorry to hijack into this thread but how do you run this module to check passwords, i looked around in the forums but could'nt find anything.
simply run the command below, and it will print them off for you, if you have any - really useful!
Code: Select all
cat /var/asl/reports/password.report
Re: Flooded with Spam
Posted: Thu Apr 30, 2009 1:09 pm
by MrTeck
I have similar problem, arround 100 spam messages in each account, and all incoming from network.
Return-Path: <
artefactsx7@metronetrail.com>
Delivered-To:
21-abuso@mydomain.com
Received: (qmail 28497 invoked from network); 28 Apr 2009 19:41:30 +0200
Received: from icm7-orange.orange.sk (213.151.217.135)
by dnstracker.dedicatedplace.com with SMTP; 28 Apr 2009 19:41:30 +0200
Received: from 213.151.217.135 by cluster8a.eu.messagelabs.com; Tue, 28 Apr 2009 19:39:44 +0100
Message-ID: <000d01c9c828$51458f50$6400a8c0@artefactsx7>
From: "Jimmy Manning" <
artefactsx7@metronetrail.com>
To: <
abuso@mydomain.com>
Subject: A Permission Marketing Primer: Picking and Choosing
Date: Tue, 28 Apr 2009 19:39:44 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0075_01C9C828.51458F50"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Mail 6.0.6001.18000
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
X-Spam-Checker-Version: SpamAssassin 3.0.5 (2005-11-28) on mydomain.com
X-Spam-Level:
X-Spam-Status: No, score=0.1 required=3.0 tests=BAYES_00,HTML_40_50,
HTML_MESSAGE,MSGID_DOLLARS autolearn=no version=3.0.5
X-Antivirus: AVG for E-mail 8.5.322 [270.12.7/2085]
I have installed dcc, razor-agents, pyzor and qgreylist. CentOs4 + Plesk 8.0.1.
No idea where to continue :S
Update spamassassin? Will not break plesk?
Was prety fine until 1 week ago, and nothing changed (/tmp still clean)
Any help is very apreciated
Tnx in advantage
Re: Flooded with Spam
Posted: Thu Apr 30, 2009 1:13 pm
by coolemail
run the following command. Does it show anything?
Code: Select all
cat /var/asl/reports/password.report
Re: Flooded with Spam
Posted: Fri May 01, 2009 2:35 am
by biggles
Your Spamassassin is quite old. You have 3.0.5. The most recent one is 3.2.5. IF you still are using the PSA-one, you might want to update to the not psa-specific one, availible in the atomic-repo (there are several threads about instaling qmail-scanner, which includes latest spamasaasin).
Re: Flooded with Spam
Posted: Sat May 09, 2009 8:58 am
by chencho
Hi all.
Recently my mails have a lot of spam.
I solve it send all spam to "Spam" folder and five days later deleting. Now no mail tagged as ****SPAM**** incoming to inbox folders.
But i have another problem with spam.
Suddenly i recibe 8,9 or 10 mails from myself accounts.
I see mails queued into server and i dont have any.
Here you can see how i recibed one of they.
Code: Select all
* (qmail 31136 invoked by uid 10018); 9 May 2009 12:14:27 +0200
* from 82-194-76-206.hsle.hostalia.com by hsle-080.dedicated.hostalia.com (envelope-from <compras@tecneca.com>, uid 2020) with qmail-scanner-2.02st (clamdscan: 0.93.1/9348. spamassassin: 3.2.5. perlscan: 2.02st. Clear:RC:0(193.153.120.62):SA:0(4.3/5.0):. Processed in 0.684278 secs); 09 May 2009 10:14:27 -0000
* from 82-194-76-206.hsle.hostalia.com (HELO aisidi.com) (193.153.120.62) by 82-194-76-206.hsle.hostalia.com with SMTP; 9 May 2009 12:14:25 +0200
hsle-080.dedicated.hostalia.com is my server, and it seems mails are send from my server!
How can i test and solve it? I'm afraid to be hacked!
Re: Flooded with Spam
Posted: Sat May 09, 2009 10:31 am
by scott
Sounds like someone has compromised an smtp_auth login.
Re: Flooded with Spam
Posted: Sun May 10, 2009 7:13 am
by chencho
Sorry for my ignorance, but: how can i solve the compromised an smtp_auth login?
Thx