Flooded with Spam

Forum for getting help with Project Gamera, Spamassassin, Clamav, qmail-scanner and other anti-spam tools.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Flooded with Spam

Unread post by scott »

Yeah you need to remove it first thats all
coolemail
Forum Regular
Forum Regular
Posts: 369
Joined: Tue Dec 16, 2008 8:01 am
Location: United Kingdom

Re: Flooded with Spam

Unread post by coolemail »

Thanks Scott. I removed it and then re-installed it. do I have to restart anything to get it working, because
tail -f /usr/local/psa/var/log/maillog
is still not showing anything, and there is definitely Spam getting through.

EDIT. Re-started qmail and POP3, and now greylisting is definitely working in the maillog. My only issue now is trying to resolve why some emails are not getting through - the subject of a separate forum if you can help with that http://www.atomicrocketturtle.com/forum ... f=1&t=3097. Thanks for the help Scott
User avatar
JnascECSI
Forum Regular
Forum Regular
Posts: 306
Joined: Mon Apr 14, 2008 8:29 am
Location: Rhode Island

Re: Flooded with Spam

Unread post by JnascECSI »

scott wrote:Yeah theres a module in ASL that will dump out the weak accounts to /var/asl/reports/password.report
Sorry to hijack into this thread but how do you run this module to check passwords, i looked around in the forums but could'nt find anything.
James Nascimento
Chief Information Officer
East Commerce Solutions, Inc.
22 Morris Lane
East Providence, RI 02914
Ph. 800-527-5395 x263
Fax. 888-999-5891
coolemail
Forum Regular
Forum Regular
Posts: 369
Joined: Tue Dec 16, 2008 8:01 am
Location: United Kingdom

Re: Flooded with Spam

Unread post by coolemail »

JnascECSI wrote: Sorry to hijack into this thread but how do you run this module to check passwords, i looked around in the forums but could'nt find anything.
simply run the command below, and it will print them off for you, if you have any - really useful!

Code: Select all

cat /var/asl/reports/password.report
MrTeck
Forum User
Forum User
Posts: 16
Joined: Fri Dec 17, 2004 11:05 am

Re: Flooded with Spam

Unread post by MrTeck »

I have similar problem, arround 100 spam messages in each account, and all incoming from network.
Return-Path: <artefactsx7@metronetrail.com>
Delivered-To: 21-abuso@mydomain.com
Received: (qmail 28497 invoked from network); 28 Apr 2009 19:41:30 +0200
Received: from icm7-orange.orange.sk (213.151.217.135)
by dnstracker.dedicatedplace.com with SMTP; 28 Apr 2009 19:41:30 +0200
Received: from 213.151.217.135 by cluster8a.eu.messagelabs.com; Tue, 28 Apr 2009 19:39:44 +0100
Message-ID: <000d01c9c828$51458f50$6400a8c0@artefactsx7>
From: "Jimmy Manning" <artefactsx7@metronetrail.com>
To: <abuso@mydomain.com>
Subject: A Permission Marketing Primer: Picking and Choosing
Date: Tue, 28 Apr 2009 19:39:44 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0075_01C9C828.51458F50"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Mail 6.0.6001.18000
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
X-Spam-Checker-Version: SpamAssassin 3.0.5 (2005-11-28) on mydomain.com
X-Spam-Level:
X-Spam-Status: No, score=0.1 required=3.0 tests=BAYES_00,HTML_40_50,
HTML_MESSAGE,MSGID_DOLLARS autolearn=no version=3.0.5
X-Antivirus: AVG for E-mail 8.5.322 [270.12.7/2085]
I have installed dcc, razor-agents, pyzor and qgreylist. CentOs4 + Plesk 8.0.1.
No idea where to continue :S

Update spamassassin? Will not break plesk?
Was prety fine until 1 week ago, and nothing changed (/tmp still clean)

Any help is very apreciated :oops:
Tnx in advantage
coolemail
Forum Regular
Forum Regular
Posts: 369
Joined: Tue Dec 16, 2008 8:01 am
Location: United Kingdom

Re: Flooded with Spam

Unread post by coolemail »

run the following command. Does it show anything?

Code: Select all

cat /var/asl/reports/password.report
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: Flooded with Spam

Unread post by biggles »

Your Spamassassin is quite old. You have 3.0.5. The most recent one is 3.2.5. IF you still are using the PSA-one, you might want to update to the not psa-specific one, availible in the atomic-repo (there are several threads about instaling qmail-scanner, which includes latest spamasaasin).
chencho
Forum User
Forum User
Posts: 24
Joined: Sun Jul 06, 2008 5:18 pm

Re: Flooded with Spam

Unread post by chencho »

Hi all.

Recently my mails have a lot of spam.

I solve it send all spam to "Spam" folder and five days later deleting. Now no mail tagged as ****SPAM**** incoming to inbox folders.

But i have another problem with spam.

Suddenly i recibe 8,9 or 10 mails from myself accounts.

I see mails queued into server and i dont have any.

Here you can see how i recibed one of they.

Code: Select all

    *  (qmail 31136 invoked by uid 10018); 9 May 2009 12:14:27 +0200
    * from 82-194-76-206.hsle.hostalia.com by hsle-080.dedicated.hostalia.com (envelope-from <compras@tecneca.com>, uid 2020) with qmail-scanner-2.02st (clamdscan: 0.93.1/9348. spamassassin: 3.2.5. perlscan: 2.02st. Clear:RC:0(193.153.120.62):SA:0(4.3/5.0):. Processed in 0.684278 secs); 09 May 2009 10:14:27 -0000
    * from 82-194-76-206.hsle.hostalia.com (HELO aisidi.com) (193.153.120.62) by 82-194-76-206.hsle.hostalia.com with SMTP; 9 May 2009 12:14:25 +0200
hsle-080.dedicated.hostalia.com is my server, and it seems mails are send from my server!

How can i test and solve it? I'm afraid to be hacked!
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Flooded with Spam

Unread post by scott »

Sounds like someone has compromised an smtp_auth login.
chencho
Forum User
Forum User
Posts: 24
Joined: Sun Jul 06, 2008 5:18 pm

Re: Flooded with Spam

Unread post by chencho »

Sorry for my ignorance, but: how can i solve the compromised an smtp_auth login?

Thx
Post Reply