Some messages lost

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
Post Reply
rnolds
Forum User
Forum User
Posts: 25
Joined: Tue Sep 16, 2008 9:59 am

Some messages lost

Unread post by rnolds »

I think my server may have been used to send SPAM. I've since disabled all relaying functions. What can I do to hunt down which localhost process is trying to relay messages?

This is from maillog:

Code: Select all

Sep 16 20:03:13 www7 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0.1:41810 (localhost)
Sep 16 20:03:16 www7 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0.1:41811 (localhost)
Sep 16 20:03:19 www7 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0.1:41812 (localhost)
Sep 16 20:03:22 www7 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0.1:41813 (localhost)
Sep 16 20:03:25 www7 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0.1:41814 (localhost)
Sep 16 20:03:28 www7 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0.1:41815 (localhost)
...
Sep 16 20:24:42 www7 relaylock: /var/qmail/bin/relaylock: mail from 92.101.33.62:4489 (ppp92-101-33-62.pppoe.avangarddsl.ru)
Sep 16 20:24:54 www7 relaylock: /var/qmail/bin/relaylock: mail from 189.71.30.85:61040 (18971030085.user.veloxzone.com.br)
Sep 16 20:24:59 www7 relaylock: /var/qmail/bin/relaylock: mail from 83.22.209.225:4084 (ebt225.neoplus.adsl.tpnet.pl)
Sep 16 20:25:02 www7 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0.1:35734 (localhost)
Sep 16 20:25:05 www7 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0.1:35735 (localhost)
Top
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:
Contact scott

Unread post by scott »

localhost is probably a web app. Rough procedure page here:

http://www.atomicorp.com/wiki/index.php/Spam
Top
Post Reply

Return to “General Help and Development Discussion”