Hi,
i'm from italy, i speak a bit of english.
I have installed hmailserv and it work perfectly 6 days.
I have configured 4 domains and 10 mailbox.
In first 6 days the traffic of the server was 40-50 massages (30 spam).
This morning in the status windows i see:
Processed Messages: 8116 !!!!!!!!!!!!!!!!!!!!!!!!
Why?
Now, I have problem to sent mail to some address and my server is now in RBL.
Any will help me to resolve?
Tnk
Sc@rob
HELP!!! Spammers use my hmailserver???
Please run an open relay test like this:
http://www.abuse.net/relay.html
This might help to find your (probably) setup problem.
http://www.abuse.net/relay.html
This might help to find your (probably) setup problem.
- Logging is enabled
- i suppose that email was successful sent why in the log file i see
2007-06-11 04:21:23 ktkktharrison@OMISSIS 127.0.0.1 127.0.0.1 SMTP ?virus=&rblgheuristicspam=0&ssl=0 250 543
2007-06-12 00:41:18 admin@OMISSIS hereshope58@OMISSIS 203.147.XX.XX 127.0.0.1 SMTP ?virus=&rblgheuristicspam=0&ssl=0 250 2162
- if can help i can send you part of log file
- i suppose that email was successful sent why in the log file i see
2007-06-11 04:21:23 ktkktharrison@OMISSIS 127.0.0.1 127.0.0.1 SMTP ?virus=&rblgheuristicspam=0&ssl=0 250 543
2007-06-12 00:41:18 admin@OMISSIS hereshope58@OMISSIS 203.147.XX.XX 127.0.0.1 SMTP ?virus=&rblgheuristicspam=0&ssl=0 250 2162
- if can help i can send you part of log file
I would be more concerned with finding out who and how someone used your server to send spam with before trying to remove your IP from an RBL. If you don't and it happens again you will have to go through the whole process again.
Please post your log file from the time the spam sending started. Need about a minutes worth of log file to correctly identify what happened. Please do not post the whole log.
If you are worried about privacy please change your domain name to domain.com and your ip address to 123.123.123.123 that way we can see what is you and what is the spammer.
Please post your log file from the time the spam sending started. Need about a minutes worth of log file to correctly identify what happened. Please do not post the whole log.
If you are worried about privacy please change your domain name to domain.com and your ip address to 123.123.123.123 that way we can see what is you and what is the spammer.
Reading this thread, it looks to me like the server has been compromised and the spam is actually being delivered locally to the SMTP server.
This situation should be visible by analyzing the logs. If there's a large number of local (127.0.0.1 or local net IPs) mail deliveries to HMS, that would confirm it.
Another way to find out would be to (at least temporarily) impose SMTP Auth also for local->external deliveries. If the spamming stops, then we found the reason.
It is an increasing plague, that genuine SMTP servers (mostly *NIX boxes) are compromised/rootkitted and then abused of for spamming. The trick is always the same: spam is delivered through the backdoor and locally delivered to the SMTP outbound engine. That way all relaying restrictions are levered out as usually SMTP services allow local IPs to deliver to everywhere. Furthermore, of course such systems resist to any open-relay test.
@scarob
Scrivimi un email a hmailserver@spmtst.homeip.net se ti posso assistere in qualche modo nella tua lingua materna. Saluti!
This situation should be visible by analyzing the logs. If there's a large number of local (127.0.0.1 or local net IPs) mail deliveries to HMS, that would confirm it.
Another way to find out would be to (at least temporarily) impose SMTP Auth also for local->external deliveries. If the spamming stops, then we found the reason.
It is an increasing plague, that genuine SMTP servers (mostly *NIX boxes) are compromised/rootkitted and then abused of for spamming. The trick is always the same: spam is delivered through the backdoor and locally delivered to the SMTP outbound engine. That way all relaying restrictions are levered out as usually SMTP services allow local IPs to deliver to everywhere. Furthermore, of course such systems resist to any open-relay test.
@scarob
Scrivimi un email a hmailserver@spmtst.homeip.net se ti posso assistere in qualche modo nella tua lingua materna. Saluti!
This mornig the situation is returned to normality
Status:
Number of
Processed Messages: 20
Messages containing virus: 0
Messages containing spam: 130
I have stopped the UltraVNCServer (i use it only whit very difficult password and DSM plugin) and the XAMPP web server.
To MP3Freak:
"If there's a large number of local (127.0.0.1 or local net IPs) mail deliveries to HMS, that would confirm it. "
Yes, the spam is generated from 127.0.0.1
Status:
Number of
Processed Messages: 20
Messages containing virus: 0
Messages containing spam: 130
I have stopped the UltraVNCServer (i use it only whit very difficult password and DSM plugin) and the XAMPP web server.
To MP3Freak:
"If there's a large number of local (127.0.0.1 or local net IPs) mail deliveries to HMS, that would confirm it. "
Yes, the spam is generated from 127.0.0.1