store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Sat Apr 19, 2014 3:38 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 40 posts ]  Go to page Previous  1, 2, 3
Author Message
 Post subject: Re: Flooded with Spam
Unread postPosted: Thu Apr 16, 2009 10:32 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7776
Location: earth
Yeah you need to remove it first thats all


Top
 Profile  
 
 Post subject: Re: Flooded with Spam
Unread postPosted: Thu Apr 16, 2009 11:06 am 
Offline
Forum Regular
Forum Regular

Joined: Tue Dec 16, 2008 8:01 am
Posts: 369
Location: United Kingdom
Thanks Scott. I removed it and then re-installed it. do I have to restart anything to get it working, because
tail -f /usr/local/psa/var/log/maillog
is still not showing anything, and there is definitely Spam getting through.

EDIT. Re-started qmail and POP3, and now greylisting is definitely working in the maillog. My only issue now is trying to resolve why some emails are not getting through - the subject of a separate forum if you can help with that http://www.atomicrocketturtle.com/forum ... f=1&t=3097. Thanks for the help Scott


Top
 Profile  
 
 Post subject: Re: Flooded with Spam
Unread postPosted: Fri Apr 17, 2009 7:12 am 
Offline
Forum Regular
Forum Regular

Joined: Mon Apr 14, 2008 8:29 am
Posts: 296
Location: Rhode Island
scott wrote:
Yeah theres a module in ASL that will dump out the weak accounts to /var/asl/reports/password.report


Sorry to hijack into this thread but how do you run this module to check passwords, i looked around in the forums but could'nt find anything.


Top
 Profile  
 
 Post subject: Re: Flooded with Spam
Unread postPosted: Fri Apr 17, 2009 9:14 am 
Offline
Forum Regular
Forum Regular

Joined: Tue Dec 16, 2008 8:01 am
Posts: 369
Location: United Kingdom
JnascECSI wrote:
Sorry to hijack into this thread but how do you run this module to check passwords, i looked around in the forums but could'nt find anything.


simply run the command below, and it will print them off for you, if you have any - really useful!
Code:
cat /var/asl/reports/password.report


Top
 Profile  
 
 Post subject: Re: Flooded with Spam
Unread postPosted: Thu Apr 30, 2009 1:09 pm 
Offline
Forum User
Forum User

Joined: Fri Dec 17, 2004 11:05 am
Posts: 16
I have similar problem, arround 100 spam messages in each account, and all incoming from network.

Quote:
Return-Path: <artefactsx7@metronetrail.com>
Delivered-To: 21-abuso@mydomain.com
Received: (qmail 28497 invoked from network); 28 Apr 2009 19:41:30 +0200
Received: from icm7-orange.orange.sk (213.151.217.135)
by dnstracker.dedicatedplace.com with SMTP; 28 Apr 2009 19:41:30 +0200
Received: from 213.151.217.135 by cluster8a.eu.messagelabs.com; Tue, 28 Apr 2009 19:39:44 +0100
Message-ID: <000d01c9c828$51458f50$6400a8c0@artefactsx7>
From: "Jimmy Manning" <artefactsx7@metronetrail.com>
To: <abuso@mydomain.com>
Subject: A Permission Marketing Primer: Picking and Choosing
Date: Tue, 28 Apr 2009 19:39:44 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0075_01C9C828.51458F50"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Mail 6.0.6001.18000
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
X-Spam-Checker-Version: SpamAssassin 3.0.5 (2005-11-28) on mydomain.com
X-Spam-Level:
X-Spam-Status: No, score=0.1 required=3.0 tests=BAYES_00,HTML_40_50,
HTML_MESSAGE,MSGID_DOLLARS autolearn=no version=3.0.5
X-Antivirus: AVG for E-mail 8.5.322 [270.12.7/2085]


I have installed dcc, razor-agents, pyzor and qgreylist. CentOs4 + Plesk 8.0.1.
No idea where to continue :S

Update spamassassin? Will not break plesk?
Was prety fine until 1 week ago, and nothing changed (/tmp still clean)

Any help is very apreciated :oops:
Tnx in advantage


Top
 Profile  
 
 Post subject: Re: Flooded with Spam
Unread postPosted: Thu Apr 30, 2009 1:13 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue Dec 16, 2008 8:01 am
Posts: 369
Location: United Kingdom
run the following command. Does it show anything?
Code:
cat /var/asl/reports/password.report


Top
 Profile  
 
 Post subject: Re: Flooded with Spam
Unread postPosted: Fri May 01, 2009 2:35 am 
Offline
Forum Regular
Forum Regular

Joined: Tue Jul 15, 2008 2:38 pm
Posts: 762
Location: Sweden
Your Spamassassin is quite old. You have 3.0.5. The most recent one is 3.2.5. IF you still are using the PSA-one, you might want to update to the not psa-specific one, availible in the atomic-repo (there are several threads about instaling qmail-scanner, which includes latest spamasaasin).


Top
 Profile  
 
 Post subject: Re: Flooded with Spam
Unread postPosted: Sat May 09, 2009 8:58 am 
Offline
Forum User
Forum User

Joined: Sun Jul 06, 2008 5:18 pm
Posts: 24
Hi all.

Recently my mails have a lot of spam.

I solve it send all spam to "Spam" folder and five days later deleting. Now no mail tagged as ****SPAM**** incoming to inbox folders.

But i have another problem with spam.

Suddenly i recibe 8,9 or 10 mails from myself accounts.

I see mails queued into server and i dont have any.

Here you can see how i recibed one of they.

Code:
    *  (qmail 31136 invoked by uid 10018); 9 May 2009 12:14:27 +0200
    * from 82-194-76-206.hsle.hostalia.com by hsle-080.dedicated.hostalia.com (envelope-from <compras@tecneca.com>, uid 2020) with qmail-scanner-2.02st (clamdscan: 0.93.1/9348. spamassassin: 3.2.5. perlscan: 2.02st. Clear:RC:0(193.153.120.62):SA:0(4.3/5.0):. Processed in 0.684278 secs); 09 May 2009 10:14:27 -0000
    * from 82-194-76-206.hsle.hostalia.com (HELO aisidi.com) (193.153.120.62) by 82-194-76-206.hsle.hostalia.com with SMTP; 9 May 2009 12:14:25 +0200


hsle-080.dedicated.hostalia.com is my server, and it seems mails are send from my server!

How can i test and solve it? I'm afraid to be hacked!


Top
 Profile  
 
 Post subject: Re: Flooded with Spam
Unread postPosted: Sat May 09, 2009 10:31 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7776
Location: earth
Sounds like someone has compromised an smtp_auth login.


Top
 Profile  
 
 Post subject: Re: Flooded with Spam
Unread postPosted: Sun May 10, 2009 7:13 am 
Offline
Forum User
Forum User

Joined: Sun Jul 06, 2008 5:18 pm
Posts: 24
Sorry for my ignorance, but: how can i solve the compromised an smtp_auth login?

Thx


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 40 posts ]  Go to page Previous  1, 2, 3

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group