Re: Qmailt and spam

Michael Grier Thu, 21 Jun 2001 15:42:52 -0700

----- Original Message -----
From: "Charles Cazabon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 21, 2001 5:39 PM
Subject: Re: Qmailt and spam


> Michael Grier <[EMAIL PROTECTED]> wrote:
> > Yesterday I got about 100 failure notices bounced to me as
postmaster.
> > Today I got an abuse notice from my server provider. So this spammer
> > must be able to relay through me somehow. Qmail has been working for
me
> > for over a year. Is anybody else having this problem? Where should I
> > look for answers?
>
> In your logs

all logs are full of lines like this:
@400000003b326259244df3f4 alert: cannot start: unable to open mutex

I rebooted.

and your configuration.  If qmail is an open relay on your
> system, you've configured it incorrectly.  Give us the output of
> `qmail-showctl`,

[root@server1 qmail]# bin/qmail-showctl
qmail home directory: /var/qmail.
user-ext delimiter: -.
paternalism (in decimal): 2.
silent concurrency limit: 120.
subdirectory split: 23.
user ids: 12346, 12347, 12348, 0, 12349, 12350, 12351, 12352.
group ids: 12347, 12348.

badmailfrom: (Default.) Any MAIL FROM is allowed.

bouncefrom: (Default.) Bounce user name is MAILER-DAEMON.

bouncehost: (Default.) Bounce host name is e1city.com.

concurrencylocal: (Default.) Local concurrency is 10.

concurrencyremote: (Default.) Remote concurrency is 20.

databytes: (Default.) SMTP DATA limit is 0 bytes.

defaultdomain: Default domain name is e1city.com.

defaulthost: (Default.) Default host name is e1city.com.

doublebouncehost: (Default.) 2B recipient host: e1city.com.

doublebounceto: (Default.) 2B recipient user: postmaster.

envnoathost: (Default.) Presumed domain name is e1city.com.

helohost: (Default.) SMTP client HELO host name is e1city.com.

idhost: (Default.) Message-ID host name is e1city.com.

localiphost: (Default.) Local IP address becomes e1city.com.

locals:
Messages for localhost are delivered locally.

me: My name is e1city.com.

percenthack: (Default.) The percent hack is not allowed.

plusdomain: Plus domain name is e1city.com.

qmqpservers: (Default.) No QMQP servers.


queuelifetime: (Default.) Message lifetime in the queue is 604800
seconds.

rcpthosts:
SMTP clients may send messages to recipients at localhost.
SMTP clients may send messages to recipients at mgrier.com.
SMTP clients may send messages to recipients at bigmweb.com.
SMTP clients may send messages to recipients at e1city.com.
SMTP clients may send messages to recipients at thecountrymill.com.
SMTP clients may send messages to recipients at countrymill.com.
SMTP clients may send messages to recipients at
cherryjuiceconcentrate.com.
SMTP clients may send messages to recipients at tartcherryjuice.com.
SMTP clients may send messages to recipients at doccherry.com.
SMTP clients may send messages to recipients at msistudios.com.
SMTP clients may send messages to recipients at msi-studios.com.
SMTP clients may send messages to recipients at tcsom.com.
SMTP clients may send messages to recipients at gospelofthekingdom.org.
SMTP clients may send messages to recipients at midlandfurniture.com.
SMTP clients may send messages to recipients at midlandpiano.com.
SMTP clients may send messages to recipients at michiganpiano.com.
SMTP clients may send messages to recipients at michiganorgan.com.
SMTP clients may send messages to recipients at sweetnita.com.
SMTP clients may send messages to recipients at tennes.com.
SMTP clients may send messages to recipients at j4t.org.
SMTP clients may send messages to recipients at intruderlc.com.
SMTP clients may send messages to recipients at sleepmethods.com.

morercpthosts: (Default.) No effect.

morercpthosts.cdb: (Default.) No effect.

smtpgreeting: (Default.) SMTP greeting: 220 e1city.com.

smtproutes: (Default.) No artificial SMTP routes.

timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds.

timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.

timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.

virtualdomains:
Virtual domain: mgrier.com:mgrier
Virtual domain: bigmweb.com:alias-bigmwebcom
Virtual domain: e1city.com:alias-e1citycom
Virtual domain: thecountrymill.com:mtennes
Virtual domain: countrymill.com:mtennes
Virtual domain: cherryjuiceconcentrate.com:mtennes
Virtual domain: tartcherryjuice.com:mtennes
Virtual domain: doccherry.com:mtennes
Virtual domain: msistudios.com:gjgadwa
Virtual domain: msi-studios.com:gjgadwa
Virtual domain: tcsom.com:alias-tcsomcom
Virtual domain: gospelofthekingdom.org:alias-gospelofthekingdomorg
Virtual domain: midlandfurniture.com:alias-midlandfurniturecom
Virtual domain: midlandpiano.com:alias-michiganpianocom
Virtual domain: michiganpiano.com:alias-michiganpianocom
Virtual domain: michiganorgan.com:alias-michiganpianocom
Virtual domain: sweetnita.com:alias-sweetnitacom
Virtual domain: tennes.com:mtennes
Virtual domain: j4t.org:alias-j4torg
Virtual domain: intruderlc.com:alias-intruderlccom
Virtual domain: sleepmethods.com:alias-sleepmethodscom

defaultdelivery: I have no idea what this file does.




> along with the script you start qmail-smtpd with,



this script is run at boot time:

#!/bin/sh

PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH

case "$1" in
  start)
    echo -n "Starting qmail: svscan"
    cd /var/qmail/supervise
    nohup env - PATH="$PATH" svscan &
    echo $! > /var/run/svscan.pid
    echo "."
    ;;
  stop)
    echo -n "Stopping qmail: svscan"
    kill `cat /var/run/svscan.pid`
    echo -n " qmail"
    svc -dx /var/qmail/supervise/*
    echo -n " logging"
    svc -dx /var/qmail/supervise/*/log
    echo "."
    ;;




and copies
> of any tcprules files you use controlling access to qmail-smtpd.

here's /var/qmail/supervise/qmail-smtpd/run

#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
exec /usr/local/bin/softlimit -m 2000000 \
    /usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb \
        -u $QMAILDUID -g $NOFILESGID 0 smtp rblsmtpd
rblsmtpd -rrelays.mail-abuse.org /var/qmail/bin/qmail-smtpd 2>&1


here's /var/qmail/rc which is run by qmail-send

#!/bin/sh

# Using stdout for logging
# Using control/defaultdelivery from qmail-local to deliver messages by
default

exec env - PATH="/var/qmail/bin:$PATH" \
qmail-start "`cat /var/qmail/control/defaultdelivery`"


here's /etc/tcp.smtp

127.0.0.1:allow,RELAYCLIENT=""
:allow


 If you use
> inetd/xinetd, give us the appropriate control files for that.
>
> > The spammer seems to somehow be using the user qmailt as the
originator.
> > A copy follows. uid 12355 is the user qmailt.
>
> There is no such user in a normal qmail install.
>

As far as I know, I followed the Life With Qmail setup.

> Are you sure they didn't get into your system another way?  A broken
formmail
> CGI, or something else?
>

I don't use CGI's, but do use my own php scripts. How could I tell if
someone got in that way?

> Charles
> --
> ----------------------------------------------------------------------
-
> Charles Cazabon
<[EMAIL PROTECTED]>
> GPL'ed software available at:
http://www.qcc.sk.ca/~charlesc/software/
> Any opinions expressed are just that -- my opinions.
> ----------------------------------------------------------------------
-
Re: Qmailt and spam

Reply via email to
