s. ryu <[EMAIL PROTECTED]> wrote:
>
> > We need your help to track down possible security problem with qmail
> > system. It maybe an email virus. But, I am not sure.
The security problem is in your setup, not in qmail (just to be clear).
It's not the result of an email virus.
> > The problem: our qmail server was sending out emails to people. the
> > email was not orginated from our servers within our network. the
> > mail was a spam email with the title - We owe you ... and the
> > content of the email seems to be related to the health issue.
> >
> > I got an email from John B last Friday saying that we are sending
> > out spam emails. So, we looked into our system and our file system
> > which holds the mail log was full. so, i looked at the mail server,
> > it was sending out emails to the whole list of people. i stopped
> > the qmail servers and it still has more emails to send out.
Sounds like you've made your system an open relay, or one of the users
which is "trusted" to relay through your system has abused your trust.
> > Help Request: what should i look at to track down the problem?
Show us the output of qmail-showctl (unedited), any tcpcontrol files
(/etc/tcp.smtp, etc) which you are using, the script you use to start
qmail-smtpd (through tcpserver), and a snippet of the qmail-send log
showing the spam message being injected into your system.
> > how can i clean up the queue directories since there are more
> > messages waiting to send out? should i just remove the files from
> > todo directory?
If qmail is stopped, you could do this. It won't help with messages
that are already preprocessed.
> > is this part of relay problem? if that is the case, what should i do
> > to secure our mail server?
We can't tell you this without more information.
> > we have reported the issue to [EMAIL PROTECTED], since our mail server was
> > hacked.
What do you mean by this? Someone obtained an illegitimate shell
account on your mailserver? If so, they can send as much mail as they
like; no MTA will protect you against that.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
-----------------------------------------------------------------------
