> The security problem is in your setup, not in qmail (just to be clear).
> It's not the result of an email virus.
>
I thought so.
> Sounds like you've made your system an open relay, or one of the users
> which is "trusted" to relay through your system has abused your trust.
>
Where do I set this up? I am running the qmail-1.3 using RedHat 7.x which
is running linux 2.2.16-22
> Show us the output of qmail-showctl (unedited), any tcpcontrol files
> (/etc/tcp.smtp, etc) which you are using, the script you use to start
> qmail-smtpd (through tcpserver), and a snippet of the qmail-send log
> showing the spam message being injected into your system.
>
The output of qmail-showctl is as follows:
me: My name is igoods.com.
percenthack: (Default.) The percent hack is not allowed.
plusdomain: Plus domain name is cnc.net.
qmqpservers: (Default.) No QMQP servers.
queuelifetime: (Default.) Message lifetime in the queue is 604800 seconds.
rcpthosts: (Default.) SMTP clients may send messages to any recipient.
morercpthosts: (Default.) No rcpthosts; morercpthosts is irrelevant.
morercpthosts.cdb: (Default.) No effect.
smtpgreeting: (Default.) SMTP greeting: 220 igoods.com.
smtproutes: (Default.) No artificial SMTP routes.
timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds.
timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.
timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.
virtualdomains: (Default.) No virtual domains.
bkup: I have no idea what this file does.
--- end of the output ----
as for the tcp control files are concerned, i don't find the file starting
tcp* in the /etc directory. i have to convert /etc/inetd.conf file for the
current linux os - RedHat 7.x. the smtp control file is under xinetd.d directory.
and they are as follows:
the content of /etc/xinetd.d/pop-3
# Converted by inetdconvert
service pop-3
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /var/qmail/bin/qmail-popup
server_args = redolive.com /bin/checkpassword
/var/qmail/bin/qmail-pop3d Maildir
disable = no
}
the content of /etc/xinetd.d/smtp
# Converted by inetdconvert
service smtp
{
socket_type = stream
protocol = tcp
wait = no
user = qmaild
server = /var/qmail/bin/qmail-smtpd
disable = no
}
> > > how can i clean up the queue directories since there are more
> > > messages waiting to send out? should i just remove the files from
> > > todo directory?
>
> If qmail is stopped, you could do this. It won't help with messages
> that are already preprocessed.
>
That is fine. do i just remove the files under the todo to stop the further
deliveries.
> > > we have reported the issue to [EMAIL PROTECTED], since our mail server was
> > > hacked.
>
> What do you mean by this? Someone obtained an illegitimate shell
> account on your mailserver? If so, they can send as much mail as they
> like; no MTA will protect you against that.
>
I do not think anybody got our shell account. but, somebody used our mail server
to send out bogus bulk emails to more than 1000 people.
i had to send the email to them, since someone accused us sending out
spam emails.
Thanks for your help.
> --
> -----------------------------------------------------------------------
> Charles Cazabon <[EMAIL PROTECTED]>
> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
> -----------------------------------------------------------------------
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
