Your 192.168.1. subnet is an open relay. I'd shut that down, at least
for the time being. What's coming from there?
What's in your smtp log that corresponds to the messages in the queue?
That should give an indication of where they're coming from.
Roundcube had some security issues at one point some time ago. Is your
roundcube up to date?
--
-Eric 'shubes'
Rafael Andrade wrote:
Look my tcp.smtp
192.168.1.:allow,RELAYCLIENT="",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="120",CHKUSER_WRONGRCPTLIMIT="10",DKVERIFY="DEGIJKfh",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="",DKSIGN="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1"
189.72.77.72:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="120",CHKUSER_WRONGRCPTLIMIT="10",DKVERIFY="DEGIJKfh",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="",DKSIGN="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1"
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKSIGN="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1"
in 3 seconds my queue grow more of 13k emails
[r...@net www]# qmailctl queue
messages in queue: 5474
messages in queue but not yet preprocessed: 5474
[r...@net www]# qmailctl queue
messages in queue: 6002
messages in queue but not yet preprocessed: 6003
[r...@net www]# qmailctl queue
messages in queue: 6096
messages in queue but not yet preprocessed: 6097
[r...@net www]# qmailctl queue
messages in queue: 6169
messages in queue but not yet preprocessed: 6169
[r...@net www]# qmailctl queue
messages in queue: 13531
messages in queue but not yet preprocessed: 13531
I dont use squirrel i use roundcube, and now i stop roundcube too.
Any ideia? :(
Thanks mans
Eric Shubert escreveu:
I'm guessing then that they call came from a single submission. ?
What are the rest of the messages in the smtp log right after that one?
# qmlog -lc anonym...@metalservice smtp
will take you right to it in the smtp log.
Also, they came from 127.0.0.2. That looks suspicious. Perhaps your
apache server has been cracked.
I would get rid of the 127.: line in /etc/tcprules.d/tcp.smtp, then
# qmailctl cdb
Then, in order for squirrelmail to be able to submit, change SM
configuration to use authentication by adding this to your
/etc/squirrelmail/config_local.php file:
$smtpServerAddress = 'localhost';
$smtpPort = 587;
$smtp_auth_mech = 'login';
then restart apache:
# service httpd restart
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
