I'm using roundcube webmail as well. Anyway I had already blacklisted 127.0.0.1 in my spamdyke configuration and it worked.
Thanks. Amit Dalia -----Original Message----- From: Eric Shubert [mailto:e...@shubes.net] Sent: 13 September 2013 06:42 To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SPAM Emails generating from server On 09/12/2013 05:20 AM, Amit wrote: > Please find below SMTP log. > > 2013-09-12 17:08:05.533459500 CHKUSER relaying rcpt: from > <internalrevenueserv...@internalrevenue.org::> remote > <User:unknown:127.0.0.1> rcpt <onessaad...@yahoo.com > <mailto:onessaad...@yahoo.com>> : client allowed to relay > 2013-09-12 17:08:05.533460500 policy_check: remote > internalrevenueserv...@internalrevenue.org > <mailto:internalrevenueserv...@internalrevenue.org> -> remote > onessaad...@yahoo.com <mailto:onessaad...@yahoo.com> (UNAUTHENTICATED > SENDER) > 2013-09-12 17:08:05.533461500 policy_check: policy allows transmission > 2013-09-12 17:08:05.579302500 CHKUSER relaying rcpt: from > <internalrevenueserv...@internalrevenue.org::> remote > <User:unknown:127.0.0.1> rcpt <oni...@yahoo.com > <mailto:oni...@yahoo.com>> : client allowed to relay > 2013-09-12 17:08:05.579305500 policy_check: remote > internalrevenueserv...@internalrevenue.org > <mailto:internalrevenueserv...@internalrevenue.org> -> remote > oni...@yahoo.com <mailto:oni...@yahoo.com> (UNAUTHENTICATED SENDER) > 2013-09-12 17:08:05.579306500 policy_check: policy allows transmission > 2013-09-12 17:08:05.581583500 CHKUSER relaying rcpt: from > <internalrevenueserv...@internalrevenue.org::> remote > <User:unknown:127.0.0.1> rcpt <opensky...@yahoo.com > <mailto:opensky...@yahoo.com>> : client allowed to relay > 2013-09-12 17:08:05.581585500 policy_check: remote > internalrevenueserv...@internalrevenue.org > <mailto:internalrevenueserv...@internalrevenue.org> -> remote > opensky...@yahoo.com <mailto:opensky...@yahoo.com> (UNAUTHENTICATED > SENDER) > 2013-09-12 17:08:05.581586500 policy_check: policy allows transmission > 2013-09-12 17:08:05.663348500 CHKUSER relaying rcpt: from > <internalrevenueserv...@internalrevenue.org::> remote > <User:unknown:127.0.0.1> rcpt <onurgo...@uaeu.ac.ae > <mailto:onurgo...@uaeu.ac.ae>> : client allowed to relay > 2013-09-12 17:08:05.663352500 policy_check: remote > internalrevenueserv...@internalrevenue.org > <mailto:internalrevenueserv...@internalrevenue.org> -> remote > onurgo...@uaeu.ac.ae <mailto:onurgo...@uaeu.ac.ae> (UNAUTHENTICATED > SENDER) > 2013-09-12 17:08:05.663353500 policy_check: policy allows transmission > > > Such spam emails are getting generated from server. > Where do I look for source of the same? What will happen if I > blacklist > 127.0.0.1 IP in spamdyke? > > Regards, > > Amit I would configure your squirrelmail to authenticate in /etc/squirrelmail/config_local.php: # these are added so SM authenticates, # eliminating need for 127.: line in /etc/tcprules.d/tcp.smtp file $smtpServerAddress = 'localhost'; $smtpPort = 587; $smtp_auth_mech = 'login'; and restart httpd: # service httpd restart Then remove the 127. line from /etc/tcprules.d/tcp.smtp file, and rebuild the cdb file: # qmailctl cdb This will keep any rogue process on your host from using QMT as an open relay. See if this fixes things, and we can go from there. -- -Eric 'shubes' --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com