Re: [qmailtoaster] i get bombed with mail please help
Do you host websites also on same server? Full headers of the letter would be neccesary to pinpoint where it originates. Espen wrote: Hi, Im using centos 5 and qmailtoaster. Everything worked fine untill jun 28 then i got bombed with mails on the 28 i got 3461 on 29 i got 3041 today 30 i got 3152 and counting. I tailed the smtp/current file and this shows all the time CHKUSER accepted null sender: from :: remote smtp1.cessniq.com:unknown:80.248.34.120 rcpt : accepted null sender always. What does accepted null sender allways mean ? The mails i get are Delivery Status Notification (Failure) they are from postmaster@ different domains and they claim its sent by Linette [EMAIL PROTECTED] a user that does not exist on my server. I did the open relay test over at http://www.southcomputers.com/relaytest.php and there i get Congratulations! mail.dataen.com *Does not appear to be* an open relay I realy need help here and yes i am a newb :-) - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] i get bombed with mail please help
Espen wrote: Hi, Im using centos 5 and qmailtoaster. Everything worked fine untill jun 28 then i got bombed with mails on the 28 i got 3461 on 29 i got 3041 today 30 i got 3152 and counting. I tailed the smtp/current file and this shows all the time CHKUSER accepted null sender: from :: remote smtp1.cessniq.com:unknown:80.248.34.120 rcpt : accepted null sender always. What does accepted null sender allways mean ? The mails i get are Delivery Status Notification (Failure) they are from postmaster@ different domains and they claim its sent by Linette [EMAIL PROTECTED] a user that does not exist on my server. I did the open relay test over at http://www.southcomputers.com/relaytest.php and there i get Congratulations! mail.dataen.com *Does not appear to be* an open relay I realy need help here and yes i am a newb :-) Do you run web services on this machine? It looks like the messages are being sent from a rogue PHP script, or someone on your network may have gotten a virus. Do you have a catchall account defined, or are you deleting those messages? smime.p7s Description: S/MIME Cryptographic Signature
Re: [qmailtoaster] i get bombed with mail please help
Jake Vickers skrev: Espen wrote: Hi, Im using centos 5 and qmailtoaster. Everything worked fine untill jun 28 then i got bombed with mails on the 28 i got 3461 on 29 i got 3041 today 30 i got 3152 and counting. I tailed the smtp/current file and this shows all the time CHKUSER accepted null sender: from :: remote smtp1.cessniq.com:unknown:80.248.34.120 rcpt : accepted null sender always. What does accepted null sender allways mean ? The mails i get are Delivery Status Notification (Failure) they are from postmaster@ different domains and they claim its sent by Linette [EMAIL PROTECTED] a user that does not exist on my server. I did the open relay test over at http://www.southcomputers.com/relaytest.php and there i get Congratulations! mail.dataen.com *Does not appear to be* an open relay I realy need help here and yes i am a newb :-) Do you run web services on this machine? It looks like the messages are being sent from a rogue PHP script, or someone on your network may have gotten a virus. Do you have a catchall account defined, or are you deleting those messages? Yes ther is a webserver allso with joomla. i have enabled the delete function instead of catch all. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] i get bombed with mail please help
Espen wrote: Jake Vickers skrev: Espen wrote: Hi, Im using centos 5 and qmailtoaster. Everything worked fine untill jun 28 then i got bombed with mails on the 28 i got 3461 on 29 i got 3041 today 30 i got 3152 and counting. I tailed the smtp/current file and this shows all the time CHKUSER accepted null sender: from :: remote smtp1.cessniq.com:unknown:80.248.34.120 rcpt : accepted null sender always. What does accepted null sender allways mean ? The mails i get are Delivery Status Notification (Failure) they are from postmaster@ different domains and they claim its sent by Linette [EMAIL PROTECTED] a user that does not exist on my server. I did the open relay test over at http://www.southcomputers.com/relaytest.php and there i get Congratulations! mail.dataen.com *Does not appear to be* an open relay I realy need help here and yes i am a newb :-) Do you run web services on this machine? It looks like the messages are being sent from a rogue PHP script, or someone on your network may have gotten a virus. Do you have a catchall account defined, or are you deleting those messages? Yes ther is a webserver allso with joomla. i have enabled the delete function instead of catch all. If you recently added the delete option, go ahead and adjust your /var/qmail/control/queuelifetime file to something like 600 for a couple hours. This will clean out your queue. Just remember to set it back when the queue is cleaned out. What happened is a typical spam thing. Someone sent a message to [EMAIL PROTECTED], with a fake return-to address. They do this on purpose. It makes it harder to find out where the message actually came from, and if the cicarderie address doesn't exist, they're now using your machine to bounce the spam message to someone else. That should clear up your issue I imagine. smime.p7s Description: S/MIME Cryptographic Signature
Re: [qmailtoaster] i get bombed with mail please help
Jake Vickers skrev: Espen wrote: Jake Vickers skrev: Espen wrote: Hi, Im using centos 5 and qmailtoaster. Everything worked fine untill jun 28 then i got bombed with mails on the 28 i got 3461 on 29 i got 3041 today 30 i got 3152 and counting. I tailed the smtp/current file and this shows all the time CHKUSER accepted null sender: from :: remote smtp1.cessniq.com:unknown:80.248.34.120 rcpt : accepted null sender always. What does accepted null sender allways mean ? The mails i get are Delivery Status Notification (Failure) they are from postmaster@ different domains and they claim its sent by Linette [EMAIL PROTECTED] a user that does not exist on my server. I did the open relay test over at http://www.southcomputers.com/relaytest.php and there i get Congratulations! mail.dataen.com *Does not appear to be* an open relay I realy need help here and yes i am a newb :-) Do you run web services on this machine? It looks like the messages are being sent from a rogue PHP script, or someone on your network may have gotten a virus. Do you have a catchall account defined, or are you deleting those messages? Yes ther is a webserver allso with joomla. i have enabled the delete function instead of catch all. If you recently added the delete option, go ahead and adjust your /var/qmail/control/queuelifetime file to something like 600 for a couple hours. This will clean out your queue. Just remember to set it back when the queue is cleaned out. What happened is a typical spam thing. Someone sent a message to [EMAIL PROTECTED], with a fake return-to address. They do this on purpose. It makes it harder to find out where the message actually came from, and if the cicarderie address doesn't exist, they're now using your machine to bounce the spam message to someone else. That should clear up your issue I imagine. Thnx for the replys :-) Ok i will change the queuelifetime. The delete option has been enabled since yesterday. how can i check the queue ? i did a qmailctl queue but that jus gave me messages in queue: 0 and messages in queue but not yet preprocessed: 0. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] i get bombed with mail please help
Espen wrote: Jake Vickers skrev: Espen wrote: Jake Vickers skrev: Espen wrote: Hi, Im using centos 5 and qmailtoaster. Everything worked fine untill jun 28 then i got bombed with mails on the 28 i got 3461 on 29 i got 3041 today 30 i got 3152 and counting. I tailed the smtp/current file and this shows all the time CHKUSER accepted null sender: from :: remote smtp1.cessniq.com:unknown:80.248.34.120 rcpt : accepted null sender always. What does accepted null sender allways mean ? The mails i get are Delivery Status Notification (Failure) they are from postmaster@ different domains and they claim its sent by Linette [EMAIL PROTECTED] a user that does not exist on my server. I did the open relay test over at http://www.southcomputers.com/relaytest.php and there i get Congratulations! mail.dataen.com *Does not appear to be* an open relay I realy need help here and yes i am a newb :-) Do you run web services on this machine? It looks like the messages are being sent from a rogue PHP script, or someone on your network may have gotten a virus. Do you have a catchall account defined, or are you deleting those messages? Yes ther is a webserver allso with joomla. i have enabled the delete function instead of catch all. If you recently added the delete option, go ahead and adjust your /var/qmail/control/queuelifetime file to something like 600 for a couple hours. This will clean out your queue. Just remember to set it back when the queue is cleaned out. What happened is a typical spam thing. Someone sent a message to [EMAIL PROTECTED], with a fake return-to address. They do this on purpose. It makes it harder to find out where the message actually came from, and if the cicarderie address doesn't exist, they're now using your machine to bounce the spam message to someone else. That should clear up your issue I imagine. Thnx for the replys :-) Ok i will change the queuelifetime. The delete option has been enabled since yesterday. how can i check the queue ? i did a qmailctl queue but that jus gave me messages in queue: 0 and messages in queue but not yet preprocessed: 0. Then you have no messages in the queue. You're good. All those messages have already been bounced/deleted. smime.p7s Description: S/MIME Cryptographic Signature
Re: [qmailtoaster] i get bombed with mail please help
Jake Vickers skrev: Espen wrote: Jake Vickers skrev: Espen wrote: Jake Vickers skrev: Espen wrote: Hi, Im using centos 5 and qmailtoaster. Everything worked fine untill jun 28 then i got bombed with mails on the 28 i got 3461 on 29 i got 3041 today 30 i got 3152 and counting. I tailed the smtp/current file and this shows all the time CHKUSER accepted null sender: from :: remote smtp1.cessniq.com:unknown:80.248.34.120 rcpt : accepted null sender always. What does accepted null sender allways mean ? The mails i get are Delivery Status Notification (Failure) they are from postmaster@ different domains and they claim its sent by Linette [EMAIL PROTECTED] a user that does not exist on my server. I did the open relay test over at http://www.southcomputers.com/relaytest.php and there i get Congratulations! mail.dataen.com *Does not appear to be* an open relay I realy need help here and yes i am a newb :-) Do you run web services on this machine? It looks like the messages are being sent from a rogue PHP script, or someone on your network may have gotten a virus. Do you have a catchall account defined, or are you deleting those messages? Yes ther is a webserver allso with joomla. i have enabled the delete function instead of catch all. If you recently added the delete option, go ahead and adjust your /var/qmail/control/queuelifetime file to something like 600 for a couple hours. This will clean out your queue. Just remember to set it back when the queue is cleaned out. What happened is a typical spam thing. Someone sent a message to [EMAIL PROTECTED], with a fake return-to address. They do this on purpose. It makes it harder to find out where the message actually came from, and if the cicarderie address doesn't exist, they're now using your machine to bounce the spam message to someone else. That should clear up your issue I imagine. Thnx for the replys :-) Ok i will change the queuelifetime. The delete option has been enabled since yesterday. how can i check the queue ? i did a qmailctl queue but that jus gave me messages in queue: 0 and messages in queue but not yet preprocessed: 0. Then you have no messages in the queue. You're good. All those messages have already been bounced/deleted. I just noticed that CHKUSER accepted null sender: from :: remote mailengine24.web2000.activeisp.com:unknown:213.188.134.30 rcpt : accepted null sender always CHKUSER accepted rcpt: from :: remote mailengine24.web2000.activeisp.com:unknown:213.188.134.30 rcpt [EMAIL PROTECTED] : found existing recipient simscan:[5988]:CLEAN (1.30/12.00):0.7541s:Delivery failure ([EMAIL PROTECTED]):213.188.134.30::[EMAIL PROTECTED]: found existing recipient Does that mean [EMAIL PROTECTED] exists ? thnx again. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] i get bombed with mail please help
Espen wrote: I just noticed that CHKUSER accepted null sender: from :: remote mailengine24.web2000.activeisp.com:unknown:213.188.134.30 rcpt : accepted null sender always CHKUSER accepted rcpt: from :: remote mailengine24.web2000.activeisp.com:unknown:213.188.134.30 rcpt [EMAIL PROTECTED] : found existing recipient simscan:[5988]:CLEAN (1.30/12.00):0.7541s:Delivery failure ([EMAIL PROTECTED]):213.188.134.30::[EMAIL PROTECTED]: found existing recipient Does that mean [EMAIL PROTECTED] exists ? Either that user exists, or you had the catchall account defined at the time. smime.p7s Description: S/MIME Cryptographic Signature
Re: [qmailtoaster] i get bombed with mail please help
Jake Vickers skrev: Espen wrote: I just noticed that CHKUSER accepted null sender: from :: remote mailengine24.web2000.activeisp.com:unknown:213.188.134.30 rcpt : accepted null sender always CHKUSER accepted rcpt: from :: remote mailengine24.web2000.activeisp.com:unknown:213.188.134.30 rcpt [EMAIL PROTECTED] : found existing recipient simscan:[5988]:CLEAN (1.30/12.00):0.7541s:Delivery failure ([EMAIL PROTECTED]):213.188.134.30::[EMAIL PROTECTED]: found existing recipient Does that mean [EMAIL PROTECTED] exists ? Either that user exists, or you had the catchall account defined at the time. I can not find the adress in /home/vpopmail/domains/. neither in qmailadmin or vpopmail on the admin-toaster webpage. i allso did a #locate cicarderie but nothing came up. Catchall is set to *CatchAll: Deleted* according to qmailadmin. But if the server has been set to delete CatchAll it has to accept it in order to delete it or ? like i said im a realy newb :-) Again i thank you for replying. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] i get bombed with mail please help
Espen wrote: Jake Vickers skrev: Espen wrote: I just noticed that CHKUSER accepted null sender: from :: remote mailengine24.web2000.activeisp.com:unknown:213.188.134.30 rcpt : accepted null sender always CHKUSER accepted rcpt: from :: remote mailengine24.web2000.activeisp.com:unknown:213.188.134.30 rcpt [EMAIL PROTECTED] : found existing recipient simscan:[5988]:CLEAN (1.30/12.00):0.7541s:Delivery failure ([EMAIL PROTECTED]):213.188.134.30::[EMAIL PROTECTED]: found existing recipient Does that mean [EMAIL PROTECTED] exists ? Either that user exists, or you had the catchall account defined at the time. I can not find the adress in /home/vpopmail/domains/. neither in qmailadmin or vpopmail on the admin-toaster webpage. i allso did a #locate cicarderie but nothing came up. Catchall is set to *CatchAll: Deleted* according to qmailadmin. But if the server has been set to delete CatchAll it has to accept it in order to delete it or ? like i said im a realy newb :-) Again i thank you for replying. Yes, it will accept all if you have it set to delete. It will delete those that do not match an actual address. smime.p7s Description: S/MIME Cryptographic Signature