Topic: unkown qmailr process

[aredman]

I am getting several process from qmailr that dont look like they should be running on the system. Every time I try and kill the process, they just respawn themselves. Here is an output of the command ps -ef | grep qmail:

root       296   287  0 04:09 ?        00:00:00 supervise qmail
root       298   287  0 04:09 ?        00:00:00 supervise smtpfront-qmail
root       310   287  0 04:09 ?        00:00:00 supervise ssmtpfront-qmail
qmaill     316   297  0 04:09 ?        00:00:01 /usr/local/bin/multilog t s50000
qmaill     318   311  0 04:09 ?        00:00:00 [multilog]
qmaill     319   299  0 04:09 ?        00:00:01 /usr/local/bin/multilog t s50000
qmaild    1277   298  0 04:09 ?        00:00:00 /usr/local/bin/tcpserver -U -R -
qmails    1498   296  0 12:12 ?        00:00:03 qmail-send
root      1499  1498  0 12:12 ?        00:00:00 qmail-lspawn ./Maildir/
qmailr    1501  1498  0 12:12 ?        00:00:01 qmail-rspawn
qmailq    1502  1498  0 12:12 ?        00:00:00 qmail-clean
qmaild    5573  1277  0 12:39 ?        00:00:00 /usr/bin/smtpfront-qmail
qmaild    5739  1277  0 12:41 ?        00:00:00 /usr/bin/smtpfront-qmail
qmaild    9840  1277  0 13:04 ?        00:00:00 /usr/bin/smtpfront-qmail
qmailr   12589  1501  0 13:31 ?        00:00:00 qmail-remote yahoo.com.tw bjez8.
qmailr   12605  1501  0 13:31 ?        00:00:00 qmail-remote ms6.url.com.tw bjez
qmailr   12729  1501  0 13:33 ?        00:00:00 qmail-remote ms20.url.com.tw kqe
qmailr   12998  1501  0 13:38 ?        00:00:00 qmail-remote yahoo.com.tw tfasp.
qmailr   13067  1501  0 13:39 ?        00:00:00 qmail-remote yahoo.com.tw ussuf.
qmailr   13174  1501  0 13:41 ?        00:00:00 qmail-remote ms25.url.com.tw 5o5
qmailr   13191  1501  0 13:41 ?        00:00:00 qmail-remote yam.com e3z4p.jsyc1
qmailr   13235  1501  0 13:43 ?        00:00:00 qmail-remote ms37.url.com.tw liv
qmailr   13276  1501  0 13:43 ?        00:00:00 qmail-remote yam.com q41gv.yvt53
qmailr   13283  1501  0 13:43 ?        00:00:00 qmail-remote yahoo.com.tw q41gv.
qmailr   13500  1501  0 13:45 ?        00:00:00 qmail-remote yahoo.com.tw wngul.
qmailr   13501  1501  0 13:45 ?        00:00:00 qmail-remote yahoo.com.tw wngul.
qmailr   13588  1501  0 13:46 ?        00:00:00 qmail-remote yam.com knlo0.fw1cu
qmailr   13730  1501  0 13:49 ?        00:00:00 qmail-remote yam.com h04fh.nxqp9
qmailr   13823  1501  0 13:50 ?        00:00:00 qmail-remote yahoo.com.tw duove.
qmaild   13824  1277  0 13:50 ?        00:00:00 /usr/bin/smtpfront-qmail
qmailr   13826  1501  0 13:50 ?        00:00:00 qmail-remote hotmail.com duove.9
qmailr   13827  1501  0 13:50 ?        00:00:00 qmail-remote hotmail.com duove.9
qmailq   13831 13824  8 13:50 ?        00:00:00 suidperl -w /dev/fd/3//usr/sbin/
qmailr   13843  1501  0 13:50 ?        00:00:00 qmail-remote sinamail.com 2krp0.
qmailr   13853  1501  0 13:50 ?        00:00:00 qmail-remote yahoo.com.tw vu21p.
qmailr   13855  1501  0 13:50 ?        00:00:00 qmail-remote hotmail.com vu21p.m


The ones that I am ocncerned about are the qmail-remote entries that wont go away. Is there a way to get rid of these and make sure they dont come back. It looks like this is sending out many emails and filling up my qmail que. Thanks for any help in advance

[ML]

I found same problem in my server.
Searching in google with "ps qmail-remote @" and got this as first link.
Also, when I check /var/log/messges, they are using my bind, the dns server to search other domain with dns.
Some servers got my dns service and using my bind to search other domain dns. Also, when I check the queue/message, they are pointing my e-mail server trying sending mail to "david" "mary" and "peter". A lot e-mail reply to unknown sender.

I will check the settings if I could drop those e-mail instead defaultly reply the failure mail to sender.

Well, my solution is...
Find out the way to block the IPs who 'dig' my dns?
Find out the way to drop the e-mail for not existing user?

I hate those people strealing my server resource!