I think my sme is being used to send spam?

jameswilson

795
+0/-0

I think my sme is being used to send spam?

« on: August 24, 2010, 12:30:47 PM »

Im getting funny failed messages.
Im assuming one of the websites on it, or a user account has been compromised.
How can i tell where these mails are originating from?

ie user on smtps or website / ibay, and which one?

Ta
James

Logged

Stefano

10,894
+3/-0

Re: I think my sme is being used to send spam?

« Reply #1 on: August 24, 2010, 12:34:27 PM »

first of all disconnect your SME from wan..
if one (I guess PHP) site has been compromised, you are likely spamming..

Logged

jameswilson

795
+0/-0

Re: I think my sme is being used to send spam?

« Reply #2 on: August 24, 2010, 12:37:11 PM »

already done that.

Logged

Stefano

10,894
+3/-0

Re: I think my sme is being used to send spam?

« Reply #3 on: August 24, 2010, 12:38:58 PM »

thank you

how do the site(s) send email? do you use some kind of auth?

I suggest you to create separate users, one for each site..

Logged

byte

2,183
+2/-0

Re: I think my sme is being used to send spam?

« Reply #4 on: August 24, 2010, 12:53:28 PM »

Quote from: jameswilson on August 24, 2010, 12:30:47 PM

How can i tell where these mails are originating from?

Check the the /var/log/qmail, /var/log/qpsmtpd and /var/log/sqpsmtpd, this will show every mail transaction. Also change the password immediately of all users if you want to be on the safe side.

Can you tell us more ? is it a client workstation ? What version of SME Server are you using ?

Logged

--[byte]--

Have you filled in a Bug Report over @ http://bugs.contribs.org ? Please don't wait to be told this way you help us to help you/others - Thanks!