Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: aredman on June 25, 2004, 10:11:09 PM
-
I am getting several process from qmailr that dont look like they should be running on the system. Every time I try and kill the process, they just respawn themselves. Here is an output of the command ps -ef | grep qmail:
root 296 287 0 04:09 ? 00:00:00 supervise qmail
root 298 287 0 04:09 ? 00:00:00 supervise smtpfront-qmail
root 310 287 0 04:09 ? 00:00:00 supervise ssmtpfront-qmail
qmaill 316 297 0 04:09 ? 00:00:01 /usr/local/bin/multilog t s50000
qmaill 318 311 0 04:09 ? 00:00:00 [multilog]
qmaill 319 299 0 04:09 ? 00:00:01 /usr/local/bin/multilog t s50000
qmaild 1277 298 0 04:09 ? 00:00:00 /usr/local/bin/tcpserver -U -R -
qmails 1498 296 0 12:12 ? 00:00:03 qmail-send
root 1499 1498 0 12:12 ? 00:00:00 qmail-lspawn ./Maildir/
qmailr 1501 1498 0 12:12 ? 00:00:01 qmail-rspawn
qmailq 1502 1498 0 12:12 ? 00:00:00 qmail-clean
qmaild 5573 1277 0 12:39 ? 00:00:00 /usr/bin/smtpfront-qmail
qmaild 5739 1277 0 12:41 ? 00:00:00 /usr/bin/smtpfront-qmail
qmaild 9840 1277 0 13:04 ? 00:00:00 /usr/bin/smtpfront-qmail
qmailr 12589 1501 0 13:31 ? 00:00:00 qmail-remote yahoo.com.tw bjez8.
qmailr 12605 1501 0 13:31 ? 00:00:00 qmail-remote ms6.url.com.tw bjez
qmailr 12729 1501 0 13:33 ? 00:00:00 qmail-remote ms20.url.com.tw kqe
qmailr 12998 1501 0 13:38 ? 00:00:00 qmail-remote yahoo.com.tw tfasp.
qmailr 13067 1501 0 13:39 ? 00:00:00 qmail-remote yahoo.com.tw ussuf.
qmailr 13174 1501 0 13:41 ? 00:00:00 qmail-remote ms25.url.com.tw 5o5
qmailr 13191 1501 0 13:41 ? 00:00:00 qmail-remote yam.com e3z4p.jsyc1
qmailr 13235 1501 0 13:43 ? 00:00:00 qmail-remote ms37.url.com.tw liv
qmailr 13276 1501 0 13:43 ? 00:00:00 qmail-remote yam.com q41gv.yvt53
qmailr 13283 1501 0 13:43 ? 00:00:00 qmail-remote yahoo.com.tw q41gv.
qmailr 13500 1501 0 13:45 ? 00:00:00 qmail-remote yahoo.com.tw wngul.
qmailr 13501 1501 0 13:45 ? 00:00:00 qmail-remote yahoo.com.tw wngul.
qmailr 13588 1501 0 13:46 ? 00:00:00 qmail-remote yam.com knlo0.fw1cu
qmailr 13730 1501 0 13:49 ? 00:00:00 qmail-remote yam.com h04fh.nxqp9
qmailr 13823 1501 0 13:50 ? 00:00:00 qmail-remote yahoo.com.tw duove.
qmaild 13824 1277 0 13:50 ? 00:00:00 /usr/bin/smtpfront-qmail
qmailr 13826 1501 0 13:50 ? 00:00:00 qmail-remote hotmail.com duove.9
qmailr 13827 1501 0 13:50 ? 00:00:00 qmail-remote hotmail.com duove.9
qmailq 13831 13824 8 13:50 ? 00:00:00 suidperl -w /dev/fd/3//usr/sbin/
qmailr 13843 1501 0 13:50 ? 00:00:00 qmail-remote sinamail.com 2krp0.
qmailr 13853 1501 0 13:50 ? 00:00:00 qmail-remote yahoo.com.tw vu21p.
qmailr 13855 1501 0 13:50 ? 00:00:00 qmail-remote hotmail.com vu21p.m
The ones that I am ocncerned about are the qmail-remote entries that wont go away. Is there a way to get rid of these and make sure they dont come back. It looks like this is sending out many emails and filling up my qmail que. Thanks for any help in advance
-
I found same problem in my server.
Searching in google with "ps qmail-remote @" and got this as first link.
Also, when I check /var/log/messges, they are using my bind, the dns server to search other domain with dns.
Some servers got my dns service and using my bind to search other domain dns. Also, when I check the queue/message, they are pointing my e-mail server trying sending mail to "david" "mary" and "peter". A lot e-mail reply to unknown sender.
I will check the settings if I could drop those e-mail instead defaultly reply the failure mail to sender.
Well, my solution is...
Find out the way to block the IPs who 'dig' my dns?
Find out the way to drop the e-mail for not existing user?
I hate those people strealing my server resource!