Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: mauro on August 15, 2007, 09:30:08 AM

Title: Am I receiving/sending SPAM??
Post by: mauro on August 15, 2007, 09:30:08 AM: Hi,
today I received two nice messages from sme7admin: last night at 1:17 I received 919 mails and I sent out another 103!
Now, I had a look at both qmail and qpsmtpd logs around that time and I did not find any strange traffic.
Nobody was in the office, all PC clients shut down, no VPN connections, no ntp time adjustments this night...
None of us received any extra amount of spam, even if I can see the incoming mail graph in sme7admin actually showing a peak of incoming and outcoming emails.
What else should I check? I'm a bit warried...

Have a nice day!
Mauro
Title: Re: Am I receiving/sending SPAM??
Post by: cactus on August 15, 2007, 10:30:03 AM: Quote from: mauro on August 15, 2007, 09:30:08 AM
Hi,
today I received two nice messages from sme7admin: last night at 1:17 I received 919 mails and I sent out another 103!
Now, I had a look at both qmail and qpsmtpd logs around that time and I did not find any strange traffic.
Nobody was in the office, all PC clients shut down, no VPN connections, no ntp time adjustments this night...
None of us received any extra amount of spam, even if I can see the incoming mail graph in sme7admin actually showing a peak of incoming and outcoming emails.
What else should I check? I'm a bit warried...
Normally SME Server is closed to relaying, so it would be very hard to SPAM using a SME Server. Did you modify any configuration entries like remote access settings or open ports for external access to mail, define remote hosts as local hosts?
Title: Re: Am I receiving/sending SPAM??
Post by: mauro on August 15, 2007, 10:35:46 AM: No, I mean, I allow SSH connections only from local networks; no PPTP; external access through POP3S only (no webmail)... but the strange thing is that I really can't find all those messages in the log files. :-?
Title: Re: Am I receiving/sending SPAM??
Post by: mauro on August 15, 2007, 10:57:51 AM: I think it's a known bug (bugzilla #1051), basically an interference between sme7admin and logrotate; I have logrotate running at 1:12 and sme7admin sent out the alert exactly 5 minutes later. I feel better now...
Cactus, thanks for the suggestions anyway.
Title: Re: Am I receiving/sending SPAM??
Post by: cactus on August 15, 2007, 11:03:11 AM: Quote from: mauro on August 15, 2007, 10:57:51 AM
Cactus, thanks for the suggestions anyway.
You are welcome!
Title: Re: Am I receiving/sending SPAM??
Post by: Confucius on August 15, 2007, 12:44:53 PM: Seems to me a situation of the bulk is marked as spam and the mail you think you are sending out might be replies from qmail that you don't have the adresses they were trying to reach. Common thing with spam, they try every option they can come up with.
Title: Re: Am I receiving/sending SPAM??
Post by: micropitt on August 15, 2007, 03:16:13 PM: Quote from: mauro on August 15, 2007, 09:30:08 AM
Hi,
today I received two nice messages from sme7admin: last night at 1:17 I received 919 mails and I sent out another 103!
Now, I had a look at both qmail and qpsmtpd logs around that time and I did not find any strange traffic.
Nobody was in the office, all PC clients shut down, no VPN connections, no ntp time adjustments this night...
None of us received any extra amount of spam, even if I can see the incoming mail graph in sme7admin actually showing a peak of incoming and outcoming emails.
What else should I check? I'm a bit warried...

Have a nice day!
Mauro

Yep, same here. Last night I had 413 incoming and 173 outgoing but nothing in the logs......