Welcome to WebmasterWorld Guest from 54.144.79.200

Forum Moderators: phranque

Message Too Old, No Replies

qmail - am I sending spam?

     

jpavery

7:18 pm on Feb 28, 2007 (gmt 0)

10+ Year Member



looking at the tail of my error logs

tail -f /usr/local/psa/var/log/maillog

I see 1,000's of entires like the following:

NOTE: IP had been removed, and the e-mail addresses have been mucked up.

Feb 22 05:52:41 111-111-111-111 qmail: 1172152361.626082 status: local 0/10 remote 2/20

Feb 22 05:52:41 111-111-111-111 qmail: 1172152361.633231 delivery 6493: failure: Sorry._Although_I'm_listed_as_a_best-preference_MX_or_A_for_that_host,/it_isn't_in_my_control/locals_file,_so_I_don't_treat_it_as_local._(#5.4.6)/

Feb 22 05:52:41 111-111-111-111 qmail: 1172152361.633880 status: local 0/10 remote 1/20

Feb 22 05:52:41 111-111-111-111 qmail: 1172152361.634093 triple bounce: discarding bounce/4381611

Feb 22 05:52:41 111-111-111-111 qmail: 1172152361.634327 end msg 4381611

Feb 22 05:52:59 111-111-111-111 qmail: 1172152379.679746 starting delivery 6494: msg 4380419 to remote swerh@URLREMOVE.cn.

Feb 22 05:52:59 111-111-111-111 qmail: 1172152379.680119 status: local 0/10 remote 2/20

Feb 22 05:53:16 111-111-111-111 qmail: 1172152396.357100 delivery 6494: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/

Feb 22 05:53:16 111-111-111-111 qmail: 1172152396.357269 status: local 0/10 remote 1/20

Feb 22 05:54:39 111-111-111-111 qmail: 1172152479.381616 starting delivery 6495: msg 9617511 to remote Hope@URLREMOVE.hut.ru

Feb 22 05:54:39 111-111-111-111 qmail: 1172152479.382013 status: local 0/10 remote 2/20

Feb 22 05:54:56 111-111-111-111 qmail: 1172152496.394712 starting delivery 6496: msg 4382681 to remote bohrerlaw.com@URLREMOVE.com

Feb 22 05:54:56 111-111-111-111 qmail: 1172152496.394850 status: local 0/10 remote 3/20

Feb 22 05:55:05 111-111-111-111 qmail: 1172152505.244340 delivery 6495: success: 89.108.64.25_accepted_message./Remote_host_said:_250_Ok:_queued_as_A404333042F/

Feb 22 05:55:05 111-111-111-111 qmail: 1172152505.265636 status: local 0/10 remote 2/20

Feb 22 05:55:05 111-111-111-111 qmail: 1172152505.301852 starting delivery 6497: msg 9617518 to remote inhalator'simpetus's@URLREMOVE.com

Feb 22 05:55:05 111-111-111-111 qmail: 1172152505.302171 status: local 0/10 remote 3/20

Feb 22 05:55:05 111-111-111-111 qmail: 1172152505.302477 end msg 9617511

I've secured all of the forms. I use php mail() - and I've sanitized anything that goes into the headers. All of the forms also have some sort of spam protection.

This is really worrying. Is my server compromised and being used to send spam?

jpavery

1:44 pm on Mar 3, 2007 (gmt 0)

10+ Year Member



found the issue
[forum.qmailrocks.org...]
 

Featured Threads

Hot Threads This Week

Hot Threads This Month