- Juan Carlos Castro y Castro <[EMAIL PROTECTED]>:
| Theres no qmail-smtpd because I killed them in panic. :-O
|
| The ones like "qmail-remote hotmail.com [EMAIL PROTECTED]" keep
| showing up at an alarming rate. Sometimes there are 10,15 of them, then
| the number decreases, then rises again. Could it be a DoS attack? Spam?
Sounds to me like you're running an open relay and have been found by
the spammers. Run (don't walk) to your control/rcpthosts and check
it. Don't have one? Create it *now*. Add in all your local domains,
all your virtual domains (if you have any) and any domains that your
machine is an MX for (ditto).
| What logfiles can I read to trace this?
Impossible to say, because qmail is so flexible as to how it performs
logging, and how much logging it does. Oh, I see you run splogger, so
mail logs wind up wherever /etc/syslog.conf says they should go. I
don't know if and where you log smtp traffic, since you didn't tell us
how you run your qmail-stmpd. But /var/qmail/bin/qmail-qread will at
least tell you what messages are in your queue right now.
- Harald
