My guess is the spammer is using php's mail() function and you have your server set up so the mail function goes into qmail rather than something else. As long as you have your localhost allowed (as you do), any script using the local mail() function will have full access.
From: Rajesh M <24x7ser...@24x7server.net> Reply-To: <qmailtoaster-list@qmailtoaster.com> Date: Wednesday, August 16, 2017 at 9:22 AM To: <qmailtoaster-list@qmailtoaster.com> Subject: [qmailtoaster] spamming on server hi i have a few websites along with qmailtoaster i noted that one of the websites with wordpress was hacked and using a php script the spammer was injecting emails into the qmail queue ie there is nothing in the smtp logs, but the send logs contained 1000s of remote delivery entries. i use squirrelmail but with smtp authentication only, ie email sent to external domains from my server has to smtp authenticate first. my tcp.smtp is as follows 127.0.0.1:allow :allow,BADMIMETYPE="",QMAILQUEUE="/var/qmail/bin/simscan",BADLOADERTYPE="M", CHKUSER_START="ALWAYS", CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1", DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/q mail/control/domainkeys/%/private" how could the spammer directly inject email to the qmail queue ? what am i missing here ? thanks rajesh --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com