Check your /var/log/maillog for lots of different IPs sending through one account via smtp, or create a phpmail log file to detect where the bad script is, like this:
https://blog.rimuhosting.com/2012/09/20/finding-spam-sending-scripts-on-your-server/




Pedro Estevão wrote:
Are you talking on a ilegit web hosting issue (script under wordpress site) or 
a ilegit access to your webmail (squirrelmail)?
Or if I miss understood what are web hosting and webmail related?

-----Original Message-----
From: Rajesh M [mailto:24x7ser...@24x7server.net]
Sent: 16 August 2017 14:22
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] spamming on server

hi

i have a few websites along with qmailtoaster

i noted that one of the websites with wordpress was hacked and using a php 
script the spammer was injecting emails into the qmail queue ie there is 
nothing in the smtp logs, but the send logs contained 1000s of remote delivery 
entries.

i use squirrelmail but with smtp authentication only, ie email sent to external 
domains from my server has to smtp authenticate first.

my tcp.smtp is as follows

127.0.0.1:allow
:allow,BADMIMETYPE="",QMAILQUEUE="/var/qmail/bin/simscan",BADLOADERTYPE="M",CHKUSER_START="ALWAYS",
CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",
DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"

how could the spammer directly inject email to the qmail queue ?

what am i missing here ?

thanks
rajesh




---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com





---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Reply via email to