thanks all

figured this out.

i had recently updated qmail and it reinstalled sendmail binary.

i have removed this and also taken necessary precautions for tracking the 


----- Original Message -----
From: Jaime Lerner []
Sent: Wed, 16 Aug 2017 09:25:09 -0400

My guess is the spammer is using php's mail() function and you have your
server set up so the mail function goes into qmail rather than something
else. As long as you have your localhost allowed (as you do), any script
using the local mail() function will have full access.

From:  Rajesh M <>
Reply-To:  <>
Date:  Wednesday, August 16, 2017 at 9:22 AM
To:  <>
Subject:  [qmailtoaster] spamming on server


i have a few websites along with qmailtoaster

i noted that one of the websites with wordpress was hacked and using a php
script the spammer was injecting emails into the qmail queue ie there is
nothing in the smtp logs, but the send logs contained 1000s of remote
delivery entries.

i use squirrelmail but with smtp authentication only, ie email sent to
external domains from my server has to smtp authenticate first.

my tcp.smtp is as follows

how could the spammer directly inject email to the qmail queue ?

what am i missing here ?


To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to