subject:"RE\: \[qmailtoaster\] Attack\?"

Re: [qmailtoaster] Attack?

2010-06-28 Thread Natalio Gatti

On Mon, Jun 28, 2010 at 7:52 AM, Rafael Andrade raf...@riosulense.com.brwrote:

 Thank you for reply.

 My problems continues... take a look.

 *[r...@net ~]# qmailctl queue | head*
 messages in queue: 6182
 messages in queue but not yet preprocessed: 0

 *[r...@net ~]# qmHandle -m2465807 *

 --
 MESSAGE NUMBER 2465807
 --
 Received: (qmail 21700 invoked by uid 48); 28 Jun 2010 04:32:52 -
 Date: 28 Jun 2010 04:32:52 -
 Message-ID: 20100628043252.21698.qm...@mail.metalservice.ind.br
 To: bireli...@yahoo.com.br

 Subject: Atualização do seu aparelho Itoken versão Final sem erros
 MIME-Version: 1.0
 Content-type: text/html; charset=iso-8859-1

 From: Itau Informa Todos erros corrigidos 
 comunicacaodigi...@itau-unibanco.com.br


mmm, It seems that a process is sending mails. In the headers there is no
information about an smtp connection. Maybe a php application with bugs
running int the same server?  Can you check User ID 48 in your /etc/passwd?

Re: [qmailtoaster] Attack?

2010-06-28 Thread Rafael Andrade


[r...@net ~]# cat /etc/passwd  | grep -i 48
apache:x:48:48:Apache:/var/www:/sbin/nologin



Natalio Gatti escreveu:



On Mon, Jun 28, 2010 at 7:52 AM, Rafael Andrade 
raf...@riosulense.com.br mailto:raf...@riosulense.com.br wrote:


Thank you for reply.

My problems continues... take a look.

*[r...@net ~]# qmailctl queue | head*
messages in queue: 6182
messages in queue but not yet preprocessed: 0

*[r...@net ~]# qmHandle -m2465807 *

--
MESSAGE NUMBER 2465807
--
Received: (qmail 21700 invoked by uid 48); 28 Jun 2010 04:32:52 -
Date: 28 Jun 2010 04:32:52 -
Message-ID: 20100628043252.21698.qm...@mail.metalservice.ind.br
mailto:20100628043252.21698.qm...@mail.metalservice.ind.br
To: bireli...@yahoo.com.br mailto:bireli...@yahoo.com.br

Subject: Atualização do seu aparelho Itoken versão Final sem erros
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1

From: Itau Informa Todos erros corrigidos
comunicacaodigi...@itau-unibanco.com.br
mailto:comunicacaodigi...@itau-unibanco.com.br


mmm, It seems that a process is sending mails. In the headers there is 
no information about an smtp connection. Maybe a php application with 
bugs running int the same server?  Can you check User ID 48 in your 
/etc/passwd?


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Attack?

2010-06-28 Thread Atul Paralikar

Most of the time, there will not be any details of the smtp connections in
the header if a valid account is compromised or hacked.

In my case one of the account was compromised, which might be different from
your issue.

You can check for an account (valid domain account) in your SMTP logs or
SEND logs for repeated logins. Also use netstat -an command to check from
which IP the mails are being fired and lookup the same in the SMTP/SEND mail
logs.

In the logs check for repeated events of this IP and it should also give you
some clue of the account that is being used for sending emails. Either
disable that login or block that IP. If the mails are sent from your web
application, then make sure you use a SMTP authentication, so that you can
identify the correct user.

I had the same problem and it took a good amount of time for me to arrest
this. I was getting 28-30K mails per hour which almost freezed my mail
server.

I hope the above solution helps.

Regards,
Atul Paralikar


-Original Message-
From: Rafael Andrade [mailto:raf...@riosulense.com.br] 
Sent: Monday, June 28, 2010 6:18 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Attack?

[r...@net ~]# cat /etc/passwd  | grep -i 48
apache:x:48:48:Apache:/var/www:/sbin/nologin



Natalio Gatti escreveu:


 On Mon, Jun 28, 2010 at 7:52 AM, Rafael Andrade 
 raf...@riosulense.com.br mailto:raf...@riosulense.com.br wrote:

 Thank you for reply.

 My problems continues... take a look.

 *[r...@net ~]# qmailctl queue | head*
 messages in queue: 6182
 messages in queue but not yet preprocessed: 0

 *[r...@net ~]# qmHandle -m2465807 *

 --
 MESSAGE NUMBER 2465807
 --
 Received: (qmail 21700 invoked by uid 48); 28 Jun 2010 04:32:52 -
 Date: 28 Jun 2010 04:32:52 -
 Message-ID: 20100628043252.21698.qm...@mail.metalservice.ind.br
 mailto:20100628043252.21698.qm...@mail.metalservice.ind.br
 To: bireli...@yahoo.com.br mailto:bireli...@yahoo.com.br

 Subject: Atualização do seu aparelho Itoken versão Final sem erros
 MIME-Version: 1.0
 Content-type: text/html; charset=iso-8859-1

 From: Itau Informa Todos erros corrigidos
 comunicacaodigi...@itau-unibanco.com.br
 mailto:comunicacaodigi...@itau-unibanco.com.br


 mmm, It seems that a process is sending mails. In the headers there is 
 no information about an smtp connection. Maybe a php application with 
 bugs running int the same server?  Can you check User ID 48 in your 
 /etc/passwd?


-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!

-
 Please visit qmailtoaster.com for the latest news, updates, and
packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com





-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.

  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Attack?

2010-06-28 Thread Natalio Gatti

On Mon, Jun 28, 2010 at 9:48 AM, Rafael Andrade raf...@riosulense.com.brwrote:

 [r...@net ~]# cat /etc/passwd  | grep -i 48
 apache:x:48:48:Apache:/var/www:/sbin/nologin

 The UserID indicates that apache is sending those mails. Check your php
applications.




 Natalio Gatti escreveu:



 On Mon, Jun 28, 2010 at 7:52 AM, Rafael Andrade 
 raf...@riosulense.com.brmailto:
 raf...@riosulense.com.br wrote:

Thank you for reply.

My problems continues... take a look.

*[r...@net ~]# qmailctl queue | head*
messages in queue: 6182
messages in queue but not yet preprocessed: 0

*[r...@net ~]# qmHandle -m2465807 *

--
MESSAGE NUMBER 2465807
--
Received: (qmail 21700 invoked by uid 48); 28 Jun 2010 04:32:52 -
Date: 28 Jun 2010 04:32:52 -
Message-ID: 20100628043252.21698.qm...@mail.metalservice.ind.br
mailto:20100628043252.21698.qm...@mail.metalservice.ind.br
To: bireli...@yahoo.com.br mailto:bireli...@yahoo.com.br


Subject: Atualização do seu aparelho Itoken versão Final sem erros
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1

From: Itau Informa Todos erros corrigidos
comunicacaodigi...@itau-unibanco.com.br
mailto:comunicacaodigi...@itau-unibanco.com.br



 mmm, It seems that a process is sending mails. In the headers there is no
 information about an smtp connection. Maybe a php application with bugs
 running int the same server?  Can you check User ID 48 in your /etc/passwd?



 -
 Qmailtoaster is sponsored by Vickers Consulting Group (
 www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!

 -
Please visit qmailtoaster.com for the latest news, updates, and
 packages.
 To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Attack?

2010-06-26 Thread Ganesh.payelkar

Dear Rafael,

 If your queue are still having this kind of mails, you
can check the mail header in Queue. That is in /var/qmail/queue there are
respective folder to keep incoming and outgoing mails. You have to check
some files in mess folder. Before delivering mails are kept in respective
folders. you can use cat cmd to see the header of that mails. but you should
not delete that files there.
  I hope you will get header as well as, which mail id used
by spammer to send mails outside.
kindly correct me if i am wrong.

Regards,
Ganesh payelkar





On Tue, Jun 22, 2010 at 4:29 PM, Rafael Andrade raf...@riosulense.com.brwrote:

 Hello list,

 I have a production server with qmailtoaster on centos running 2 years
 perfectly, recently the server stuck, with many messages in queue, i need to
 stop qmail, clean the queue and running qmail again, but i need a solution
 to fix this problem, any knows or can help?

 Thanks so much

 Examples in queue:

 Client = Hide Client Domain

 [r...@net ~]# qmailctl queue | head
 messages in queue: 14691
 messages in queue but not yet preprocessed: 2
 21 Jun 2010 22:45:02 GMT  #3087267  1435  anonym...@client.ind.br
   remote  prittyg...@yahoo.com.br
 21 Jun 2010 22:34:44 GMT  #3069258  1430  anonym...@client.ind.br
   remote  prisci...@terra.com.br
 21 Jun 2010 22:44:39 GMT  #3079585  1439  anonym...@client.ind.br
   remote  priscillame...@yahoo.com.br
 22 Jun 2010 00:02:57 GMT  #2443198  1438  anonym...@client.ind.br
   remote  qeezajtze...@stargate5.com

 Thanks so much





 -
 Qmailtoaster is sponsored by Vickers Consulting Group (
 www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!

 -
Please visit qmailtoaster.com for the latest news, updates, and
 packages.
 To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Attack?

2010-06-22 Thread senthil vel

Seems some one is spamming. Any one of your mail account might be
compromised. The server is using port 587 to accept mails from local users?
. /var/log/qmail/submission or /var/log/qmail/smtp will tell the truth.

say for example, search for qeezajtze...@stargate5.com in above mentioned
logs. So that we can get the origination of this mail. If it is using a
local mail id for authentication, reset the password of the mail. Also
remove the mails in queue using qmail-remove.

--Senthilvel.

On Tue, Jun 22, 2010 at 4:29 PM, Rafael Andrade raf...@riosulense.com.brwrote:

 Hello list,

 I have a production server with qmailtoaster on centos running 2 years
 perfectly, recently the server stuck, with many messages in queue, i need to
 stop qmail, clean the queue and running qmail again, but i need a solution
 to fix this problem, any knows or can help?

 Thanks so much

 Examples in queue:

 Client = Hide Client Domain

 [r...@net ~]# qmailctl queue | head
 messages in queue: 14691
 messages in queue but not yet preprocessed: 2
 21 Jun 2010 22:45:02 GMT  #3087267  1435  anonym...@client.ind.br
   remote  prittyg...@yahoo.com.br
 21 Jun 2010 22:34:44 GMT  #3069258  1430  anonym...@client.ind.br
   remote  prisci...@terra.com.br
 21 Jun 2010 22:44:39 GMT  #3079585  1439  anonym...@client.ind.br
   remote  priscillame...@yahoo.com.br
 22 Jun 2010 00:02:57 GMT  #2443198  1438  anonym...@client.ind.br
   remote  qeezajtze...@stargate5.com

 Thanks so much




 -
 Qmailtoaster is sponsored by Vickers Consulting Group (
 www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!

 -
Please visit qmailtoaster.com for the latest news, updates, and
 packages.
 To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Attack?

2010-06-22 Thread Anil Aliyan

This could happen if the client machine of a valid user is infected with
some virus or Trojan which send mail using outlook settings.

 

 

 

From: senthil vel [mailto:senthilv...@gmail.com] 
Sent: 22 June 2010 17:07
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Attack?

 

Seems some one is spamming. Any one of your mail account might be
compromised. The server is using port 587 to accept mails from local users?
. /var/log/qmail/submission or /var/log/qmail/smtp will tell the truth. 

say for example, search for qeezajtze...@stargate5.com in above mentioned
logs. So that we can get the origination of this mail. If it is using a
local mail id for authentication, reset the password of the mail. Also
remove the mails in queue using qmail-remove. 

--Senthilvel.

On Tue, Jun 22, 2010 at 4:29 PM, Rafael Andrade raf...@riosulense.com.br
wrote:

Hello list,

I have a production server with qmailtoaster on centos running 2 years
perfectly, recently the server stuck, with many messages in queue, i need to
stop qmail, clean the queue and running qmail again, but i need a solution
to fix this problem, any knows or can help?

Thanks so much

Examples in queue:

Client = Hide Client Domain

[r...@net ~]# qmailctl queue | head
messages in queue: 14691
messages in queue but not yet preprocessed: 2
21 Jun 2010 22:45:02 GMT  #3087267  1435  anonym...@client.ind.br
  remote  prittyg...@yahoo.com.br
21 Jun 2010 22:34:44 GMT  #3069258  1430  anonym...@client.ind.br
  remote  prisci...@terra.com.br
21 Jun 2010 22:44:39 GMT  #3079585  1439  anonym...@client.ind.br
  remote  priscillame...@yahoo.com.br
22 Jun 2010 00:02:57 GMT  #2443198  1438  anonym...@client.ind.br
  remote  qeezajtze...@stargate5.com

Thanks so much




-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
  Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!

-
   Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
   For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Attack?

2010-06-22 Thread Rafael Andrade


Look in /var/log/maillog

Jun 22 09:02:10 net spamdyke[5028]: DENIED_RDNS_MISSING from: (unknown) 
to: anonym...@client.ind.br origin_ip: 189.2.134.108 origin_rdns: 
(unknown) auth: (unknown)
Jun 22 09:02:11 net spamdyke[5024]: DENIED_RDNS_MISSING from: 
affectionatevb...@semagroup.sema.se to: r...@metalservice.ind.br 
origin_ip: 79.189.227.34 origin_rdns: (unknown) auth: (unknown)
Jun 22 09:02:14 net spamdyke[5025]: DENIED_RDNS_MISSING from: 
il...@neofiber.com.br to: il...@client.com.br origin_ip: 80.184.67.122 
origin_rdns: (unknown) auth: (unknown)
Jun 22 09:02:14 net spamdyke[5026]: DENIED_RDNS_RESOLVE from: (unknown) 
to: anonym...@client.ind.br origin_ip: 209.113.141.35 origin_rdns: 
mlsvr01.mindleaf.com auth: (unknown)
Jun 22 09:02:44 net spamdyke[5033]: DENIED_RDNS_MISSING from: (unknown) 
to: anonym...@client.ind.br origin_ip: 200.143.203.70 origin_rdns: 
(unknown) auth: (unknown)
Jun 22 09:02:50 net spamdyke[5032]: DENIED_OTHER from: 
rgper...@fibria.com.br to: anonym...@client.ind.br origin_ip: 
200.185.80.78 origin_rdns: smtp4.votorantim.com.br auth: (unknown)
Jun 22 09:03:09 net spamdyke[5043]: DENIED_RDNS_MISSING from: (unknown) 
to: anonym...@client.ind.br origin_ip: 202.181.238.101 origin_rdns: 
(unknown) auth: (unknown)
Jun 22 09:03:26 net spamdyke[5046]: DENIED_RDNS_MISSING from: (unknown) 
to: anonym...@client.ind.br origin_ip: 200.14.68.55 origin_rdns: 
(unknown) auth: (unknown)
Jun 22 09:03:30 net spamdyke[5050]: DENIED_RDNS_MISSING from: (unknown) 
to: anonym...@client.ind.br origin_ip: 200.228.168.2 origin_rdns: 
(unknown) auth: (unknown)
Jun 22 09:03:42 net spamdyke[5106]: DENIED_RDNS_MISSING from: (unknown) 
to: anonym...@client.ind.br origin_ip: 200.228.168.2 origin_rdns: 
(unknown) auth: (unknown)
Jun 22 09:03:53 net spamdyke[5108]: DENIED_RBL_MATCH from: (unknown) to: 
anonym...@client.ind.br origin_ip: 201.76.223.15 origin_rdns: 
send.wnetrj.com.br auth: (unknown)



The ips are spoofing?
Actually im not using 587 port
Im using vpopmail to auth my users.

Thanks so much!!




senthil vel escreveu:
Seems some one is spamming. Any one of your mail account might be 
compromised. The server is using port 587 to accept mails from local 
users? . /var/log/qmail/submission or /var/log/qmail/smtp will tell 
the truth.


say for example, search for qeezajtze...@stargate5.com 
mailto:qeezajtze...@stargate5.com in above mentioned logs. So that 
we can get the origination of this mail. If it is using a local mail 
id for authentication, reset the password of the mail. Also remove the 
mails in queue using qmail-remove.


--Senthilvel.

On Tue, Jun 22, 2010 at 4:29 PM, Rafael Andrade 
raf...@riosulense.com.br mailto:raf...@riosulense.com.br wrote:


Hello list,

I have a production server with qmailtoaster on centos running 2
years perfectly, recently the server stuck, with many messages in
queue, i need to stop qmail, clean the queue and running qmail
again, but i need a solution to fix this problem, any knows or can
help?

Thanks so much

Examples in queue:

Client = Hide Client Domain

[r...@net ~]# qmailctl queue | head
messages in queue: 14691
messages in queue but not yet preprocessed: 2
21 Jun 2010 22:45:02 GMT  #3087267  1435  anonym...@client.ind.br
mailto:anonym...@client.ind.br
  remote  prittyg...@yahoo.com.br mailto:prittyg...@yahoo.com.br
21 Jun 2010 22:34:44 GMT  #3069258  1430  anonym...@client.ind.br
mailto:anonym...@client.ind.br
  remote  prisci...@terra.com.br mailto:prisci...@terra.com.br
21 Jun 2010 22:44:39 GMT  #3079585  1439  anonym...@client.ind.br
mailto:anonym...@client.ind.br
  remote  priscillame...@yahoo.com.br
mailto:priscillame...@yahoo.com.br
22 Jun 2010 00:02:57 GMT  #2443198  1438  anonym...@client.ind.br
mailto:anonym...@client.ind.br
  remote  qeezajtze...@stargate5.com
mailto:qeezajtze...@stargate5.com

Thanks so much




-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com http://www.vickersconsulting.com)
  Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!

-
   Please visit qmailtoaster.com http://qmailtoaster.com for the
latest news, updates, and packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com
   For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
mailto:qmailtoaster-list-h...@qmailtoaster.com





-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers

Re: [qmailtoaster] Attack?

2010-06-22 Thread senthil vel

Honestly, I am not using, spamdyke. Does spamtyke appends all the log to
/var/log/maillog? also seems spamdyke is rejecting these mails. Is this
current log? if so somebody still sending mails. Can't you get any
information from /var/log/qmail/smtp/current regarding this?

On Tue, Jun 22, 2010 at 5:43 PM, Rafael Andrade raf...@riosulense.com.brwrote:

 Look in /var/log/maillog

 Jun 22 09:02:10 net spamdyke[5028]: DENIED_RDNS_MISSING from: (unknown) to:
 anonym...@client.ind.br origin_ip: 189.2.134.108 origin_rdns: (unknown)
 auth: (unknown)
 Jun 22 09:02:11 net spamdyke[5024]: DENIED_RDNS_MISSING from:
 affectionatevb...@semagroup.sema.se to: r...@metalservice.ind.br origin_ip:
 79.189.227.34 origin_rdns: (unknown) auth: (unknown)
 Jun 22 09:02:14 net spamdyke[5025]: DENIED_RDNS_MISSING from:
 il...@neofiber.com.br to: il...@client.com.br origin_ip: 80.184.67.122
 origin_rdns: (unknown) auth: (unknown)
 Jun 22 09:02:14 net spamdyke[5026]: DENIED_RDNS_RESOLVE from: (unknown) to:
 anonym...@client.ind.br origin_ip: 209.113.141.35 origin_rdns:
 mlsvr01.mindleaf.com auth: (unknown)
 Jun 22 09:02:44 net spamdyke[5033]: DENIED_RDNS_MISSING from: (unknown) to:
 anonym...@client.ind.br origin_ip: 200.143.203.70 origin_rdns: (unknown)
 auth: (unknown)
 Jun 22 09:02:50 net spamdyke[5032]: DENIED_OTHER from:
 rgper...@fibria.com.br to: anonym...@client.ind.br origin_ip:
 200.185.80.78 origin_rdns: smtp4.votorantim.com.br auth: (unknown)
 Jun 22 09:03:09 net spamdyke[5043]: DENIED_RDNS_MISSING from: (unknown) to:
 anonym...@client.ind.br origin_ip: 202.181.238.101 origin_rdns: (unknown)
 auth: (unknown)
 Jun 22 09:03:26 net spamdyke[5046]: DENIED_RDNS_MISSING from: (unknown) to:
 anonym...@client.ind.br origin_ip: 200.14.68.55 origin_rdns: (unknown)
 auth: (unknown)
 Jun 22 09:03:30 net spamdyke[5050]: DENIED_RDNS_MISSING from: (unknown) to:
 anonym...@client.ind.br origin_ip: 200.228.168.2 origin_rdns: (unknown)
 auth: (unknown)
 Jun 22 09:03:42 net spamdyke[5106]: DENIED_RDNS_MISSING from: (unknown) to:
 anonym...@client.ind.br origin_ip: 200.228.168.2 origin_rdns: (unknown)
 auth: (unknown)
 Jun 22 09:03:53 net spamdyke[5108]: DENIED_RBL_MATCH from: (unknown) to:
 anonym...@client.ind.br origin_ip: 201.76.223.15 origin_rdns:
 send.wnetrj.com.br auth: (unknown)


 The ips are spoofing?
 Actually im not using 587 port
 Im using vpopmail to auth my users.

 Thanks so much!!




 senthil vel escreveu:

 Seems some one is spamming. Any one of your mail account might be
 compromised. The server is using port 587 to accept mails from local users?
 . /var/log/qmail/submission or /var/log/qmail/smtp will tell the truth.

 say for example, search for qeezajtze...@stargate5.com mailto:
 qeezajtze...@stargate5.com in above mentioned logs. So that we can get
 the origination of this mail. If it is using a local mail id for
 authentication, reset the password of the mail. Also remove the mails in
 queue using qmail-remove.

 --Senthilvel.


 On Tue, Jun 22, 2010 at 4:29 PM, Rafael Andrade 
 raf...@riosulense.com.brmailto:
 raf...@riosulense.com.br wrote:

Hello list,

I have a production server with qmailtoaster on centos running 2
years perfectly, recently the server stuck, with many messages in
queue, i need to stop qmail, clean the queue and running qmail
again, but i need a solution to fix this problem, any knows or can
help?

Thanks so much

Examples in queue:

Client = Hide Client Domain

[r...@net ~]# qmailctl queue | head
messages in queue: 14691
messages in queue but not yet preprocessed: 2
21 Jun 2010 22:45:02 GMT  #3087267  1435  anonym...@client.ind.br
mailto:anonym...@client.ind.br
  remote  prittyg...@yahoo.com.br mailto:prittyg...@yahoo.com.br

21 Jun 2010 22:34:44 GMT  #3069258  1430  anonym...@client.ind.br
mailto:anonym...@client.ind.br
  remote  prisci...@terra.com.br mailto:prisci...@terra.com.br

21 Jun 2010 22:44:39 GMT  #3079585  1439  anonym...@client.ind.br
mailto:anonym...@client.ind.br

  remote  priscillame...@yahoo.com.br
mailto:priscillame...@yahoo.com.br

22 Jun 2010 00:02:57 GMT  #2443198  1438  anonym...@client.ind.br
mailto:anonym...@client.ind.br
  remote  qeezajtze...@stargate5.com
mailto:qeezajtze...@stargate5.com


Thanks so much




  
 -
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com http://www.vickersconsulting.com)

  Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!

  
 -
   Please visit qmailtoaster.com http://qmailtoaster.com for the

latest news, updates, and packages.
To unsubscribe, e-mail:

Re: [qmailtoaster] Attack?

2010-06-22 Thread Rafael Andrade


Same time in /var/log/qmail/smtp/current show this log:

@40004c20ae8b0e33b054 CHKUSER accepted null sender: from :: remote 
eslovenia.intralesc.sc.gov.br:unknown:200.192.66.25 rcpt  : accepted 
null sender always

@40004c20ae8c09af4944 tcpserver: status: 14/100
@40004c20ae8c09af5114 tcpserver: pid 8948 from 123.127.247.104
@40004c20ae8c09af54fc tcpserver: ok 8948 net:10.1.1.254:25 
:123.127.247.104::55903
@40004c20ae90008f12f4 CHKUSER accepted null sender: from :: remote 
exchange.lvcgroup.com:unknown:123.127.247.104 rcpt  : accepted null 
sender always

@40004c20ae920602eae4 tcpserver: status: 15/100
@40004c20ae920602f2b4 tcpserver: pid 8950 from 200.228.168.2
@40004c20ae920602f69c tcpserver: ok 8950 net:10.1.1.254:25 
:200.228.168.2::52084

@40004c20ae92225def7c tcpserver: end 8948 status 0
@40004c20ae92225df74c tcpserver: status: 14/100
@40004c20ae931ac30d24 CHKUSER accepted null sender: from :: remote 
server.aceam.unb.org.br:unknown:200.228.168.2 rcpt  : accepted null 
sender always


in /var/log/maillog

Jun 22 09:37:27 net spamdyke[8948]: DENIED_RDNS_MISSING from: (unknown) 
to: anonym...@client.ind.br origin_ip: 123.127.247.104 origin_rdns: 
(unknown) auth: (unknown)
Jun 22 09:37:29 net spamdyke[8950]: DENIED_RDNS_MISSING from: (unknown) 
to: anonym...@client.ind.br origin_ip: 200.228.168.2 origin_rdns: 
(unknown) auth: (unknown)
Jun 22 09:37:44 net spamdyke[8952]: DENIED_RDNS_MISSING from: (unknown) 
to: anonym...@client.ind.br origin_ip: 200.228.168.2 origin_rdns: 
(unknown) auth: (unknown)
Jun 22 09:38:03 net spamdyke[8954]: DENIED_RDNS_MISSING from: (unknown) 
to: anonym...@client.ind.br origin_ip: 195.235.66.91 origin_rdns: 
(unknown) auth: (unknown)




Rafael Andrade  http://www.riosulense.com.br
...Administrador de Sistemas

. 47 3531-4152


Antes de imprimir, pense em sua responsabilidade e compromisso com o 
Meio Ambiente!















senthil vel escreveu:
Honestly, I am not using, spamdyke. Does spamtyke appends all the log 
to /var/log/maillog? also seems spamdyke is rejecting these mails. Is 
this current log? if so somebody still sending mails. Can't you get 
any information from /var/log/qmail/smtp/current regarding this?


On Tue, Jun 22, 2010 at 5:43 PM, Rafael Andrade 
raf...@riosulense.com.br mailto:raf...@riosulense.com.br wrote:


Look in /var/log/maillog

Jun 22 09:02:10 net spamdyke[5028]: DENIED_RDNS_MISSING from:
(unknown) to: anonym...@client.ind.br
mailto:anonym...@client.ind.br origin_ip: 189.2.134.108
origin_rdns: (unknown) auth: (unknown)
Jun 22 09:02:11 net spamdyke[5024]: DENIED_RDNS_MISSING from:
affectionatevb...@semagroup.sema.se
mailto:affectionatevb...@semagroup.sema.se to:
r...@metalservice.ind.br mailto:r...@metalservice.ind.br origin_ip:
79.189.227.34 origin_rdns: (unknown) auth: (unknown)
Jun 22 09:02:14 net spamdyke[5025]: DENIED_RDNS_MISSING from:
il...@neofiber.com.br mailto:il...@neofiber.com.br to:
il...@client.com.br mailto:il...@client.com.br origin_ip:
80.184.67.122 origin_rdns: (unknown) auth: (unknown)
Jun 22 09:02:14 net spamdyke[5026]: DENIED_RDNS_RESOLVE from:
(unknown) to: anonym...@client.ind.br
mailto:anonym...@client.ind.br origin_ip: 209.113.141.35
origin_rdns: mlsvr01.mindleaf.com http://mlsvr01.mindleaf.com
auth: (unknown)
Jun 22 09:02:44 net spamdyke[5033]: DENIED_RDNS_MISSING from:
(unknown) to: anonym...@client.ind.br
mailto:anonym...@client.ind.br origin_ip: 200.143.203.70
origin_rdns: (unknown) auth: (unknown)
Jun 22 09:02:50 net spamdyke[5032]: DENIED_OTHER from:
rgper...@fibria.com.br mailto:rgper...@fibria.com.br to:
anonym...@client.ind.br mailto:anonym...@client.ind.br
origin_ip: 200.185.80.78 origin_rdns: smtp4.votorantim.com.br
http://smtp4.votorantim.com.br auth: (unknown)
Jun 22 09:03:09 net spamdyke[5043]: DENIED_RDNS_MISSING from:
(unknown) to: anonym...@client.ind.br
mailto:anonym...@client.ind.br origin_ip: 202.181.238.101
origin_rdns: (unknown) auth: (unknown)
Jun 22 09:03:26 net spamdyke[5046]: DENIED_RDNS_MISSING from:
(unknown) to: anonym...@client.ind.br
mailto:anonym...@client.ind.br origin_ip: 200.14.68.55
origin_rdns: (unknown) auth: (unknown)
Jun 22 09:03:30 net spamdyke[5050]: DENIED_RDNS_MISSING from:
(unknown) to: anonym...@client.ind.br
mailto:anonym...@client.ind.br origin_ip: 200.228.168.2
origin_rdns: (unknown) auth: (unknown)
Jun 22 09:03:42 net spamdyke[5106]: DENIED_RDNS_MISSING from:
(unknown) to: anonym...@client.ind.br
mailto:anonym...@client.ind.br origin_ip: 200.228.168.2
origin_rdns: (unknown) auth: (unknown)
Jun 22 09:03:53 net spamdyke[5108]: DENIED_RBL_MATCH from:
(unknown) to: anonym...@client.ind.br
mailto:anonym...@client.ind.br

Re: [qmailtoaster] Attack?

2010-06-22 Thread senthil vel

message posted from  /var/log/qmail/smtp/current doesnot having any
information regarding this issue

Step 1. #qmailctl queue

it will show the mails in queue. Say for example, i am pasting the output
you have posted in first mail.

21 Jun 2010 22:45:02 GMT  #3087267  1435  anonym...@client.ind.br
  remote  prittyg...@yahoo.com.br
21 Jun 2010 22:34:44 GMT  #3069258  1430  anonym...@client.ind.br
  remote  prisci...@terra.com.br
21 Jun 2010 22:44:39 GMT  #3079585  1439  anonym...@client.ind.br
  remote  priscillame...@yahoo.com.br
22 Jun 2010 00:02:57 GMT  #2443198  1438  anonym...@client.ind.br
  remote  qeezajtze...@stargate5.com


select a mail id which is in 'remote' field. for example let us take,
prittyg...@yahoo.com.br. prittyg...@yahoo.com.br

Step 2. Use the grep command to search the mailid we collected in the first
field.

grep -i 'prittyg...@yahoo.com.br' /var/log/qmail/smtp/current

if no results found, check time of the mail in queue (21 Jun 2010 22:45:02)
for this mail. if so check the log file which is having this time stamp. To
do this, go to /var/log/qmail/smtp/

#cd /var/log/qmail/smtp/
#ll  or # ls -l

check the log file for appropriate date and time.

If anything does not work,

use,

grep -i 'prittyg...@yahoo.com.br' /var/log/qmail/smtp/*
grep -i 'prittyg...@yahoo.com.br' /var/log/qmail/submission/*

This may take long time and server resource. It will show the log for origin
of the mail.

--Senthilvel.

On Tue, Jun 22, 2010 at 6:16 PM, Rafael Andrade raf...@riosulense.com.brwrote:

 Same time in /var/log/qmail/smtp/current show this log:

 @40004c20ae8b0e33b054 CHKUSER accepted null sender: from :: remote
 eslovenia.intralesc.sc.gov.br:unknown:200.192.66.25 rcpt  : accepted
 null sender always
 @40004c20ae8c09af4944 tcpserver: status: 14/100
 @40004c20ae8c09af5114 tcpserver: pid 8948 from 123.127.247.104
 @40004c20ae8c09af54fc tcpserver: ok 8948 
 net:10.1.1.254:25:123.127.247.104:
 :55903
 @40004c20ae90008f12f4 CHKUSER accepted null sender: from :: remote
 exchange.lvcgroup.com:unknown:123.127.247.104 rcpt  : accepted null
 sender always
 @40004c20ae920602eae4 tcpserver: status: 15/100
 @40004c20ae920602f2b4 tcpserver: pid 8950 from 200.228.168.2
 @40004c20ae920602f69c tcpserver: ok 8950 net:10.1.1.254:25:200.228.168.2:
 :52084
 @40004c20ae92225def7c tcpserver: end 8948 status 0
 @40004c20ae92225df74c tcpserver: status: 14/100
 @40004c20ae931ac30d24 CHKUSER accepted null sender: from :: remote
 server.aceam.unb.org.br:unknown:200.228.168.2 rcpt  : accepted null
 sender always

 in /var/log/maillog

 Jun 22 09:37:27 net spamdyke[8948]: DENIED_RDNS_MISSING from: (unknown) to:
 anonym...@client.ind.br origin_ip: 123.127.247.104 origin_rdns: (unknown)
 auth: (unknown)
 Jun 22 09:37:29 net spamdyke[8950]: DENIED_RDNS_MISSING from: (unknown) to:
 anonym...@client.ind.br origin_ip: 200.228.168.2 origin_rdns: (unknown)
 auth: (unknown)
 Jun 22 09:37:44 net spamdyke[8952]: DENIED_RDNS_MISSING from: (unknown) to:
 anonym...@client.ind.br origin_ip: 200.228.168.2 origin_rdns: (unknown)
 auth: (unknown)
 Jun 22 09:38:03 net spamdyke[8954]: DENIED_RDNS_MISSING from: (unknown) to:
 anonym...@client.ind.br origin_ip: 195.235.66.91 origin_rdns: (unknown)
 auth: (unknown)



 
 Rafael Andrade  http://www.riosulense.com.br
 ...Administrador de Sistemas

 . 47 3531-4152


 Antes de imprimir, pense em sua responsabilidade e compromisso com o Meio
 Ambiente!














 senthil vel escreveu:

 Honestly, I am not using, spamdyke. Does spamtyke appends all the log to
 /var/log/maillog? also seems spamdyke is rejecting these mails. Is this
 current log? if so somebody still sending mails. Can't you get any
 information from /var/log/qmail/smtp/current regarding this?

 On Tue, Jun 22, 2010 at 5:43 PM, Rafael Andrade 
 raf...@riosulense.com.brmailto:
 raf...@riosulense.com.br wrote:

Look in /var/log/maillog

Jun 22 09:02:10 net spamdyke[5028]: DENIED_RDNS_MISSING from:
(unknown) to: anonym...@client.ind.br
mailto:anonym...@client.ind.br origin_ip: 189.2.134.108

origin_rdns: (unknown) auth: (unknown)
Jun 22 09:02:11 net spamdyke[5024]: DENIED_RDNS_MISSING from:
affectionatevb...@semagroup.sema.se
mailto:affectionatevb...@semagroup.sema.se to:
r...@metalservice.ind.br mailto:r...@metalservice.ind.br origin_ip:

79.189.227.34 origin_rdns: (unknown) auth: (unknown)
Jun 22 09:02:14 net spamdyke[5025]: DENIED_RDNS_MISSING from:
il...@neofiber.com.br mailto:il...@neofiber.com.br to:
il...@client.com.br mailto:il...@client.com.br origin_ip:

80.184.67.122 origin_rdns: (unknown) auth: (unknown)
Jun 22 09:02:14 net spamdyke[5026]: DENIED_RDNS_RESOLVE from:
(unknown) to: anonym...@client.ind.br
mailto:anonym...@client.ind.br origin_ip: 209.113.141.35

Re: [qmailtoaster] Attack?

2010-06-22 Thread Rafael Andrade

cat /var/log/qmail/smtp/*  | grep -i prittyg...@yahoo.com.br 
(empty)


cat /var/log/qmail/submission/*  | grep -i prittyg...@yahoo.com.br
(empty)

:(

still showing in maillog:

Jun 22 10:59:33 net spamdyke[16032]: DENIED_RDNS_MISSING from: (unknown) 
to: anonym...@metalservice.ind.br origin_ip: 200.228.168.2 origin_rdns: 
(unknown) auth: (unknown)
Jun 22 10:59:43 net spamdyke[16034]: DENIED_RDNS_MISSING from: (unknown) 
to: anonym...@metalservice.ind.br origin_ip: 200.228.168.2 origin_rdns: 
(unknown) auth: (unknown)
Jun 22 11:00:15 net spamdyke[16038]: DENIED_OTHER from: (unknown) to: 
anonym...@metalservice.ind.br origin_ip: 64.20.61.10 origin_rdns: 
ip10.njs0.srv.infoex.com auth: (unknown)
Jun 22 11:00:30 net spamdyke[16042]: DENIED_RDNS_MISSING from: (unknown) 
to: anonym...@metalservice.ind.br origin_ip: 200.14.68.55 origin_rdns: 
(unknown) auth: (unknown)
Jun 22 11:01:07 net spamdyke[16046]: DENIED_OTHER from: (unknown) to: 
anonym...@metalservice.ind.br origin_ip: 200.174.214.66 origin_rdns: 
ns.usinamoreno.com.br auth: (unknown)



[r...@net metalservice.ind.br]# cat /var/log/qmail/smtp/current  | grep 
-i ns.usinamoreno.com.br
@40004c20b8c62a1ca99c CHKUSER rejected rcpt: from :: remote 
ns.usinamoreno.com.br:unknown:200.174.214.66 rcpt 
anonym...@metalservice.ind.br : not existing recipient
@40004c20bd792b6ff8e4 CHKUSER accepted null sender: from :: remote 
ns.usinamoreno.com.br:unknown:200.174.214.66 rcpt  : accepted null 
sender always
@40004c20bd793057445c CHKUSER rejected rcpt: from :: remote 
ns.usinamoreno.com.br:unknown:200.174.214.66 rcpt 
anonym...@metalservice.ind.br : not existing recipient
@40004c20c22b376a2e1c CHKUSER accepted null sender: from :: remote 
ns.usinamoreno.com.br:unknown:200.174.214.66 rcpt  : accepted null 
sender always
@40004c20c22c00a04934 CHKUSER rejected rcpt: from :: remote 
ns.usinamoreno.com.br:unknown:200.174.214.66 rcpt 
anonym...@metalservice.ind.br : not existing recipient





senthil vel escreveu:
message posted from  /var/log/qmail/smtp/current doesnot having any 
information regarding this issue


Step 1. #qmailctl queue

it will show the mails in queue. Say for example, i am pasting the 
output you have posted in first mail.


21 Jun 2010 22:45:02 GMT  #3087267  1435  anonym...@client.ind.br 
mailto:anonym...@client.ind.br

  remote  prittyg...@yahoo.com.br mailto:prittyg...@yahoo.com.br
21 Jun 2010 22:34:44 GMT  #3069258  1430  anonym...@client.ind.br 
mailto:anonym...@client.ind.br

  remote  prisci...@terra.com.br mailto:prisci...@terra.com.br
21 Jun 2010 22:44:39 GMT  #3079585  1439  anonym...@client.ind.br 
mailto:anonym...@client.ind.br
  remote  priscillame...@yahoo.com.br 
mailto:priscillame...@yahoo.com.br
22 Jun 2010 00:02:57 GMT  #2443198  1438  anonym...@client.ind.br 
mailto:anonym...@client.ind.br
  remote  qeezajtze...@stargate5.com 
mailto:qeezajtze...@stargate5.com



select a mail id which is in 'remote' field. for example let us take,  
prittyg...@yahoo.com.br. mailto:prittyg...@yahoo.com.br


Step 2. Use the grep command to search the mailid we collected in the 
first field.


grep -i 'prittyg...@yahoo.com.br mailto:prittyg...@yahoo.com.br' 
/var/log/qmail/smtp/current


if no results found, check time of the mail in queue (21 Jun 2010 
22:45:02) for this mail. if so check the log file which is having this 
time stamp. To do this, go to /var/log/qmail/smtp/


#cd /var/log/qmail/smtp/
#ll  or # ls -l

check the log file for appropriate date and time.

If anything does not work,

use,

grep -i 'prittyg...@yahoo.com.br mailto:prittyg...@yahoo.com.br' 
/var/log/qmail/smtp/*
grep -i 'prittyg...@yahoo.com.br mailto:prittyg...@yahoo.com.br' 
/var/log/qmail/submission/*


This may take long time and server resource. It will show the log for 
origin of the mail.


--Senthilvel.

On Tue, Jun 22, 2010 at 6:16 PM, Rafael Andrade 
raf...@riosulense.com.br mailto:raf...@riosulense.com.br wrote:


Same time in /var/log/qmail/smtp/current show this log:

@40004c20ae8b0e33b054 CHKUSER accepted null sender: from ::
remote eslovenia.intralesc.sc.gov.br:unknown:200.192.66.25 rcpt
 : accepted null sender always
@40004c20ae8c09af4944 tcpserver: status: 14/100
@40004c20ae8c09af5114 tcpserver: pid 8948 from 123.127.247.104
@40004c20ae8c09af54fc tcpserver: ok 8948 net:10.1.1.254:25
http://10.1.1.254:25 :123.127.247.104::55903
@40004c20ae90008f12f4 CHKUSER accepted null sender: from ::
remote exchange.lvcgroup.com:unknown:123.127.247.104 rcpt  :
accepted null sender always
@40004c20ae920602eae4 tcpserver: status: 15/100
@40004c20ae920602f2b4 tcpserver: pid 8950 from 200.228.168.2
@40004c20ae920602f69c tcpserver: ok 8950 net:10.1.1.254:25
http://10.1.1.254:25 :200.228.168.2::52084
@40004c20ae92225def7c tcpserver: end 8948 status 0
@40004c20ae92225df74c tcpserver: status: 14/100
@40004c20ae931ac30d24 CHKUSER

Re: [qmailtoaster] Attack?

2010-06-22 Thread Rafael Andrade


[r...@net metalservice.ind.br]# qmailctl queue | wc -l
86325 :(

[r...@net metalservice.ind.br]# qmailctl queue | head -n 50
messages in queue: 40591
messages in queue but not yet preprocessed: 15
22 Jun 2010 15:46:19 GMT  #2467164  1456  anonym...@metalservice.ind.br
   remote  mat...@mikrus.com.br
22 Jun 2010 15:09:18 GMT  #3087267  1459  anonym...@metalservice.ind.br
   remote  robertajard...@yahoo.com.br
22 Jun 2010 15:37:38 GMT  #2461644  1463  anonym...@metalservice.ind.br
   remote  mate...@cetesbnet.sp.gov.br
22 Jun 2010 15:45:28 GMT  #2447016  1457  anonym...@metalservice.ind.br
   remote  mati...@joinet.com.br
22 Jun 2010 15:49:08 GMT  #3069258  1461  anonym...@metalservice.ind.br
   remote  mattaro...@psibo.unibo.it
22 Jun 2010 15:38:28 GMT  #2462288  2835  #...@[]
   remote  postmas...@net
22 Jun 2010 15:44:16 GMT  #2465807  1455  anonym...@metalservice.ind.br
   remote  mati...@is-koeln.de
22 Jun 2010 15:28:35 GMT  #2455112  1451  anonym...@metalservice.ind.br
   remote  rodolfo...@uol.com.br
22 Jun 2010 15:46:45 GMT  #2467555  1454  anonym...@metalservice.ind.br
   remote  matildene...@msn.com
22 Jun 2010 15:02:44 GMT  #3069603  1454  anonym...@metalservice.ind.br
   remote  roberto.come...@bol.com.br
22 Jun 2010 15:42:13 GMT  #2464565  1460  anonym...@metalservice.ind.br
   remote  matoso.sona...@gmail.com
22 Jun 2010 15:34:11 GMT  #2443198  2872  #...@[]
   remote  postmas...@net
22 Jun 2010 15:50:15 GMT  #2470591  1459  anonym...@metalservice.ind.br
   remote  mat...@sum.desktop.com.br
22 Jun 2010 15:53:22 GMT  #2450535  1465  anonym...@metalservice.ind.br
   local   metalservice.ind.br-audito...@metalservice.ind.br
   remote  matilhaproduc...@terra.com.br
22 Jun 2010 15:56:32 GMT  #2506264  1452  anonym...@metalservice.ind.br
   local   metalservice.ind.br-audito...@metalservice.ind.br
   remote  matr...@uol.com.br
22 Jun 2010 15:53:25 GMT  #2448971  1457  anonym...@metalservice.ind.br
   local   metalservice.ind.br-audito...@metalservice.ind.br
   remote  matle...@terra.com.br
22 Jun 2010 15:43:26 GMT  #2465278  1458  anonym...@metalservice.ind.br
   remote  mat...@infraero.gov.br
22 Jun 2010 15:38:51 GMT  #2462702  1459  anonym...@metalservice.ind.br
   remote  mat...@dequi.eel.usp.br

As i can delete all msgs to anonym...@metalservice.ind.br using 
qmail-remove ( syntax ? )


Thanks so much again


senthil vel escreveu:

Not sure what is going on.. Some other spamdyke gurus may help.

How many mails are there in the queue now?

If the mail queue is still large, use qmail-remove to remove the mails 
in the queue. If qmail remove is not installed, please follow this.


*Install Qmail-Remove*

First you need to download latest version from here 
http://www.linuxmagic.com/opensource/qmail/qmail-remove/ current 
version is Qmail-Remove 0.95


Download using the following command

#wget 
http://www.linuxmagic.com/opensource/qmail/qmail-remove/qmail-remove-0.95.tar.gz


Now you have qmail-remove-0.95.tar.gz file and now you need to extract 
using the following command


#tar -zxvf qmail-remove-0.95.tar.gz

Now you should have qmail-remove-0.95 folder go in to the directory 
and run the following commands


#make

#make install

This will complete the installation.

Now you need to create a directory named “yanked” in the qmail queue 
directory you intend to use before using this program.


#mkdir /var/qmail/queue/yanked

*Using qmail-remove*

*Syntax*

qmail-remove [options]

*Available options*

-e use extended POSIX regular expressions

-h, -? this help message

-i search case insensitively [default: case sensitive]

-n limit our search to the first bytes of each file

-p specify the pattern to search for

-q specify the base qmail queue dir [default: /var/qmail/queue]

-r actually remove files, without this we’ll only print them

-s specify your conf-split value if non-standard [default: 23]

-v increase verbosity (can be used more than once)

-y directory to put files yanked from the queue [default: /yanked]

-X modify timestamp on matching files, to make qmail expire mail is 
the number of seconds we want to move the file into the 
past.specifying a value of 0 causes this to default to (604800)


-x modify timestamp on matching files, to make qmail expire mail is a 
date/time string in the format of output of the “date” program.


*Examples for qmail-remove*


To delete mails from Que,


# qmail-remove -r -p gtre.ac.net http://gtre.ac.net

324001: yes
moved mess/0/324001 to yanked/324001.mess
moved remote/0/324001 to yanked/324001.remote
moved info/0/324001 to yanked/324001.info http://324001.info
324024: yes
moved mess/0/324024 to yanked/324024.mess
moved remote/0/324024 to yanked/324024.remote
moved info/0/324024 to yanked/324024.info http://324024.info

This will remove all emails 
http://www.debianhelp.co.uk/qmailqueue.htm# in que with “gtre.ac.net 
http://gtre.ac.net” in it and place it in

Re: [qmailtoaster] Attack?

Re: [qmailtoaster] Attack?

RE: [qmailtoaster] Attack?

Re: [qmailtoaster] Attack?

Re: [qmailtoaster] Attack?

Re: [qmailtoaster] Attack?

RE: [qmailtoaster] Attack?

Re: [qmailtoaster] Attack?

Re: [qmailtoaster] Attack?

Re: [qmailtoaster] Attack?

Re: [qmailtoaster] Attack?

Re: [qmailtoaster] Attack?

Re: [qmailtoaster] Attack?

13 matches

Site Navigation

Mail list logo

Footer information