troubleshooting Question

QMAIL SPAM ISSUE UNIX

Avatar of cyberpassion
cyberpassion asked on
AntiSpamEmail ServersEmail Protocols
5 Comments1 Solution828 ViewsLast Modified:
QMAIL PROBLEM : SPAMMERS may BE USING MY MAIL SERVER qmail-send program FOR MALICIOUS PURPOSES, I need confirmation and a successfull patch.

This is the mail alert I'm receiving every minute or so from some comcast IP addresses:


-------------------------------------------------------------------------------------
Hi. This is the qmail-send program at mail.MYDOMAIN.com.
I tried to deliver a bounce message to this address, but the bounce bounced!

<hackattempt@attackersdomain.com>:
Sorry, I couldn't find any host by that name. (#4.1.2)
I'm not going to try again; this message has been in the queue too long.

--- Below this line is the original bounce.

Return-Path: <>
Received: (qmail 2290 invoked for bounce); 17 Jul 2007 13:37:11 -0000
Date: 17 Jul 2007 13:37:11 -0000
From: MAILER-DAEMON@mail.MYDOMAIN.com
To: MYADMINACCOUNT@MYDOMAIN.com
Subject: failure notice

Hi. This is the qmail-send program at mail.MYDOMAIN.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<ypfjv@MYDOMAIN.com>:
Sorry, no mailbox here by that name. (#5.1.1)

--- Below this line is a copy of the message.

Return-Path: <hackattempt@domain.com>
Received: (qmail 1538 invoked by uid 108); 17 Jul 2007 13:36:53 -0000
Received: from mxin2.mailhop.org (HELO mhfr-06-bos.dyndns.com) (63.208.196.176)
  by mail.MYDOMAIN.com with SMTP; 17 Jul 2007 13:36:53 -0000
Received: from localhost ([127.0.0.1] helo=mhfr-06-bos.dyndns.com)
by mhfr-06-bos.dyndns.com with esmtp (Exim 4.67)
(envelope-from <hackattempt@domain.com>)
id 1I9DmL-000Psc-So
for ypfjv@MYDOMAIN.com; Fri, 13 Jul 2007 01:33:22 -0400
Received: from c-69-142-215-178.hsd1.nj.comcast.net ([69.142.215.178])
by mhfr-06-bos.dyndns.com with smtp (Exim 4.67)
(envelope-from <ykun@pgnmail.com>)
id 1I9DmG-000Pom-P9
for ypfjv@servak.com; Fri, 13 Jul 2007 01:33:16 -0400
Received: from ypbyc ([43.114.181.40]) by c-69-142-215-178.hsd1.nj.comcast.net with Microsoft SMTPSVC(6.0.3790.1830); Fri, 13 Jul 2007 01:25:36 -0400
Message-ID: <46970CD0.1010703@pgnmail.com>
Date: Fri, 13 Jul 2007 01:25:36 -0400
From: Ferrell <ykun@pgnmail.com>
User-Agent: Thunderbird 1.5.0.12 (Windows/20070509)
MIME-Version: 1.0
To: ypfjv@MYDOMAIN.com
Subject: He is believed to be hiding with al-Qaeda leader Bin Laden on the Afghan-Pakistan border.
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Mail-Handler: MailHop by DynDNS
X-Originating-IP: 69.142.215.178
X-Spam-Score: 6.0 (++++++)

SZSN Expands To Become 3rd Largest Agricultural Seed Provider!

Shandong Zhouyuan Seed and Nursery Co., Ltd (SZSN)
$0.24


------------------------------------------------------------------

I receive TONS of these spams with a different (random) user account.
Basically, I feel someone is trying to guess an account that is valid on my server and from that point on the attacker will flood my mailbox.

Anyone saw this before ? How can I fix it ?

I'm a beginner with qmail, so step-by-step would be appreciated (I know unix well enough though).

Best Regards,
Cyber
ASKER CERTIFIED SOLUTION
grblades

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros