Posted on 2007-07-24
Last Modified: 2013-12-02
QMAIL PROBLEM : SPAMMERS may BE USING MY MAIL SERVER qmail-send program FOR MALICIOUS PURPOSES, I need confirmation and a successfull patch.

This is the mail alert I'm receiving every minute or so from some comcast IP addresses:

Hi. This is the qmail-send program at
I tried to deliver a bounce message to this address, but the bounce bounced!

Sorry, I couldn't find any host by that name. (#4.1.2)
I'm not going to try again; this message has been in the queue too long.

--- Below this line is the original bounce.

Return-Path: <>
Received: (qmail 2290 invoked for bounce); 17 Jul 2007 13:37:11 -0000
Date: 17 Jul 2007 13:37:11 -0000
Subject: failure notice

Hi. This is the qmail-send program at
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

Sorry, no mailbox here by that name. (#5.1.1)

--- Below this line is a copy of the message.

Return-Path: <>
Received: (qmail 1538 invoked by uid 108); 17 Jul 2007 13:36:53 -0000
Received: from (HELO (
  by with SMTP; 17 Jul 2007 13:36:53 -0000
Received: from localhost ([]
by with esmtp (Exim 4.67)
(envelope-from <>)
id 1I9DmL-000Psc-So
for; Fri, 13 Jul 2007 01:33:22 -0400
Received: from ([])
by with smtp (Exim 4.67)
(envelope-from <>)
id 1I9DmG-000Pom-P9
for; Fri, 13 Jul 2007 01:33:16 -0400
Received: from ypbyc ([]) by with Microsoft SMTPSVC(6.0.3790.1830); Fri, 13 Jul 2007 01:25:36 -0400
Message-ID: <>
Date: Fri, 13 Jul 2007 01:25:36 -0400
From: Ferrell <>
User-Agent: Thunderbird (Windows/20070509)
MIME-Version: 1.0
Subject: He is believed to be hiding with al-Qaeda leader Bin Laden on the Afghan-Pakistan border.
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Mail-Handler: MailHop by DynDNS
X-Spam-Score: 6.0 (++++++)

SZSN Expands To Become 3rd Largest Agricultural Seed Provider!

Shandong Zhouyuan Seed and Nursery Co., Ltd (SZSN)


I receive TONS of these spams with a different (random) user account.
Basically, I feel someone is trying to guess an account that is valid on my server and from that point on the attacker will flood my mailbox.

Anyone saw this before ? How can I fix it ?

I'm a beginner with qmail, so step-by-step would be appreciated (I know unix well enough though).

Best Regards,
Question by:cyberpassion
    LVL 36

    Accepted Solution

    I dont use qmail myself but I have an idea what might be going wrong.

    What I suspect is happening is that your Qmail configuration is accepting all mail for your domain and then only after it is accepted does it check to see if the recipient is valid. If it is not then it tried to send a non delivery report.
    If the non delivery mail is rejected which is highly likely then qmail will have to abort. Often these failed messages are just logged and discarded but in your case it must be sending a message to the postmaster instead.

    The way around this problem is to reject mail to invalid recipients straight away.
    LVL 36

    Expert Comment

    Here is an example patch for qmail.
    LVL 1

    Author Comment

    I will try that very soon, and let you know if it worked. It does make a lot of sense... I just wonder if I really need to apply an unknown (beit genuine) system of patches (since my system isn't broken per say). I might prefer just knowing what file to change so the receipts are discarded instead of being sent to postmaster... if you figure out how to do only this part, please let me know.

    In the mean time, I'll get back to you on the result (and I will gladly give you the points!)
    LVL 36

    Expert Comment

    I am not sure in what form the patches take but in most cases you use the linux 'patch' command to modify the source code with the patch supplied and then recompile it. The patch file is a text file which just contains a list of line numbers and the lines to be removed or added (basically the output of the diff command incase you are familiar with it). You can therefore have a look at the patch file and see for yourself exactly what changes are being made.
    LVL 1

    Expert Comment

    Forced accept.

    EE Admin

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Microsoft Outlook is not just an email client but it is full featured Personal Information Manager. But sometimes Outlook gets disconnected and you simply can’t access it. What steps can you perform before calling IT support? In this article we will…
    Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
    Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
    In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now