SWB-Consulting
asked on
Mail Server Queue Clogged
I have a linux server with a mail server running on it.
I am using Plesk 8.0.1 to manage my server but also have shell access to it.
I am running a PHP/MtSql application on that server.
Recently the mail server started making problems and the php application has been unable to send out emails.
When I check the mail queue in plesk I see tons of spam emails in there.
I am not very familiar with mail server management so I am wondering what I can do to get to the bottom of the issue.
I am using Plesk 8.0.1 to manage my server but also have shell access to it.
I am running a PHP/MtSql application on that server.
Recently the mail server started making problems and the php application has been unable to send out emails.
When I check the mail queue in plesk I see tons of spam emails in there.
I am not very familiar with mail server management so I am wondering what I can do to get to the bottom of the issue.
What mail server are you using? Postfix?
ASKER
I think it's qmail.
How can I find out when logging onto the shell?
How can I find out when logging onto the shell?
Do you know what OS you have? The following command will give you details about your kernel but will also usually spit out what OS is installed - e.g. Debian, Fedora, etc:
cat /proc/version
cat /proc/version
ASKER
this is what i get:
Linux version 2.6.16.27-061216a (root@buildd-amd64) (gcc version 3.3.5 (Debian 1:3.3.5-13)) #1 SMP Sat Dec 16 13:15:27 CET 2006
Linux version 2.6.16.27-061216a (root@buildd-amd64) (gcc version 3.3.5 (Debian 1:3.3.5-13)) #1 SMP Sat Dec 16 13:15:27 CET 2006
Ok, that makes it fairly easy because Debian uses the package tool apt.
To check what packages are installed, you can type the following:
dpkg -l | less
To check for a certain package, e.g. qmail, use the following:
dpkg -l | grep qmail
You can also check for Postfix, Exim
dpkg -l | grep postfix
dpkg -l | grep exim
To check what packages are installed, you can type the following:
dpkg -l | less
To check for a certain package, e.g. qmail, use the following:
dpkg -l | grep qmail
You can also check for Postfix, Exim
dpkg -l | grep postfix
dpkg -l | grep exim
ASKER
I get this: on any of the commands above:
-bash: dpkg: command not found
however I do know that there is a program running called qmail and it seems to be responsible for the outgoing emails
-bash: dpkg: command not found
however I do know that there is a program running called qmail and it seems to be responsible for the outgoing emails
Ok, we'll just assume it's qmail then... What is the output you get when you enter
qmail-qread
It could be that you have a spammer on the server. Is it a shared server? Do you have a lot of users on it? It could also be a poorly coded script that is allowing spammers to advantage of a vulnerability to enable them to relay through your server.
See if qmail-qread gives you any hints as to who might be trying to relay the spam.
qmail-qread
It could be that you have a spammer on the server. Is it a shared server? Do you have a lot of users on it? It could also be a poorly coded script that is allowing spammers to advantage of a vulnerability to enable them to relay through your server.
See if qmail-qread gives you any hints as to who might be trying to relay the spam.
ASKER
it is giving me an endless list like this:
5 Feb 2008 11:33:49 GMT #699646401 2865 <anonymous@u15246640.onlin ehome-serv er.com>
remote jje@sns.dk
5 Feb 2008 11:33:50 GMT #699646424 2874 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjellybelly@aol.com
5 Feb 2008 11:33:50 GMT #699646447 2868 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjensen@pc.dk
5 Feb 2008 11:34:06 GMT #699646355 2875 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjfbloem@iafrica.com
5 Feb 2008 11:34:07 GMT #699646378 2871 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjfoxbox@msn.com
5 Feb 2008 11:34:07 GMT #699646286 2883 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjgoulet@learn.senecac.on. ca
5 Feb 2008 11:34:08 GMT #699646309 2878 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjeskilstrup@dadlnet.dk
5 Feb 2008 11:34:09 GMT #699646332 2868 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjfdez@ual.es
5 Feb 2008 11:34:09 GMT #699646217 2876 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjfisk@inter-linc.net
5 Feb 2008 11:34:10 GMT #699646240 2873 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjgangluff@aol.com
5 Feb 2008 11:34:10 GMT #699646263 2876 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjgrau@medicina.ub.es
5 Feb 2008 11:34:35 GMT #699646125 2881 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjharris837@btinternet.com
5 Feb 2008 11:34:35 GMT #699646148 2869 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjhv@arpem.com
5 Feb 2008 11:34:36 GMT #699646171 2871 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjimmo@osets.com
5 Feb 2008 11:34:36 GMT #699646056 2865 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjj@abv.bg
5 Feb 2008 11:34:36 GMT #699646079 2882 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjjackson@lunarrepublic.co m
5 Feb 2008 11:34:37 GMT #699646102 2872 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjhenry64@msn.com
5 Feb 2008 11:34:37 GMT #699645987 2871 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjhooper@shaw.ca
5 Feb 2008 11:34:37 GMT #699646010 2874 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjimenez@med.puc.cl
5 Feb 2008 11:34:38 GMT #699646033 2865 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjj@abv.bg
5 Feb 2008 11:34:38 GMT #699645895 2875 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjjack_r@yahoo.co.in
5 Feb 2008 11:34:58 GMT #699645918 2193 <anonymous@u15246640.onlin ehome-serv er.com>
remote bursar@hawthorns.com
5 Feb 2008 11:34:58 GMT #699645941 2204 <anonymous@u15246640.onlin ehome-serv er.com>
remote bursar@oldmalthouseschool. co.uk
5 Feb 2008 11:34:59 GMT #699645826 2198 <anonymous@u15246640.onlin ehome-serv er.com>
remote bursar@rosehillschool.com
5 Feb 2008 11:34:59 GMT #699645849 2194 <anonymous@u15246640.onlin ehome-serv er.com>
remote bursar@stmarys-gx.org
5 Feb 2008 11:35:00 GMT #699645872 2194 <anonymous@u15246640.onlin ehome-serv er.com>
remote bursar@fitz.cam.ac.uk
5 Feb 2008 11:35:01 GMT #699645711 2189 <anonymous@u15246640.onlin ehome-serv er.com>
remote bursar@obh.co.uk
5 Feb 2008 11:35:02 GMT #699645734 2204 <anonymous@u15246640.onlin ehome-serv er.com>
remote bursar@st-georges-college. co.uk
5 Feb 2008 11:35:26 GMT #699645757 2887 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjjohnny_williams_sn10@yah oo.com
5 Feb 2008 11:35:26 GMT #699645642 2866 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjk@acm.org
5 Feb 2008 11:35:26 GMT #699645665 2868 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjkui@shaw.ca
5 Feb 2008 11:35:27 GMT #699645688 2875 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjleonvall@yahoo.com
5 Feb 2008 11:35:28 GMT #699645550 2887 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjjcr@erjudo-salvatore-bug li.com
5 Feb 2008 11:35:29 GMT #699645573 2873 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjjorchids@aol.com
5 Feb 2008 11:35:29 GMT #699645596 2874 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjkkjj2@virgilio.it
5 Feb 2008 11:35:29 GMT #699645481 2877 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjl.iversen@bmb.sdu.dk
5 Feb 2008 11:35:30 GMT #699645504 2870 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjlewis@shaw.ca
5 Feb 2008 11:35:49 GMT #699645527 2194 <anonymous@u15246640.onlin ehome-serv er.com>
remote bureau@quayline.co.uk
5 Feb 2008 11:35:49 GMT #696448642 2192 <anonymous@u15246640.onlin ehome-serv er.com>
remote burfordcook@aol.com
5 Feb 2008 11:35:49 GMT #696448665 2197 <anonymous@u15246640.onlin ehome-serv er.com>
remote burgessian@btconnect.com
5 Feb 2008 11:35:50 GMT #696448688 2200 <anonymous@u15246640.onlin ehome-serv er.com>
remote burley.manor@forestdale.co m
5 Feb 2008 11:35:50 GMT #696448596 2200 <anonymous@u15246640.onlin ehome-serv er.com>
remote burnham.reception@quest.co m
5 Feb 2008 11:35:51 GMT #696448619 2196 <anonymous@u15246640.onlin ehome-serv er.com>
remote burnleyg@edgehill.ac.uk
5 Feb 2008 11:35:51 GMT #696448527 2874 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjlscandig@yahoo.es
5 Feb 2008 11:35:51 GMT #696448550 2200 <anonymous@u15246640.onlin ehome-serv er.com>
remote burrettfield@btinternet.co m
5 Feb 2008 11:35:52 GMT #696448573 2882 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjmarco@viajessalamanca.co m
5 Feb 2008 11:35:52 GMT #696448435 2870 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjmartos@ugr.es
5 Feb 2008 11:35:52 GMT #696448458 2877 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjmckay@jonesradio.net
5 Feb 2008 11:35:53 GMT #696448366 2196 <anonymous@u15246640.onlin ehome-serv er.com>
remote bureelectricalco@fs.net
5 Feb 2008 11:35:53 GMT #696448389 2197 <anonymous@u15246640.onlin ehome-serv er.com>
remote burgess.ifs@ntlworld.com
5 Feb 2008 11:35:54 GMT #696448412 2204 <anonymous@u15246640.onlin ehome-serv er.com>
remote burgesshill@arjomerchants. co.uk
5 Feb 2008 11:35:54 GMT #696448297 2200 <anonymous@u15246640.onlin ehome-serv er.com>
remote burgoine.bwd@btinternet.co m
5 Feb 2008 11:35:54 GMT #696448320 2869 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjm@dlogue.net
5 Feb 2008 11:35:55 GMT #696448343 2874 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjmail@sympatico.ca
5 Feb 2008 11:35:55 GMT #696448228 2882 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjmarco@viajessalamanca.co m
5 Feb 2008 11:35:55 GMT #696448251 2874 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjmartinez@brrd.com
5 Feb 2008 11:35:55 GMT #696448274 2205 <anonymous@u15246640.onlin ehome-serv er.com>
remote burnham@sherriff-mountford .co.uk
5 Feb 2008 11:35:56 GMT #696448182 2196 <anonymous@u15246640.onlin ehome-serv er.com>
remote burnleyg@edgehill.ac.uk
5 Feb 2008 11:35:56 GMT #696448205 2868 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjmni@msn.com
5 Feb 2008 11:35:57 GMT #696448113 2881 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjmtrading@mail.telepac.pt
5 Feb 2008 11:35:57 GMT #696448136 2201 <anonymous@u15246640.onlin ehome-serv er.com>
remote burridge@perins.hants.sch. uk
5 Feb 2008 11:35:57 GMT #696448159 2202 <anonymous@u15246640.onlin ehome-serv er.com>
remote bursar@birkenheadschool.co .uk
5 Feb 2008 11:36:14 GMT #696447975 2874 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjmurcia@serida.org
5 Feb 2008 11:36:15 GMT #696447998 2870 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjnk19@pobox.sk
5 Feb 2008 11:36:15 GMT #696448021 2874 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjoco76@freemail.hu
5 Feb 2008 11:36:15 GMT #696447906 2868 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjoggi@sol.dk
5 Feb 2008 11:36:16 GMT #696447929 2881 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjohnson@chass.utoronto.ca
5 Feb 2008 11:36:17 GMT #696447952 2874 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjmurcia@serida.org
5 Feb 2008 11:36:18 GMT #696447860 2870 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjo@olafsson.is
5 Feb 2008 11:36:19 GMT #696447883 2868 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjoggi@sol.dk
5 Feb 2008 11:36:20 GMT #696447791 2874 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjohnston@iafwa.org
5 Feb 2008 11:36:33 GMT #696447814 2873 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjones@agacgfm.org
5 Feb 2008 11:36:35 GMT #696447837 2871 <anonymous@u15246640.onlin ehome-serv er.com>
remote jjooll@seznam.cz
5 Feb 2008 11:36:35 GMT #696447722 2187 <anonymous@u15246640.onlin ehome-serv er.com>
remote bua@fish.co.uk
I interrupted it at one point because it didnt want to stop.
It is a dedicated server and I am using it for myself only. However it is possible that somewhere there is a badly coded script that is causing this. I have about 2400 user accounts on the php application that is running on the server.
5 Feb 2008 11:33:49 GMT #699646401 2865 <anonymous@u15246640.onlin
remote jje@sns.dk
5 Feb 2008 11:33:50 GMT #699646424 2874 <anonymous@u15246640.onlin
remote jjellybelly@aol.com
5 Feb 2008 11:33:50 GMT #699646447 2868 <anonymous@u15246640.onlin
remote jjensen@pc.dk
5 Feb 2008 11:34:06 GMT #699646355 2875 <anonymous@u15246640.onlin
remote jjfbloem@iafrica.com
5 Feb 2008 11:34:07 GMT #699646378 2871 <anonymous@u15246640.onlin
remote jjfoxbox@msn.com
5 Feb 2008 11:34:07 GMT #699646286 2883 <anonymous@u15246640.onlin
remote jjgoulet@learn.senecac.on.
5 Feb 2008 11:34:08 GMT #699646309 2878 <anonymous@u15246640.onlin
remote jjeskilstrup@dadlnet.dk
5 Feb 2008 11:34:09 GMT #699646332 2868 <anonymous@u15246640.onlin
remote jjfdez@ual.es
5 Feb 2008 11:34:09 GMT #699646217 2876 <anonymous@u15246640.onlin
remote jjfisk@inter-linc.net
5 Feb 2008 11:34:10 GMT #699646240 2873 <anonymous@u15246640.onlin
remote jjgangluff@aol.com
5 Feb 2008 11:34:10 GMT #699646263 2876 <anonymous@u15246640.onlin
remote jjgrau@medicina.ub.es
5 Feb 2008 11:34:35 GMT #699646125 2881 <anonymous@u15246640.onlin
remote jjharris837@btinternet.com
5 Feb 2008 11:34:35 GMT #699646148 2869 <anonymous@u15246640.onlin
remote jjhv@arpem.com
5 Feb 2008 11:34:36 GMT #699646171 2871 <anonymous@u15246640.onlin
remote jjimmo@osets.com
5 Feb 2008 11:34:36 GMT #699646056 2865 <anonymous@u15246640.onlin
remote jjj@abv.bg
5 Feb 2008 11:34:36 GMT #699646079 2882 <anonymous@u15246640.onlin
remote jjjackson@lunarrepublic.co
5 Feb 2008 11:34:37 GMT #699646102 2872 <anonymous@u15246640.onlin
remote jjhenry64@msn.com
5 Feb 2008 11:34:37 GMT #699645987 2871 <anonymous@u15246640.onlin
remote jjhooper@shaw.ca
5 Feb 2008 11:34:37 GMT #699646010 2874 <anonymous@u15246640.onlin
remote jjimenez@med.puc.cl
5 Feb 2008 11:34:38 GMT #699646033 2865 <anonymous@u15246640.onlin
remote jjj@abv.bg
5 Feb 2008 11:34:38 GMT #699645895 2875 <anonymous@u15246640.onlin
remote jjjack_r@yahoo.co.in
5 Feb 2008 11:34:58 GMT #699645918 2193 <anonymous@u15246640.onlin
remote bursar@hawthorns.com
5 Feb 2008 11:34:58 GMT #699645941 2204 <anonymous@u15246640.onlin
remote bursar@oldmalthouseschool.
5 Feb 2008 11:34:59 GMT #699645826 2198 <anonymous@u15246640.onlin
remote bursar@rosehillschool.com
5 Feb 2008 11:34:59 GMT #699645849 2194 <anonymous@u15246640.onlin
remote bursar@stmarys-gx.org
5 Feb 2008 11:35:00 GMT #699645872 2194 <anonymous@u15246640.onlin
remote bursar@fitz.cam.ac.uk
5 Feb 2008 11:35:01 GMT #699645711 2189 <anonymous@u15246640.onlin
remote bursar@obh.co.uk
5 Feb 2008 11:35:02 GMT #699645734 2204 <anonymous@u15246640.onlin
remote bursar@st-georges-college.
5 Feb 2008 11:35:26 GMT #699645757 2887 <anonymous@u15246640.onlin
remote jjjohnny_williams_sn10@yah
5 Feb 2008 11:35:26 GMT #699645642 2866 <anonymous@u15246640.onlin
remote jjk@acm.org
5 Feb 2008 11:35:26 GMT #699645665 2868 <anonymous@u15246640.onlin
remote jjkui@shaw.ca
5 Feb 2008 11:35:27 GMT #699645688 2875 <anonymous@u15246640.onlin
remote jjleonvall@yahoo.com
5 Feb 2008 11:35:28 GMT #699645550 2887 <anonymous@u15246640.onlin
remote jjjcr@erjudo-salvatore-bug
5 Feb 2008 11:35:29 GMT #699645573 2873 <anonymous@u15246640.onlin
remote jjjorchids@aol.com
5 Feb 2008 11:35:29 GMT #699645596 2874 <anonymous@u15246640.onlin
remote jjkkjj2@virgilio.it
5 Feb 2008 11:35:29 GMT #699645481 2877 <anonymous@u15246640.onlin
remote jjl.iversen@bmb.sdu.dk
5 Feb 2008 11:35:30 GMT #699645504 2870 <anonymous@u15246640.onlin
remote jjlewis@shaw.ca
5 Feb 2008 11:35:49 GMT #699645527 2194 <anonymous@u15246640.onlin
remote bureau@quayline.co.uk
5 Feb 2008 11:35:49 GMT #696448642 2192 <anonymous@u15246640.onlin
remote burfordcook@aol.com
5 Feb 2008 11:35:49 GMT #696448665 2197 <anonymous@u15246640.onlin
remote burgessian@btconnect.com
5 Feb 2008 11:35:50 GMT #696448688 2200 <anonymous@u15246640.onlin
remote burley.manor@forestdale.co
5 Feb 2008 11:35:50 GMT #696448596 2200 <anonymous@u15246640.onlin
remote burnham.reception@quest.co
5 Feb 2008 11:35:51 GMT #696448619 2196 <anonymous@u15246640.onlin
remote burnleyg@edgehill.ac.uk
5 Feb 2008 11:35:51 GMT #696448527 2874 <anonymous@u15246640.onlin
remote jjlscandig@yahoo.es
5 Feb 2008 11:35:51 GMT #696448550 2200 <anonymous@u15246640.onlin
remote burrettfield@btinternet.co
5 Feb 2008 11:35:52 GMT #696448573 2882 <anonymous@u15246640.onlin
remote jjmarco@viajessalamanca.co
5 Feb 2008 11:35:52 GMT #696448435 2870 <anonymous@u15246640.onlin
remote jjmartos@ugr.es
5 Feb 2008 11:35:52 GMT #696448458 2877 <anonymous@u15246640.onlin
remote jjmckay@jonesradio.net
5 Feb 2008 11:35:53 GMT #696448366 2196 <anonymous@u15246640.onlin
remote bureelectricalco@fs.net
5 Feb 2008 11:35:53 GMT #696448389 2197 <anonymous@u15246640.onlin
remote burgess.ifs@ntlworld.com
5 Feb 2008 11:35:54 GMT #696448412 2204 <anonymous@u15246640.onlin
remote burgesshill@arjomerchants.
5 Feb 2008 11:35:54 GMT #696448297 2200 <anonymous@u15246640.onlin
remote burgoine.bwd@btinternet.co
5 Feb 2008 11:35:54 GMT #696448320 2869 <anonymous@u15246640.onlin
remote jjm@dlogue.net
5 Feb 2008 11:35:55 GMT #696448343 2874 <anonymous@u15246640.onlin
remote jjmail@sympatico.ca
5 Feb 2008 11:35:55 GMT #696448228 2882 <anonymous@u15246640.onlin
remote jjmarco@viajessalamanca.co
5 Feb 2008 11:35:55 GMT #696448251 2874 <anonymous@u15246640.onlin
remote jjmartinez@brrd.com
5 Feb 2008 11:35:55 GMT #696448274 2205 <anonymous@u15246640.onlin
remote burnham@sherriff-mountford
5 Feb 2008 11:35:56 GMT #696448182 2196 <anonymous@u15246640.onlin
remote burnleyg@edgehill.ac.uk
5 Feb 2008 11:35:56 GMT #696448205 2868 <anonymous@u15246640.onlin
remote jjmni@msn.com
5 Feb 2008 11:35:57 GMT #696448113 2881 <anonymous@u15246640.onlin
remote jjmtrading@mail.telepac.pt
5 Feb 2008 11:35:57 GMT #696448136 2201 <anonymous@u15246640.onlin
remote burridge@perins.hants.sch.
5 Feb 2008 11:35:57 GMT #696448159 2202 <anonymous@u15246640.onlin
remote bursar@birkenheadschool.co
5 Feb 2008 11:36:14 GMT #696447975 2874 <anonymous@u15246640.onlin
remote jjmurcia@serida.org
5 Feb 2008 11:36:15 GMT #696447998 2870 <anonymous@u15246640.onlin
remote jjnk19@pobox.sk
5 Feb 2008 11:36:15 GMT #696448021 2874 <anonymous@u15246640.onlin
remote jjoco76@freemail.hu
5 Feb 2008 11:36:15 GMT #696447906 2868 <anonymous@u15246640.onlin
remote jjoggi@sol.dk
5 Feb 2008 11:36:16 GMT #696447929 2881 <anonymous@u15246640.onlin
remote jjohnson@chass.utoronto.ca
5 Feb 2008 11:36:17 GMT #696447952 2874 <anonymous@u15246640.onlin
remote jjmurcia@serida.org
5 Feb 2008 11:36:18 GMT #696447860 2870 <anonymous@u15246640.onlin
remote jjo@olafsson.is
5 Feb 2008 11:36:19 GMT #696447883 2868 <anonymous@u15246640.onlin
remote jjoggi@sol.dk
5 Feb 2008 11:36:20 GMT #696447791 2874 <anonymous@u15246640.onlin
remote jjohnston@iafwa.org
5 Feb 2008 11:36:33 GMT #696447814 2873 <anonymous@u15246640.onlin
remote jjones@agacgfm.org
5 Feb 2008 11:36:35 GMT #696447837 2871 <anonymous@u15246640.onlin
remote jjooll@seznam.cz
5 Feb 2008 11:36:35 GMT #696447722 2187 <anonymous@u15246640.onlin
remote bua@fish.co.uk
I interrupted it at one point because it didnt want to stop.
It is a dedicated server and I am using it for myself only. However it is possible that somewhere there is a badly coded script that is causing this. I have about 2400 user accounts on the php application that is running on the server.
Ok, I'm taking a wild guess that somewhere on your server is a PHP script that sends mail. A spammer must have discovered a vulnerability and is using e-mail injection to relay through your mail server. You would need to try and identify the script that's causing the problems, but if the only person that has access to the FTP server to upload and edit files is you, it might not be that difficult to identify the script. How many scripts do you have that are capable of sending mail?
Also, look through your access logs and see if you can identify the IP address of the spammer. Once you know the IP you can block them from in your mail server and deny access to your site. Of course they could be (and more than likely are) on a dynamic IP, but maybe if you send the ISP the IP and timestamp they might be able to hassle them a little.
Also, look through your access logs and see if you can identify the IP address of the spammer. Once you know the IP you can block them from in your mail server and deny access to your site. Of course they could be (and more than likely are) on a dynamic IP, but maybe if you send the ISP the IP and timestamp they might be able to hassle them a little.
ASKER
what is the best way to search for all potential scripts that could be causing the problem? a common function like mail()? How exaclty would the spammer utilize the weak script if he does not have access to the server? it also says "anonymous@u15246640.onlin ehome-serv er.com", does this give any indication?
ASKER
also is there maybe a way to "listen" on the server to see what is going on and where there is activity. because it seems like the system is generating spam mail by the second, so maybe that would be a way to trace it...
>> what is the best way to search for all potential scripts
Depending on how many files and directories you have, you could use something like the following to search through your files:
grep -inr 'mail('
The '-i' flag is to ignore case, '-n' is to give you the line numbers where the code appears, and the '-r' is to do a recursive search.
>> How exactly would the spammer utilize the weak script
A spammer can easily do this by injecting code into the headers of the mail. The thing to remember is never trust any user input. For example, consider following:
A mail function could look like so:
mail($to, $subject, $body, $headers);
If a HTML form asks for the sender's email address, and your PHP creates $headers from the $from value:
$headers = "From: $from\n";
...a malicious user could do this:
$from = 'user@mysite.com%0ACc: otheruser@othersite.com%0A Bcc: anotheruser@anothersite.co m';
>> it also says "anonymous@u15246640.onlin ehome-serv er.com", does this give any indication?
Yes - this usually implies that no From header is being sent, or the malicious user posted his address as "anonymous" - if the address is not a full formatted e-mail address, the mail server will automatically append the server's hostname.
Depending on how many files and directories you have, you could use something like the following to search through your files:
grep -inr 'mail('
The '-i' flag is to ignore case, '-n' is to give you the line numbers where the code appears, and the '-r' is to do a recursive search.
>> How exactly would the spammer utilize the weak script
A spammer can easily do this by injecting code into the headers of the mail. The thing to remember is never trust any user input. For example, consider following:
A mail function could look like so:
mail($to, $subject, $body, $headers);
If a HTML form asks for the sender's email address, and your PHP creates $headers from the $from value:
$headers = "From: $from\n";
...a malicious user could do this:
$from = 'user@mysite.com%0ACc: otheruser@othersite.com%0A
>> it also says "anonymous@u15246640.onlin
Yes - this usually implies that no From header is being sent, or the malicious user posted his address as "anonymous" - if the address is not a full formatted e-mail address, the mail server will automatically append the server's hostname.
>> also is there maybe a way to "listen" on the server to see what is going on
You could install logcheck, which will automatically filter out important data from your syslog and e-mail it to you on an hourly basis.
To install it, run the following command:
apt-get install logcheck
You can get more details here:
http://logcheck.org/
http://packages.debian.org/etch/logcheck
You could install logcheck, which will automatically filter out important data from your syslog and e-mail it to you on an hourly basis.
To install it, run the following command:
apt-get install logcheck
You can get more details here:
http://logcheck.org/
http://packages.debian.org/etch/logcheck
ASKER
and to temporarily fix the issues with my current mail servers, what can I do?
Can I disable access for emails using the anonynous address?
Does the command qmail-clean help in any way?
Can I disable access for emails using the anonynous address?
Does the command qmail-clean help in any way?
Not sure if qmail-clean will help much. I'm actually not that familiar with qmail.
There are two things that might help though. One is a script called qmail-remove which uses a regex to filter out and remove spam from your mail queue, and the other is a program which will filter your queue in future - from what I understand is that it puts the mails into a "fake" queue, filters for spam and then sends the genuine mail to the "real" mail queue.
qmail-remove
http://www.linuxmagic.com/opensource/qmail/qmail-remove/
qmail-qfilter can be installed via apt-get:
apt-cache search qmail-qfilter
apt-get install qmail-qfilter
There are two things that might help though. One is a script called qmail-remove which uses a regex to filter out and remove spam from your mail queue, and the other is a program which will filter your queue in future - from what I understand is that it puts the mails into a "fake" queue, filters for spam and then sends the genuine mail to the "real" mail queue.
qmail-remove
http://www.linuxmagic.com/opensource/qmail/qmail-remove/
qmail-qfilter can be installed via apt-get:
apt-cache search qmail-qfilter
apt-get install qmail-qfilter
ASKER
i have actually never installed any application on this server so I would prefer a solution that does not require any installations.
ASKER
the grep command crashes, even when I enter grep -- help , it just loads but i dont see anything happening...
With Debian package management is extremely easy. If you wanted to remove (uninstall) the qmail-qfilter package afterwards, all you would need to do is:
apt-get remove qmail-qfilter
You could delete the mail queue but I'm guessing that the problem is going to repeat itself unless the PHP script is "patched". I don't know enough about qmail to give instructions for blocking outgoing mail by e-mail address. Chances are good that you get an answer to this in the Qmail zone though:
http:/Software/Server_Software/Email_Servers/Qmail/
Try running the following commands:
apt-get update
apt-get upgrade grep
apt-get remove qmail-qfilter
You could delete the mail queue but I'm guessing that the problem is going to repeat itself unless the PHP script is "patched". I don't know enough about qmail to give instructions for blocking outgoing mail by e-mail address. Chances are good that you get an answer to this in the Qmail zone though:
http:/Software/Server_Software/Email_Servers/Qmail/
Try running the following commands:
apt-get update
apt-get upgrade grep
ASKER
i get
-bash: apt-get: command not found
-bash: apt-get: command not found
Are you logged in as root? What happens if you try:
/usr/bin/apt-get update
/usr/bin/apt-get update
ASKER
yes i am in as root
it says "file or directory not found" when i enter that.
it says "file or directory not found" when i enter that.
That's odd! How do you normally keep Debian updated? I don't suppose the command "aptitude" works, does it?
ASKER
no it doesnt work. i dont usually update the server, but have a third party manage an update it.
ASKER
do these files tell you anything?
error-log.txt
access-log2.txt
audit-log.txt
secure.txt
messages.txt
error-log.txt
access-log2.txt
audit-log.txt
secure.txt
messages.txt
I did notice from the secure.txt file that you've got a cracker trying to get in to SSH. This is pretty common and there's a couple of things you can do to protect yourself - one is an app called DenyHosts, which automatically denies hostnames that are violating security (prevents dictionary attacks, brute force, etc), and the other is basically just changing your SSH port from 21 to something non-standard. This usually stops all the annoying script-kiddies.
The audit file looks like someone from South Africa attempting to infiltrate your server by uploading malicious scripts. Looks like the attempt failed but is there a chance someone else may have succeeded with an earlier attempt? Usually, these things are nothing to worry about - but only if your PHP scripts are secure, and if 3rd party software like for example Joomla are kept secure and updated.
I read that you can move your queue file. Qmail will automatically create a new queue with the correct ownership and permissions. This might be a temporary fix to your Qmail problem.
mv /var/qmail/queue /var/qmail/queue.old
If you do this, just make sure you stop qmail first.
The audit file looks like someone from South Africa attempting to infiltrate your server by uploading malicious scripts. Looks like the attempt failed but is there a chance someone else may have succeeded with an earlier attempt? Usually, these things are nothing to worry about - but only if your PHP scripts are secure, and if 3rd party software like for example Joomla are kept secure and updated.
I read that you can move your queue file. Qmail will automatically create a new queue with the correct ownership and permissions. This might be a temporary fix to your Qmail problem.
mv /var/qmail/queue /var/qmail/queue.old
If you do this, just make sure you stop qmail first.
ASKER
how do i stop qmail?
Normally, to stop a service in Debian, you would do following:
/etc/init.d/qmail stop
You can check if there is a qmail script in init.d by doing following:
ls -l /etc/init.d/
You could also try:
qmailctl stop
/etc/init.d/qmail stop
You can check if there is a qmail script in init.d by doing following:
ls -l /etc/init.d/
You could also try:
qmailctl stop
Ok wait, just because the server is Debian doesn't mean he's running the Apt Qmail package. Plesk is probably a customized source install.
If its a source install, there's usually a file called qmailctl that lets you control Qmail:
qmailctl stop
qmailctl start
etc.
As to manipulating the email queue, be careful as its easy to lock the whole queue up. I'd recommend using the following script to do the manipulation for you:
http://sourceforge.net/projects/qmhandle
Assuming you can figure out the commands for starting and stopping Qmail, add them in this script and you should be able to use it right away.
If its a source install, there's usually a file called qmailctl that lets you control Qmail:
qmailctl stop
qmailctl start
etc.
As to manipulating the email queue, be careful as its easy to lock the whole queue up. I'd recommend using the following script to do the manipulation for you:
http://sourceforge.net/projects/qmhandle
Assuming you can figure out the commands for starting and stopping Qmail, add them in this script and you should be able to use it right away.
ASKER
i just found out that i am using fedora core 6 + plesk 8x.
does that change anything?
does that change anything?
Well, that would explain why apt and dpkg etc. doesn't work :)
Does not really change much though. You'll still need to sort out the mail queue. Have you tried "qmailctl stop" to stop the mail server?
From what I've read, you should be able to just move the queue, but as I said, I've no experience with qmail so I cannot guarantee anything.
Does not really change much though. You'll still need to sort out the mail queue. Have you tried "qmailctl stop" to stop the mail server?
From what I've read, you should be able to just move the queue, but as I said, I've no experience with qmail so I cannot guarantee anything.
Hmm, if I'm not mistaken, doesn't PHP access the mail server via the sendmail executable of file link? I have the following 2 files on my system that tie into Qmail:
lrwxrwxrwx 1 root root 23 Dec 19 15:27 /usr/sbin/sendmail -> /var/qmail/bin/sendmail
lrwxrwxrwx 1 root root 23 Dec 19 15:27 /usr/lib/sendmail -> /var/qmail/bin/sendmail
I seem to recall that PHP lost emailing ability when I accidentally installed another MTA (long story) and it overwrote these links (and I had to restore these to be able to send via PHP again)
lrwxrwxrwx 1 root root 23 Dec 19 15:27 /usr/sbin/sendmail -> /var/qmail/bin/sendmail
lrwxrwxrwx 1 root root 23 Dec 19 15:27 /usr/lib/sendmail -> /var/qmail/bin/sendmail
I seem to recall that PHP lost emailing ability when I accidentally installed another MTA (long story) and it overwrote these links (and I had to restore these to be able to send via PHP again)
ASKER
it tells me
-bash: qmailctl: command not found
-bash: qmailctl: command not found
ASKER
i have these lines in my php.ini:
[mail function]
; For Win32 only.
SMTP = localhost
smtp_port = 25
; For Win32 only.
;sendmail_from = me@example.com
; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
sendmail_path = /usr/sbin/sendmail -t -i
; Force the addition of the specified parameters to be passed as extra parameters
; to the sendmail binary. These parameters will always replace the value of
; the 5th parameter to mail(), even in safe mode.
;mail.force_extra_paramete rs =
[mail function]
; For Win32 only.
SMTP = localhost
smtp_port = 25
; For Win32 only.
;sendmail_from = me@example.com
; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
sendmail_path = /usr/sbin/sendmail -t -i
; Force the addition of the specified parameters to be passed as extra parameters
; to the sendmail binary. These parameters will always replace the value of
; the 5th parameter to mail(), even in safe mode.
;mail.force_extra_paramete
that should read '...OR file link'
Hmm, I think you should have all of the Win32 stuff commented out.
ie. this:
SMTP = localhost
smtp_port = 25
Does /usr/sbin/sendmail exist? Run the following to see:
cd /usr/sbin
ls -al sendm*
Post what the output is here.
ie. this:
SMTP = localhost
smtp_port = 25
Does /usr/sbin/sendmail exist? Run the following to see:
cd /usr/sbin
ls -al sendm*
Post what the output is here.
You can use following commands to check if /usr/sbin/sendmail is symlinked to /var/qmail/bin/sendmail :
ls -la /usr/sbin/
Look for sendmail and check if it has a symbolic link.
ls -la /usr/sbin/
Look for sendmail and check if it has a symbolic link.
ASKER
syngin9:
output:
lrwxrwxrwx 1 root root 21 6. Mär 2007 sendmail -> /etc/alternatives/mta
-rwxr-xr-x 1 root root 175032 20. Apr 2005 sendmail.postfix
-rwxr-sr-x 1 root smmsp 761616 20. Jul 2006 sendmail.sendmail
output:
lrwxrwxrwx 1 root root 21 6. Mär 2007 sendmail -> /etc/alternatives/mta
-rwxr-xr-x 1 root root 175032 20. Apr 2005 sendmail.postfix
-rwxr-sr-x 1 root smmsp 761616 20. Jul 2006 sendmail.sendmail
Hmm that seemed to look a little strange (must be a Plesk rather than Qmail thing) I did come across the following though:
http://forums.overclockersclub.com/index.php?showtopic=72866&mode=threaded&pid=707625
"Yep. The whole sendmail thing is a bit of a mess. The sendmail symlink (sendmail -> /etc/alternatives/mta) is actually a symlink itself (/etc/alternatives/mta->/v ar/qmail/b in/sendmai l)! Qmail seems to be customised by the people who make PLESK in this case. "
If that's the case, it's pointed to the right place. Does /var/qmail/bin/sendmail exist?
http://forums.overclockersclub.com/index.php?showtopic=72866&mode=threaded&pid=707625
"Yep. The whole sendmail thing is a bit of a mess. The sendmail symlink (sendmail -> /etc/alternatives/mta) is actually a symlink itself (/etc/alternatives/mta->/v
If that's the case, it's pointed to the right place. Does /var/qmail/bin/sendmail exist?
How many users do you have set up on this system? From that long queue list you posted, I 'd say that a spammer has managed to tap into one of the accounts to send spam out on. (judging by the alphabetical listing)
You should be able to manage your mail queue via Plesk itself.
To return your mail server to an operable state, delete the unwanted messages from the mail server's message queue.
To see the messages in the message queue and to delete them:
1. Click the Server shortcut in the navigation pane.
2. Click Mail icon in the Services group.
3. Click the Mail Queue tab. The following information will be presented:
To delete a message from the queue, select the corresponding check box and click Remove Selected. To delete all messages from the queue, select the check box in the upper-right corner of the messages list, and click Remove Selected.
To return your mail server to an operable state, delete the unwanted messages from the mail server's message queue.
To see the messages in the message queue and to delete them:
1. Click the Server shortcut in the navigation pane.
2. Click Mail icon in the Services group.
3. Click the Mail Queue tab. The following information will be presented:
To delete a message from the queue, select the corresponding check box and click Remove Selected. To delete all messages from the queue, select the check box in the upper-right corner of the messages list, and click Remove Selected.
ASKER
right now the mail queue is empty and does not get loaded (i restarted qmail). But when I try to use the script that was usually used to send out email notifications the email does not get sent out. it also does not make it into the mail queue. how can i find the cause?
Have a peek in the Apache error logs. Perhaps it will mention something in there.
You can also have a look in the mail logs and the syslog. Could be under /var/log/.
ASKER
there is nothing in the apache log. how can i check the mail log?
I don't know where your mail log is located but usually you would find most logs in /var/log/. I have Fedora 6 with Exim and my mail log is
/var/log/maillog
My system log is
/var/log/messages
I also have a couple of others:
/var/log/exim_mainlog
/var/log/exim_paniclog
/var/log/exim_rejectlog
I usually use lynx to read my logs:
lynx /var/log/maillog
You can also use grep or cat
cat /var/log/maillog | more
grep -i fail /var/log/mail*
/var/log/maillog
My system log is
/var/log/messages
I also have a couple of others:
/var/log/exim_mainlog
/var/log/exim_paniclog
/var/log/exim_rejectlog
I usually use lynx to read my logs:
lynx /var/log/maillog
You can also use grep or cat
cat /var/log/maillog | more
grep -i fail /var/log/mail*
ASKER
the file /var/log/maillog is empty
ASKER
the whole grep command doesnt seem to be working
grep is used to find certain strings within a file. It will not give any output if the string you are searching for is not present in the files in which grep is looking. It really only works if you know what you are looking for. The string I gave ("fail") was just an example. It can be handy if you're looking for a specific date or time.
cat should do the job though if you just want to take a look through the logs.
cat should do the job though if you just want to take a look through the logs.
ASKER
ok, how should i proceed?
ASKER
even if i use grep with a word like "if" which definitely appears all over the code it returns nothing.
Ok, so your message q is now empty but you cannot send any mail out through the server, right?
Can you confirm that the mail server is running?
Can you confirm that the mail server is running?
You should be able to test it with telnet:
telenet yourhostname.com 25
If not running, you should see something like this:
Trying xx.xx.xxx.xx...
telnet: connect to address xx.xx.xxx.xx: Connection refused
telnet: Unable to connect to remote host: Connection refused
If running, you should see something like this:
Trying xx.xx.xxx.xx...
Connected to yourhostname.com (xx.xx.xxx.xx).
Escape character is '^]'.
220-yourhostname.com ESMTP ....... .......
220-Mail server greeting.
telenet yourhostname.com 25
If not running, you should see something like this:
Trying xx.xx.xxx.xx...
telnet: connect to address xx.xx.xxx.xx: Connection refused
telnet: Unable to connect to remote host: Connection refused
If running, you should see something like this:
Trying xx.xx.xxx.xx...
Connected to yourhostname.com (xx.xx.xxx.xx).
Escape character is '^]'.
220-yourhostname.com ESMTP ....... .......
220-Mail server greeting.
ASKER
ok, how do i do that?
telnet yourhostname.com 25
ASKER
fyi: this is the function that is supposed to send mail and that used to work:
@mail( $this->strTo, $this->xheaders['Subject'] , $this->fullBody, $this->headers );
this is what i get:
[root@u15246640 /]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 u15246640.onlinehome-serve r.com ESMTP
@mail( $this->strTo, $this->xheaders['Subject']
this is what i get:
[root@u15246640 /]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 u15246640.onlinehome-serve
Oh right. When exactly did it stop working? Would you be able to copy the simple script below somewhere to your server and run it - just to see what the output is?
<?php
error_reporting(E_ALL);
function sendmail() {
$to = 'you@yourdomain.com';
$from = 'you@yourdomain.com';
$subject = 'Probe ' . date('Y-m-d h:i:s');
$message = 'Testing...';
$mail = mail( $to,$subject,$message,"From: $from\r\n" );
if ( $mail===true ) {
$msg = "Message has been submitted.";
} else {
$msg = "Message could not be submitted.";
}
return $msg;
}
$action = isset($_POST['action']) ? $_POST['action'] : '';
if ( $action == 'send_mail' ) {
$o = sendmail();
echo "<h2>$o</h2>";
}
?>
<div>
<form action="" method="post">
<div>
<input type="hidden" name="action" value="send_form" />
<button type="submit">Test Mail</button>
</div>
</form>
</div>
ASKER
i put the script onto http://projectscenter.com/pcenterprise/email_test.php and changed it to what you see below. The output seems to be empty...
<?php
error_reporting(E_ALL);
function sendmail() {
$to = 'nima1981@gmail.com';
$from = 'sales@projectscenter.com';
$subject = 'Probe ' . date('Y-m-d h:i:s');
$message = 'Testing...';
$mail = mail( $to,$subject,$message,"From: $from\r\n" );
if ( $mail===true ) {
$msg = "Message has been submitted.";
} else {
$msg = "Message could not be submitted.";
}
return $msg;
}
$action = isset($_POST['action']) ? $_POST['action'] : '';
if ( $action == 'send_mail' ) {
$o = sendmail();
echo "<h2>$o</h2>";
}
?>
<div>
<form action="" method="post">
<div>
<input type="hidden" name="action" value="send_form" />
<button type="submit">Test Mail</button>
</div>
</form>
</div>
ASKER
by the way, i see this message when i log in:
/usr/sbin/sendmail: Exec format error
/usr/sbin/sendmail: Exec format error
Ok, check again to make sure qmail is running:
ps ax | grep qmail-send
Whether it is or not, try stopping and starting it:
/etc/init.d/qmail stop
/etc/init.d/qmail start
(According to Plesk/SWSoft, this is the way to start/stop qmail via command line. Another way to control it is through the Plesk control panel - you might want to try that first).
If you don't get any results, take a look into this log file:
/usr/local/psa/var/log/mai llog
(According to SWSoft, that is where the mail error messages will be logged).
ps ax | grep qmail-send
Whether it is or not, try stopping and starting it:
/etc/init.d/qmail stop
/etc/init.d/qmail start
(According to Plesk/SWSoft, this is the way to start/stop qmail via command line. Another way to control it is through the Plesk control panel - you might want to try that first).
If you don't get any results, take a look into this log file:
/usr/local/psa/var/log/mai
(According to SWSoft, that is where the mail error messages will be logged).
ASKER
this is the maillog content at the end, while i restarted it a couple of times from within plesk and also using the command you showed:
[root@u15246640 /]# tail -f /usr/local/psa/var/log/mai llog
Feb 11 14:26:47 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 209.250
Feb 11 14:36:00 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 129.240
Feb 11 14:43:27 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 209.250
Feb 11 14:46:07 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 219.84.
Feb 11 15:09:30 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 65.54.2
Feb 11 15:29:37 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 82.150.
Feb 11 15:33:28 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 209.250
Feb 11 15:49:43 u15246640 qmail: 1202762983.172630 status: exiting
Feb 11 15:50:00 u15246640 qmail: 1202763000.179039 status: local 0/200 remote 0/
Feb 11 15:50:07 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 209.250
Feb 11 15:57:59 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0
Feb 11 15:58:05 u15246640 qmail: 1202763485.330916 status: exiting
Feb 11 15:58:05 u15246640 qmail: 1202763485.457063 status: local 0/200 remote 0/
Feb 11 15:58:06 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0
Feb 11 15:59:25 u15246640 qmail: 1202763565.275466 status: exiting
Feb 11 15:59:25 u15246640 qmail: 1202763565.403041 status: local 0/200 remote 0/20
Feb 11 15:59:26 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0.1:48213 (localhost)
this is the output from the first command you posted:
[root@u15246640 /]# ps ax | grep qmail-send
5741 ? S 0:00 qmail-send
6546 pts/0 S+ 0:00 grep qmail-send
[root@u15246640 /]# tail -f /usr/local/psa/var/log/mai
Feb 11 14:26:47 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 209.250
Feb 11 14:36:00 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 129.240
Feb 11 14:43:27 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 209.250
Feb 11 14:46:07 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 219.84.
Feb 11 15:09:30 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 65.54.2
Feb 11 15:29:37 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 82.150.
Feb 11 15:33:28 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 209.250
Feb 11 15:49:43 u15246640 qmail: 1202762983.172630 status: exiting
Feb 11 15:50:00 u15246640 qmail: 1202763000.179039 status: local 0/200 remote 0/
Feb 11 15:50:07 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 209.250
Feb 11 15:57:59 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0
Feb 11 15:58:05 u15246640 qmail: 1202763485.330916 status: exiting
Feb 11 15:58:05 u15246640 qmail: 1202763485.457063 status: local 0/200 remote 0/
Feb 11 15:58:06 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0
Feb 11 15:59:25 u15246640 qmail: 1202763565.275466 status: exiting
Feb 11 15:59:25 u15246640 qmail: 1202763565.403041 status: local 0/200 remote 0/20
Feb 11 15:59:26 u15246640 relaylock: /var/qmail/bin/relaylock: mail from 127.0.0.1:48213 (localhost)
this is the output from the first command you posted:
[root@u15246640 /]# ps ax | grep qmail-send
5741 ? S 0:00 qmail-send
6546 pts/0 S+ 0:00 grep qmail-send
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
how can i post a pointer?
Wow, you 2 have been busy since I got off work yesterday ;o)
John Simpson's qfix (queue fixing) script worked great for me on a standard Qmail install too. (not sure if it would need to be any different on a Plesk install though)
http://qmail.jms1.net/scripts/qfixq.shtml
Also, I came across a post regarding the error '/usr/sbin/sendmail: Exec format error'. It mentioned that the file it was pointing too might be corrupt. (granted its for Postfix but its using the same standard sendmail link that yours is)
http://archives.neohapsis.com/archives/postfix/2006-06/0062.html
When you do an ls -al in /var/qmail/bin what does it say for the sendmail file? Mine looks like the following:
-rwxr-xr-x 1 root qmail 14040 2007-12-19 14:29 sendmail
John Simpson's qfix (queue fixing) script worked great for me on a standard Qmail install too. (not sure if it would need to be any different on a Plesk install though)
http://qmail.jms1.net/scripts/qfixq.shtml
Also, I came across a post regarding the error '/usr/sbin/sendmail: Exec format error'. It mentioned that the file it was pointing too might be corrupt. (granted its for Postfix but its using the same standard sendmail link that yours is)
http://archives.neohapsis.com/archives/postfix/2006-06/0062.html
When you do an ls -al in /var/qmail/bin what does it say for the sendmail file? Mine looks like the following:
-rwxr-xr-x 1 root qmail 14040 2007-12-19 14:29 sendmail
ASKER
i found the script that allowed the spammers attacks. emails seem to be going out now but get caught in most spam folders. until the blacklistings expire i would like to use an email server managed by the hosting company. how can i change the php/sendmail configuration in order to use another smtp server?
Have a look at the Pear Mail package:
http://pear.php.net/package/Mail
http://pear.php.net/package/Mail
ASKER
how can i change the sendmail configuration files or the php.ini in order to use another smtp server than is currently used?
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I will leave the following recommendation for this question in the Cleanup topic area:
Delete with points refunded
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
cyberwebservice
Experts Exchange Cleanup Volunteer
I will leave the following recommendation for this question in the Cleanup topic area:
Delete with points refunded
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
cyberwebservice
Experts Exchange Cleanup Volunteer