Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Please help massive spam being sent out

  1. #1

    Default Please help massive spam being sent out

    I'm currently trying to get a bunch of spam stopped in my server, my internet provider gave me a call and said that they were recieving mass amounts of spam from an email address coming of my sever. here are parts of the logs.
    http://pastebin.com/44Dpinjq
    If anyone can help me learn how to stop this I will be very grateful my dad started this business quite a few years ago and I lost him in January and I had to keep the business going, but sadly I didn't pay attention when he was trying to teach me how to maintain the servers and now I'm here trying to learn what is running this and how to stop it. Please also don't get frustrated if I ask a lot of questions, like I said I'm trying to learn to keep my dad's business going, I'm also only 17.
    Another thing popped up in the log, here it is:
    2015-07-02 23:07:38 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1ZAu8P-0005M5-Bo 2015-07-02 23:07:38 1ZAu8P-0005M5-Bo ** ed@edschooler.com: Too many "Received" headers - suspected mail loop 2015-07-02 23:07:38 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1ZAu8P-0005M5-Bo 2015-07-02 23:07:38 1ZAu8O-0005Ly-23 => ed@edschooler.com R=dnslookup T=remote_smtp H=mail.wecanhost4u.com [174.75.35.98] X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 C="250 OK id=1ZAu8P-0005M5-Bo" 2015-07-02 23:07:38 1ZAu8O-0005Ly-23 Completed

    Please if this is the wrong please guide me to the correct, I really need to get this fixed have angry customers that I've had to keep the servers offline to prevent more spam being sent out.



  2. #2
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,004

    Default Re: Please help massive spam being sent out

    Need to know a few things:
    - What is your exact setup?
    - What operating system version?
    - What mail server are you using?
    - Are you forwarding mail from LAN to WAN?

    Without knowing your exact setup, we can't really say anything. You could be effectively forwarding spam mail from compromised internal machines or you could be facing a backscatter bomb (your server forwards fake mail from external sources with a fake return address).
    .: miuku #suse @ irc.freenode.net
    :: miuku@opensuse.org

    .: h​ttps://download.opensuse.org/repositories/home:/Miuku/

  3. #3
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,634
    Blog Entries
    3

    Default Re: Please help massive spam being sent out

    Once upon a time, you could setup a mail server. If mail arrived that was not for a local user, you forwarded it.

    Then spam was invented.

    These days, you have to be very strict in setting up a mail server.

    In particular, you must not accept and forward mail unless:
    • the mail originates locally; or
    • the mail was received from a trusted network (typically your LAN); or
    • the sender of the mail has authenticated with a password or some similar method.


    At present, it is clear what you are doing. However, the easiest way to become a spam forwarder is to not insist on the above restrictions.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  4. #4

    Default Re: Please help massive spam being sent out

    Quote Originally Posted by Miuku View Post
    Need to know a few things:
    - What is your exact setup?
    - What operating system version?
    - What mail server are you using?
    - Are you forwarding mail from LAN to WAN?

    Without knowing your exact setup, we can't really say anything. You could be effectively forwarding spam mail from compromised internal machines or you could be facing a backscatter bomb (your server forwards fake mail from external sources with a fake return address).
    what do you mean by exact setup?
    Opensuse 13.1 KDE
    Exim, I also have dovecot, fail2ban, spamassassin, deamon (I may be missing more, but these are the ones I know about)
    and Yes I'm forwarding mail from LAN to WAN

    I'm really sorry I may be a real pain, I did not set this servers up my dad did, and he just passed away in January from cancer and I'm trying to keep his business going, so If I'm not getting the correct information or not understand I'm sorry I'm a complete noob to Linux.

  5. #5

    Default Re: Please help massive spam being sent out

    Quote Originally Posted by nrickert View Post
    Once upon a time, you could setup a mail server. If mail arrived that was not for a local user, you forwarded it.

    Then spam was invented.

    These days, you have to be very strict in setting up a mail server.

    In particular, you must not accept and forward mail unless:
    • the mail originates locally; or
    • the mail was received from a trusted network (typically your LAN); or
    • the sender of the mail has authenticated with a password or some similar method.


    At present, it is clear what you are doing. However, the easiest way to become a spam forwarder is to not insist on the above restrictions.
    We use authenticated passwords.

  6. #6

    Default Re: Please help massive spam being sent out

    Sorry scratch that, the 13.1 was one of my other servers, the one that is sending out mass spam as far as I can tell, is running 12.3 KDE. also all servers have clamav

  7. #7
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Please help massive spam being sent out

    On 2015-07-05 18:36, mindlessghost wrote:

    > what do you mean by exact setup?
    > Opensuse 13.1
    > Exim, I also have dovecot, fail2ban, spamassassin, deamon (I may be
    > missing more, but these are the ones I know about)
    > and Yes I'm forwarding mail from LAN to WAN
    >
    > I'm really sorry I may be a real pain, I did not set this servers up my
    > dad did, and he just passed away in January from cancer and I'm trying
    > to keep his business going, so If I'm not getting the correct
    > information or not understand I'm sorry I'm a complete noob to Linux.


    Well... My recommendation is to hire some one that understands Linux to
    have a good look at those servers, quick. And probably to maintain them.
    You can not have a mail server facing outside if you don't understand
    how it works. And... this is not intended as criticism of you, far from
    it. You have inherited a setup which you did not create nor really
    understand, and you simply need help. It is difficult even for an expert.


    By exact setup we mean "all". What operating system version, yes, but
    specifically how is email configured. What faces outside (probably
    exim), what does exim with what he gets, the configuration files (at
    least for exim). And if there are several machines, how they interact.


    I can not help with exim, sorry, I'm not familiar at all with it. I can
    not even understand those logs, no background.


    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  8. #8

    Default Re: Please help massive spam being sent out

    not possible to hire someone, kinda broke. That's why I'm trying to learn how to fix it myself.

    Quote Originally Posted by robin_listas View Post
    On 2015-07-05 18:36, mindlessghost wrote:

    > what do you mean by exact setup?
    > Opensuse 13.1
    > Exim, I also have dovecot, fail2ban, spamassassin, deamon (I may be
    > missing more, but these are the ones I know about)
    > and Yes I'm forwarding mail from LAN to WAN
    >
    > I'm really sorry I may be a real pain, I did not set this servers up my
    > dad did, and he just passed away in January from cancer and I'm trying
    > to keep his business going, so If I'm not getting the correct
    > information or not understand I'm sorry I'm a complete noob to Linux.


    Well... My recommendation is to hire some one that understands Linux to
    have a good look at those servers, quick. And probably to maintain them.
    You can not have a mail server facing outside if you don't understand
    how it works. And... this is not intended as criticism of you, far from
    it. You have inherited a setup which you did not create nor really
    understand, and you simply need help. It is difficult even for an expert.


    By exact setup we mean "all". What operating system version, yes, but
    specifically how is email configured. What faces outside (probably
    exim), what does exim with what he gets, the configuration files (at
    least for exim). And if there are several machines, how they interact.


    I can not help with exim, sorry, I'm not familiar at all with it. I can
    not even understand those logs, no background.


    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  9. #9
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Please help massive spam being sent out

    On 2015-07-05 20:06, mindlessghost wrote:
    >
    > not possible to hire someone, kinda broke. That's why I'm trying to
    > learn how to fix it myself.


    Well, let's hope somebody comes by that understand Exim. If none comes,
    you will have to ask on the Exim forum or mail list.

    I would consider stopping the mail server meanwhile, though.


    Otherwise... you may have to consider redoing the server yourself, so
    that you understand how it works and become its admin. I think that may
    be easier than understanding a server built by another person.


    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  10. #10

    Default Re: Please help massive spam being sent out

    considering restarting one of our backup servers and trying to learn how to get mail servers running that way and if I'm sucessful then maybe I'll just re do all the servers, but for the meantime the servers are offline so I'm not getting spam sent out.
    Quote Originally Posted by robin_listas View Post
    On 2015-07-05 20:06, mindlessghost wrote:
    >
    > not possible to hire someone, kinda broke. That's why I'm trying to
    > learn how to fix it myself.


    Well, let's hope somebody comes by that understand Exim. If none comes,
    you will have to ask on the Exim forum or mail list.

    I would consider stopping the mail server meanwhile, though.


    Otherwise... you may have to consider redoing the server yourself, so
    that you understand how it works and become its admin. I think that may
    be easier than understanding a server built by another person.


    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •