Discussion:
Error when sending mail through squirel mail
Terence
2011-03-15 09:55:09 UTC
Permalink
Dear Friends,

I am getting error "Requested action aborted: error in processing
451 qq temporary problem (#4.3.0)" when trying to send mail from qmail. and
logs in the " tail -f /var/spool/qmailscan/qmail-queue.log" says that
"error_condition: X-Antivirus-MYDOMAIN-1.25-st-qms: clamdscan: corrupt or
unknown clamd scanner error or memory/resource/perms problem - exit status
-1/72057594037927935". Kindly hep me.

Regards..
Shepherd Nhongo
2011-03-15 10:04:56 UTC
Permalink
Post by Terence
Dear Friends,
I am getting error "Requested action aborted: error in processing
451 qq temporary problem (#4.3.0)" when trying to send mail from qmail. and
logs in the " tail -f /var/spool/qmailscan/qmail-queue.log" says that
"error_condition: X-Antivirus-MYDOMAIN-1.25-st-qms: clamdscan: corrupt or
unknown clamd scanner error or
Clamav daemon / service is not running or your permissions are wrong :-)

check your clamd.conf user and owner plus the permissions on the dir as well

memory/resource/perms problem - exit status -1/72057594037927935". Kindly
Post by Terence
hep me.
Regards..
--
Shepherd Nhongo

Do not Queue mail with SENDMAIL, send mail with QMAIL

Mobile +267 74476040
Terence
2011-03-15 10:58:38 UTC
Permalink
Hi,

Thanks for your quick reply.

I had made the following changes to the clamd.conf file

"ll /etc/clamd.conf
-rw-r--r-- 1 root root 13983 Mar 15 00:05 /etc/clamd.conf

[***@mail ~]# chown root:clamav /etc/clamd.conf

[***@mail ~]# ll /etc/clamd.conf
-rw-r--r-- 1 root clamav 13983 Mar 15 00:05 /etc/clamd.conf"

But still i am getting "Message not sent. Server replied: Requested action
aborted: error in processing
451 qq temporary problem (#4.3.0)" error in squirel mail.

Regards
Terence
Post by Shepherd Nhongo
Post by Terence
Dear Friends,
I am getting error "Requested action aborted: error in processing
451 qq temporary problem (#4.3.0)" when trying to send mail from qmail.
and logs in the " tail -f /var/spool/qmailscan/qmail-queue.log" says that
"error_condition: X-Antivirus-MYDOMAIN-1.25-st-qms: clamdscan: corrupt or
unknown clamd scanner error or
Clamav daemon / service is not running or your permissions are wrong :-)
check your clamd.conf user and owner plus the permissions on the dir as well
memory/resource/perms problem - exit status -1/72057594037927935". Kindly
Post by Terence
hep me.
Regards..
--
Shepherd Nhongo
Do not Queue mail with SENDMAIL, send mail with QMAIL
Mobile +267 74476040
Shaumarov Boburhon
2011-03-24 11:37:39 UTC
Permalink
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><title></title>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<meta http-equiv="Content-Style-Type" content="text/css">
<style type="text/css"><!--
body {
margin: 5px 5px 5px 5px;
background-color: #ffffff;
}
/* ========== Text Styles ========== */
hr { color: #000000}
body, table /* Normal text */
{
font-size: 9pt;
font-family: 'Courier New';
font-style: normal;
font-weight: normal;
color: #000000;
text-decoration: none;
}
span.rvts1 /* Heading */
{
font-size: 10pt;
font-family: 'Arial';
font-weight: bold;
color: #0000ff;
}
span.rvts2 /* Subheading */
{
font-size: 10pt;
font-family: 'Arial';
font-weight: bold;
color: #000080;
}
span.rvts3 /* Keywords */
{
font-size: 10pt;
font-family: 'Arial';
font-style: italic;
color: #800000;
}
a.rvts4, span.rvts4 /* Jump 1 */
{
font-size: 10pt;
font-family: 'Arial';
color: #008000;
text-decoration: underline;
}
a.rvts5, span.rvts5 /* Jump 2 */
{
font-size: 10pt;
font-family: 'Arial';
color: #008000;
text-decoration: underline;
}
span.rvts6
{
font-size: 8pt;
font-family: 'arial';
font-style: italic;
color: #c0c0c0;
}
a.rvts7, span.rvts7
{
font-size: 8pt;
font-family: 'arial';
color: #0000ff;
text-decoration: underline;
}
/* ========== Para Styles ========== */
p,ul,ol /* Paragraph Style */
{
text-align: left;
text-indent: 0px;
padding: 0px 0px 0px 0px;
margin: 0px 0px 0px 0px;
}
.rvps1 /* Centered */
{
text-align: center;
}
--></style> </head> <body> <p>Hi Guys! I need your help...</p> <p>I can't find who is sending spam from my qmail server.&nbsp;</p> <p>If you will see with ps ax, u can see &nbsp;like this.&nbsp;</p> <p><br></p> <p>&nbsp;3355 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojpasricha-/***@public.gmane.org</p> <p>&nbsp;3356 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojpandeydo11s-/***@public.gmane.org</p> <p>&nbsp;3360 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-popup mail.intal.uz /var/popboxes/bin/vchkpw qmail-pop3d Maildir</p> <p>&nbsp;3366 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-pop3d Maildir</p> <p>&nbsp;3370 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojkumardhankhar-83-/***@public.gmane.org.in</p> <p>&nbsp;3371 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org manojkumar4891-/***@public.gmane.org</p> <p>&nbsp;3373 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojkumar10_yadav-/***@public.gmane.org</p> <p>&nbsp;3374 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote phmhealth.com david2000-QOiod4cnrWAN+***@public.gmane.org manojkum-HNfW5e86Fy21Z/+***@public.gmane.org</p> <p>&nbsp;3376 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojkmundhra-/***@public.gmane.org</p> <p>&nbsp;3378 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojjk2003-/***@public.gmane.org</p> <p>&nbsp;3380 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojjain14-/***@public.gmane.org</p> <p>&nbsp;3381 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojdwivedi_obra-/***@public.gmane.org</p> <p>&nbsp;3383 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojdhuran-/***@public.gmane.org</p> <p>&nbsp;3385 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojcoco_07-/***@public.gmane.org</p> <p>&nbsp;3388 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojamrit-/***@public.gmane.org</p> <p>&nbsp;3390 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_yk-/***@public.gmane.org</p> <p>&nbsp;3400 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_ya123-/***@public.gmane.org</p> <p>&nbsp;3402 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_srg-/***@public.gmane.org</p> <p>&nbsp;3403 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_shuklajss-/***@public.gmane.org</p> <p>&nbsp;3404 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_sharmarjit-/***@public.gmane.org</p> <p>&nbsp;3412 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_sharmamks-/***@public.gmane.org</p> <p>&nbsp;3413 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org manoj_sharma_786-/***@public.gmane.org</p> <p>&nbsp;3414 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org manoj_sh76-/***@public.gmane.org</p> <p>&nbsp;3423 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_rkgit007-/***@public.gmane.org</p> <p>&nbsp;3442 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org manoj_paswan22-/***@public.gmane.org</p> <p>&nbsp;3443 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org manoj_pandey511-/***@public.gmane.org</p> <p>&nbsp;3444 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org manoj_nerist-/***@public.gmane.org</p> <p>&nbsp;3445 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_mehta20007-/***@public.gmane.org</p> <p>&nbsp;3448 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_march02-/***@public.gmane.org</p> <p>&nbsp;3450 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_manojmbd-/***@public.gmane.org</p> <p>&nbsp;3451 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_kv_engg-/***@public.gmane.org</p> <p>&nbsp;3452 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_kumar_malik-/***@public.gmane.org</p> <p>&nbsp;3453 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_kumar_kushwaha-/E1597aS9LThvxM+***@public.gmane.orgin</p> <p>&nbsp;3454 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org ***@yahoo.co.in</p> <p>&nbsp;3455 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_kulwant-/***@public.gmane.org</p> <p>&nbsp;3456 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_kmohapatra-/***@public.gmane.org</p> <p>&nbsp;3457 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_iimc2000-/***@public.gmane.org</p> <p>&nbsp;3458 ? &nbsp; &nbsp; &nbsp; &nbsp;S &nbsp; &nbsp; &nbsp;0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org manoj_happy2005-/***@public.gmane.org</p> <p><br></p> <p><br></p> <p>while looking tail -f /var/service/qmail-send/log/main/current, see just this</p> <p><br></p> <p>@400000004d8b2c13158bf014 starting delivery 14104: msg 854481 to remote mirbin24dec-/***@public.gmane.org</p> <p>@400000004d8b2c13158c039c status: local 0/10 remote 255/255</p> <p>@400000004d8b2c131d94614c delivery 13856: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/</p> <p>@400000004d8b2c131d9478bc status: local 0/10 remote 254/255</p> <p>@400000004d8b2c131d94885c starting delivery 14105: msg 854481 to remote minaxi_ism-/***@public.gmane.org</p> <p>@400000004d8b2c131d949be4 status: local 0/10 remote 255/255</p> <p>@400000004d8b2c132659295c delivery 13954: deferral: Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/</p> <p>@400000004d8b2c13265940cc status: local 0/10 remote 254/255</p> <p>@400000004d8b2c1326595454 starting delivery 14106: msg 854481 to remote minal_likerain-/***@public.gmane.org</p> <p>@400000004d8b2c13265963f4 status: local 0/10 remote 255/255</p> <p>@400000004d8b2c140cff2024 delivery 13947: deferral: Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/</p> <p>@400000004d8b2c140cff3b7c status: local 0/10 remote 254/255</p> <p>@400000004d8b2c140cff4b1c starting delivery 14107: msg 854481 to remote mig_26aug-/***@public.gmane.org</p> <p>@400000004d8b2c140cff5ea4 status: local 0/10 remote 255/255</p> <p>@400000004d8b2c1500918bc4 delivery 14022: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/</p> <p>@400000004d8b2c150091ab04 status: local 0/10 remote 254/255</p> <p>@400000004d8b2c150091be8c starting delivery 14108: msg 854481 to remote micheymahapatro-/***@public.gmane.org</p> <p>@400000004d8b2c150091ce2c status: local 0/10 remote 255/255</p> <p>@400000004d8b2c1500be4114 delivery 14000: success: 84.54.69.222_accepted_message./Remote_host_said:_250_2.0.0_p2OBZ9O1018947_Message_accepted_for_delivery/</p> <p>@400000004d8b2c1500be5884 status: local 0/10 remote 254/255</p> <p>@400000004d8b2c1500be6c0c end msg 854058</p> <p>@400000004d8b2c1500c2e494 starting delivery 14109: msg 854481 to remote mia11011972-/***@public.gmane.org</p> <p>@400000004d8b2c1500c2f81c status: local 0/10 remote 255/255</p> <p>@400000004d8b2c15051b2eac delivery 12735: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/</p> <p>@400000004d8b2c15051b461c status: local 0/10 remote 254/255</p> <p>@400000004d8b2c15051b55bc starting delivery 14110: msg 854481 to remote mi_siddiqui-/***@public.gmane.org</p> <p>@400000004d8b2c15051b6944 status: local 0/10 remote 255/255</p> <p>@400000004d8b2c1512e7f934 delivery 14031: deferral: Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/</p> <p>@400000004d8b2c1512e810a4 status: local 0/10 remote 254/255</p> <p>@400000004d8b2c1512e8242c starting delivery 14111: msg 854481 to remote mgupta314-/***@public.gmane.org</p> <p>@400000004d8b2c1512e833cc status: local 0/10 remote 255/255</p> <p>@400000004d8b2c1530fab434 delivery 13891: deferral: Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/</p> <p>@400000004d8b2c1530facf8c status: local 0/10 remote 254/255</p> <p>@400000004d8b2c1530fae314 starting delivery 14112: msg 854481 to remote mgulati_19nov-/***@public.gmane.org</p> <p>&nbsp;&nbsp;</p> <p><br></p> <p>how to find out by which user it's sending from my server. I think one of my users infacted, and from his login it's all sending.</p> <p>Relay clinet configured proparly.</p> <p><br></p> <p>Thanks in advace</p> <p><span class=rvts6>--&nbsp;</span></p> <p><br></p> <p><span class=rvts6>With best regards,</span></p> <p><span class=rvts6>&nbsp; &nbsp;Shaumarov Boburhon</span></p> <p><br></p> <p><span class=rvts6>&nbsp; ISP &lt;&lt;UzNet&gt;&gt;</span></p>
<p><span class=rvts6>&nbsp; Contacts :</span></p>
<p><span class=rvts6>&nbsp; icq# : 192-467-164&nbsp;</span></p>
<p><span class=rvts6>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;mailto: &nbsp;</span><a class=rvts7 href="mailto:mighty_bob-***@public.gmane.org">mighty_bob-***@public.gmane.org</a></p>

</body></html>
Torsten Kersandt
2011-03-24 11:52:11 UTC
Permalink
HI

If you use smtp-auth look at the /var/log/maillog

Look for lines as in

Mar 24 11:46:27 www vpopmail[92340]: vchkpw-smtp:
or
Mar 24 11:46:27 www vpopmail[92340]: vchkpw-smtps:


and the ~qmail-send/current log file

if a user is logging in for sending more than usual, change the password
and if you are sure it is the right one, delete

regards
torsten



From: Shaumarov Boburhon [mailto:mighty_bob-***@public.gmane.org]
Sent: 24 March 2011 11:38
To: qmr-iGp6mRlwfsr/sFSC9fAAV0B+***@public.gmane.org
Subject: [qmr] How to find out who is spamming



Hi Guys! I need your help...

I can't find who is sending spam from my qmail server.

If you will see with ps ax, u can see like this.



3355 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manojpasricha-/***@public.gmane.org

3356 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manojpandeydo11s-/***@public.gmane.org

3360 ? S 0:00 qmail-popup mail.intal.uz
/var/popboxes/bin/vchkpw qmail-pop3d Maildir

3366 ? S 0:00 qmail-pop3d Maildir

3370 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manojkumardhankhar-83-/***@public.gmane.org

3371 ? S 0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org
manojkumar4891-/***@public.gmane.org

3373 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manojkumar10_yadav-/***@public.gmane.org

3374 ? S 0:00 qmail-remote phmhealth.com
david2000-QOiod4cnrWAN+***@public.gmane.org manojkum-HNfW5e86Fy21Z/+***@public.gmane.org

3376 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manojkmundhra-/***@public.gmane.org

3378 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manojjk2003-/***@public.gmane.org

3380 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manojjain14-/***@public.gmane.org

3381 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manojdwivedi_obra-/***@public.gmane.org

3383 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manojdhuran-/***@public.gmane.org

3385 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manojcoco_07-/***@public.gmane.org

3388 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manojamrit-/***@public.gmane.org

3390 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_yk-/***@public.gmane.org

3400 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_ya123-/***@public.gmane.org

3402 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_srg-/***@public.gmane.org

3403 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_shuklajss-/***@public.gmane.org

3404 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_sharmarjit-/***@public.gmane.org

3412 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_sharmamks-/***@public.gmane.org

3413 ? S 0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_sharma_786-/***@public.gmane.org

3414 ? S 0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_sh76-/***@public.gmane.org

3423 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_rkgit007-/***@public.gmane.org

3442 ? S 0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_paswan22-/***@public.gmane.org

3443 ? S 0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_pandey511-/***@public.gmane.org

3444 ? S 0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_nerist-/***@public.gmane.org

3445 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_mehta20007-/***@public.gmane.org

3448 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_march02-/***@public.gmane.org

3450 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_manojmbd-/***@public.gmane.org

3451 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_kv_engg-/***@public.gmane.org

3452 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_kumar_malik-/***@public.gmane.org

3453 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_kumar_kushwaha-/***@public.gmane.org

3454 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_kumar_choudhary25-/***@public.gmane.org

3455 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_kulwant-/***@public.gmane.org

3456 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_kmohapatra-/***@public.gmane.org

3457 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_iimc2000-/***@public.gmane.org

3458 ? S 0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org
manoj_happy2005-/***@public.gmane.org





while looking tail -f /var/service/qmail-send/log/main/current, see just
this



@400000004d8b2c13158bf014 starting delivery 14104: msg 854481 to remote
mirbin24dec-/***@public.gmane.org

@400000004d8b2c13158c039c status: local 0/10 remote 255/255

@400000004d8b2c131d94614c delivery 13856: deferral:
Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/

@400000004d8b2c131d9478bc status: local 0/10 remote 254/255

@400000004d8b2c131d94885c starting delivery 14105: msg 854481 to remote
minaxi_ism-/***@public.gmane.org

@400000004d8b2c131d949be4 status: local 0/10 remote 255/255

@400000004d8b2c132659295c delivery 13954: deferral:
Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/

@400000004d8b2c13265940cc status: local 0/10 remote 254/255

@400000004d8b2c1326595454 starting delivery 14106: msg 854481 to remote
minal_likerain-/***@public.gmane.org

@400000004d8b2c13265963f4 status: local 0/10 remote 255/255

@400000004d8b2c140cff2024 delivery 13947: deferral:
Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/

@400000004d8b2c140cff3b7c status: local 0/10 remote 254/255

@400000004d8b2c140cff4b1c starting delivery 14107: msg 854481 to remote
mig_26aug-/***@public.gmane.org

@400000004d8b2c140cff5ea4 status: local 0/10 remote 255/255

@400000004d8b2c1500918bc4 delivery 14022: deferral:
Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/

@400000004d8b2c150091ab04 status: local 0/10 remote 254/255

@400000004d8b2c150091be8c starting delivery 14108: msg 854481 to remote
micheymahapatro-/***@public.gmane.org

@400000004d8b2c150091ce2c status: local 0/10 remote 255/255

@400000004d8b2c1500be4114 delivery 14000: success:
84.54.69.222_accepted_message./Remote_host_said:_250_2.0.0_p2OBZ9O1018947_Me
ssage_accepted_for_delivery/

@400000004d8b2c1500be5884 status: local 0/10 remote 254/255

@400000004d8b2c1500be6c0c end msg 854058

@400000004d8b2c1500c2e494 starting delivery 14109: msg 854481 to remote
mia11011972-/***@public.gmane.org

@400000004d8b2c1500c2f81c status: local 0/10 remote 255/255

@400000004d8b2c15051b2eac delivery 12735: deferral:
Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/

@400000004d8b2c15051b461c status: local 0/10 remote 254/255

@400000004d8b2c15051b55bc starting delivery 14110: msg 854481 to remote
mi_siddiqui-/***@public.gmane.org

@400000004d8b2c15051b6944 status: local 0/10 remote 255/255

@400000004d8b2c1512e7f934 delivery 14031: deferral:
Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/

@400000004d8b2c1512e810a4 status: local 0/10 remote 254/255

@400000004d8b2c1512e8242c starting delivery 14111: msg 854481 to remote
mgupta314-/***@public.gmane.org

@400000004d8b2c1512e833cc status: local 0/10 remote 255/255

@400000004d8b2c1530fab434 delivery 13891: deferral:
Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/

@400000004d8b2c1530facf8c status: local 0/10 remote 254/255

@400000004d8b2c1530fae314 starting delivery 14112: msg 854481 to remote
mgulati_19nov-/***@public.gmane.org





how to find out by which user it's sending from my server. I think one of my
users infacted, and from his login it's all sending.

Relay clinet configured proparly.



Thanks in advace
--
With best regards,

Shaumarov Boburhon



ISP <<UzNet>>

Contacts :

icq# : 192-467-164

mailto: <mailto:mighty_bob-***@public.gmane.org>
mighty_bob-***@public.gmane.org
Abhishek Anand Amralkar
2011-03-25 04:49:29 UTC
Permalink
This something related to Back Scatter.It seems one of your machine in
network is compromised .

-Abhishek

On Thu, Mar 24, 2011 at 5:07 PM, Shaumarov Boburhon
Post by Shaumarov Boburhon
Hi Guys! I need your help...
I can't find who is sending spam from my qmail server.
If you will see with ps ax, u can see like this.
3355 ? S 0:00 qmail-remote yahoo.co.in
3356 ? S 0:00 qmail-remote yahoo.co.in
3360 ? S 0:00 qmail-popup mail.intal.uz/var/popboxes/bin/vchkpw qmail-pop3d Maildir
3366 ? S 0:00 qmail-pop3d Maildir
3370 ? S 0:00 qmail-remote yahoo.co.in
3373 ? S 0:00 qmail-remote yahoo.co.in
3374 ? S 0:00 qmail-remote phmhealth.com
3376 ? S 0:00 qmail-remote yahoo.co.in
3378 ? S 0:00 qmail-remote yahoo.co.in
3380 ? S 0:00 qmail-remote yahoo.co.in
3381 ? S 0:00 qmail-remote yahoo.co.in
3383 ? S 0:00 qmail-remote yahoo.co.in
3385 ? S 0:00 qmail-remote yahoo.co.in
3388 ? S 0:00 qmail-remote yahoo.co.in
3390 ? S 0:00 qmail-remote yahoo.co.in
3400 ? S 0:00 qmail-remote yahoo.co.in
3402 ? S 0:00 qmail-remote yahoo.co.in
3403 ? S 0:00 qmail-remote yahoo.co.in
3404 ? S 0:00 qmail-remote yahoo.co.in
3412 ? S 0:00 qmail-remote yahoo.co.in
3423 ? S 0:00 qmail-remote yahoo.co.in
3445 ? S 0:00 qmail-remote yahoo.co.in
3448 ? S 0:00 qmail-remote yahoo.co.in
3450 ? S 0:00 qmail-remote yahoo.co.in
3451 ? S 0:00 qmail-remote yahoo.co.in
3452 ? S 0:00 qmail-remote yahoo.co.in
3453 ? S 0:00 qmail-remote yahoo.co.in
3454 ? S 0:00 qmail-remote yahoo.co.in
3455 ? S 0:00 qmail-remote yahoo.co.in
3456 ? S 0:00 qmail-remote yahoo.co.in
3457 ? S 0:00 qmail-remote yahoo.co.in
while looking tail -f /var/service/qmail-send/log/main/current, see just
this
@400000004d8b2c13158bf014 starting delivery 14104: msg 854481 to remote
@400000004d8b2c13158c039c status: local 0/10 remote 255/255
Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
@400000004d8b2c131d9478bc status: local 0/10 remote 254/255
@400000004d8b2c131d94885c starting delivery 14105: msg 854481 to remote
@400000004d8b2c131d949be4 status: local 0/10 remote 255/255
Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/
@400000004d8b2c13265940cc status: local 0/10 remote 254/255
@400000004d8b2c1326595454 starting delivery 14106: msg 854481 to remote
@400000004d8b2c13265963f4 status: local 0/10 remote 255/255
Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/
@400000004d8b2c140cff3b7c status: local 0/10 remote 254/255
@400000004d8b2c140cff4b1c starting delivery 14107: msg 854481 to remote
@400000004d8b2c140cff5ea4 status: local 0/10 remote 255/255
Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
@400000004d8b2c150091ab04 status: local 0/10 remote 254/255
@400000004d8b2c150091be8c starting delivery 14108: msg 854481 to remote
@400000004d8b2c150091ce2c status: local 0/10 remote 255/255
84.54.69.222_accepted_message./Remote_host_said:_250_2.0.0_p2OBZ9O1018947_Message_accepted_for_delivery/
@400000004d8b2c1500be5884 status: local 0/10 remote 254/255
@400000004d8b2c1500be6c0c end msg 854058
@400000004d8b2c1500c2e494 starting delivery 14109: msg 854481 to remote
@400000004d8b2c1500c2f81c status: local 0/10 remote 255/255
Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
@400000004d8b2c15051b461c status: local 0/10 remote 254/255
@400000004d8b2c15051b55bc starting delivery 14110: msg 854481 to remote
@400000004d8b2c15051b6944 status: local 0/10 remote 255/255
Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/
@400000004d8b2c1512e810a4 status: local 0/10 remote 254/255
@400000004d8b2c1512e8242c starting delivery 14111: msg 854481 to remote
@400000004d8b2c1512e833cc status: local 0/10 remote 255/255
Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/
@400000004d8b2c1530facf8c status: local 0/10 remote 254/255
@400000004d8b2c1530fae314 starting delivery 14112: msg 854481 to remote
how to find out by which user it's sending from my server. I think one of
my users infacted, and from his login it's all sending.
Relay clinet configured proparly.
Thanks in advace
--
With best regards,
Shaumarov Boburhon
ISP <<UzNet>>
icq# : 192-467-164
--
Shitur
Shepherd Nhongo
2011-03-25 04:59:06 UTC
Permalink
Sent from my iPhone®
This something related to Back Scatter.It seems one of your machine in network is compromised .
-Abhishek
The best way to deal with such issue is to allow only you mail servers to talk to the www on port 25 alone. On your gateway put a rule that drops all other hosts smtp connections. I use a Linux gateway, to check who is spamming I use tcpdump and it has sufficient details
Hi Guys! I need your help...
I can't find who is sending spam from my qmail server.
If you will see with ps ax, u can see like this.
3360 ? S 0:00 qmail-popup mail.intal.uz /var/popboxes/bin/vchkpw qmail-pop3d Maildir
3366 ? S 0:00 qmail-pop3d Maildir
while looking tail -f /var/service/qmail-send/log/main/current, see just this
@400000004d8b2c13158bf014 starting delivery 14104: msg 854481 to remote mirbin24dec-/***@public.gmane.org
@400000004d8b2c13158c039c status: local 0/10 remote 255/255
@400000004d8b2c131d94614c delivery 13856: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
@400000004d8b2c131d9478bc status: local 0/10 remote 254/255
@400000004d8b2c131d94885c starting delivery 14105: msg 854481 to remote minaxi_ism-/***@public.gmane.org
@400000004d8b2c131d949be4 status: local 0/10 remote 255/255
@400000004d8b2c132659295c delivery 13954: deferral: Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/
@400000004d8b2c13265940cc status: local 0/10 remote 254/255
@400000004d8b2c1326595454 starting delivery 14106: msg 854481 to remote minal_likerain-/***@public.gmane.org
@400000004d8b2c13265963f4 status: local 0/10 remote 255/255
@400000004d8b2c140cff2024 delivery 13947: deferral: Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/
@400000004d8b2c140cff3b7c status: local 0/10 remote 254/255
@400000004d8b2c140cff4b1c starting delivery 14107: msg 854481 to remote mig_26aug-/***@public.gmane.org
@400000004d8b2c140cff5ea4 status: local 0/10 remote 255/255
@400000004d8b2c1500918bc4 delivery 14022: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
@400000004d8b2c150091ab04 status: local 0/10 remote 254/255
@400000004d8b2c150091be8c starting delivery 14108: msg 854481 to remote micheymahapatro-/***@public.gmane.org
@400000004d8b2c150091ce2c status: local 0/10 remote 255/255
@400000004d8b2c1500be4114 delivery 14000: success: 84.54.69.222_accepted_message./Remote_host_said:_250_2.0.0_p2OBZ9O1018947_Message_accepted_for_delivery/
@400000004d8b2c1500be5884 status: local 0/10 remote 254/255
@400000004d8b2c1500be6c0c end msg 854058
@400000004d8b2c1500c2e494 starting delivery 14109: msg 854481 to remote mia11011972-/***@public.gmane.org
@400000004d8b2c1500c2f81c status: local 0/10 remote 255/255
@400000004d8b2c15051b2eac delivery 12735: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
@400000004d8b2c15051b461c status: local 0/10 remote 254/255
@400000004d8b2c15051b55bc starting delivery 14110: msg 854481 to remote mi_siddiqui-/***@public.gmane.org
@400000004d8b2c15051b6944 status: local 0/10 remote 255/255
@400000004d8b2c1512e7f934 delivery 14031: deferral: Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/
@400000004d8b2c1512e810a4 status: local 0/10 remote 254/255
@400000004d8b2c1512e8242c starting delivery 14111: msg 854481 to remote mgupta314-/***@public.gmane.org
@400000004d8b2c1512e833cc status: local 0/10 remote 255/255
@400000004d8b2c1530fab434 delivery 13891: deferral: Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/
@400000004d8b2c1530facf8c status: local 0/10 remote 254/255
@400000004d8b2c1530fae314 starting delivery 14112: msg 854481 to remote mgulati_19nov-/***@public.gmane.org
how to find out by which user it's sending from my server. I think one of my users infacted, and from his login it's all sending.
Relay clinet configured proparly.
Thanks in advace
--
With best regards,
Shaumarov Boburhon
ISP <<UzNet>>
icq# : 192-467-164
--
Shitur
Shaumarov Boburhon
2011-03-25 06:03:23 UTC
Permalink
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><title></title>
<META http-equiv=Content-Type content="text/html; charset=default">
<meta http-equiv="Content-Style-Type" content="text/css">
<style type="text/css"><!--
body {
margin: 5px 5px 5px 5px;
background-color: #ffffff;
}
/* ========== Text Styles ========== */
hr { color: #000000}
body, table /* Normal text */
{
font-size: 9pt;
font-family: 'Courier New';
font-style: normal;
font-weight: normal;
color: #000000;
text-decoration: none;
}
span.rvts1 /* Heading */
{
font-size: 10pt;
font-family: 'Arial';
font-weight: bold;
color: #0000ff;
}
span.rvts2 /* Subheading */
{
font-size: 10pt;
font-family: 'Arial';
font-weight: bold;
color: #000080;
}
span.rvts3 /* Keywords */
{
font-size: 10pt;
font-family: 'Arial';
font-style: italic;
color: #800000;
}
a.rvts4, span.rvts4 /* Jump 1 */
{
font-size: 10pt;
font-family: 'Arial';
color: #008000;
text-decoration: underline;
}
a.rvts5, span.rvts5 /* Jump 2 */
{
font-size: 10pt;
font-family: 'Arial';
color: #008000;
text-decoration: underline;
}
span.rvts6
{
font-size: 8pt;
font-family: 'arial';
font-style: italic;
color: #c0c0c0;
}
a.rvts7, span.rvts7
{
font-size: 8pt;
font-family: 'arial';
color: #0000ff;
text-decoration: underline;
}
span.rvts8
{
font-size: 13pt;
font-family: 'times new roman';
}
/* ========== Para Styles ========== */
p,ul,ol /* Paragraph Style */
{
text-align: left;
text-indent: 0px;
padding: 0px 0px 0px 0px;
margin: 0px 0px 0px 0px;
}
.rvps1 /* Centered */
{
text-align: center;
}
--></style> </head> <body> <p><br></p> <p>Sure of course! The problem was one of my user accounts login was hacked, and using imap service spam was sending.&nbsp;</p> <p><br></p> <p>just looking log files, i saw the login and just changes password</p> <p><br></p> <p>tail -f /var/log/maillog | grep imap</p> <p><br></p> <p><br></p> <p><br></p> <p><br></p> <p>Great...<span class=rvts8>&nbsp;</span></p> <p><br></p> <p>How did you find out man ? Can you share with us ? &nbsp;&nbsp;</p> <p><br></p> <p><span class=rvts6>--&nbsp;</span></p> <p><br></p> <p><span class=rvts6>With best regards,</span></p> <p><span class=rvts6>&nbsp; &nbsp;Shaumarov Boburhon</span></p> <p><br></p> <p><span class=rvts6>&nbsp; ISP &lt;&lt;UzNet&gt;&gt;</span></p>
<p><span class=rvts6>&nbsp; Contacts :</span></p>
<p><span class=rvts6>&nbsp; icq# : 192-467-164&nbsp;</span></p>
<p><span class=rvts6>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;mailto: &nbsp;</span><a class=rvts7 href="mailto:mighty_bob-***@public.gmane.org">mighty_bob-***@public.gmane.org</a></p>

</body></html>
Shepherd Nhongo
2011-03-25 06:09:05 UTC
Permalink
On Fri, Mar 25, 2011 at 8:03 AM, Shaumarov Boburhon
Post by Shaumarov Boburhon
Sure of course! The problem was one of my user accounts login was hacked,
and using imap service spam was sending.
Oh thanks.
How did they manage to hack the pass? I hope you will put preventive
measures to avoid this from happening. Current password change is a
corrective measure. Good luck. You need to close that loop hole that got the
pass to be compromised.

Cheers man
Post by Shaumarov Boburhon
just looking log files, i saw the login and just changes password
tail -f /var/log/maillog | grep imap
Great...
How did you find out man ? Can you share with us ?
--
With best regards,
Shaumarov Boburhon
ISP <<UzNet>>
icq# : 192-467-164
--
Shepherd Nhongo

Do not Queue mail with SENDMAIL, send mail with QMAIL

Mobile +267 74476040
GoofY
2011-03-15 10:30:13 UTC
Permalink
Like Shepherd said, it's a permission problem.
This might be connected to APP-ARMOR if your using Ubuntu (10.04)
I had to change it.

just me 2 cents.
Post by Terence
Dear Friends,
I am getting error "Requested action aborted: error in processing
451 qq temporary problem (#4.3.0)" when trying to send mail from qmail. and
logs in the " tail -f /var/spool/qmailscan/qmail-queue.log" says that
"error_condition: X-Antivirus-MYDOMAIN-1.25-st-qms: clamdscan: corrupt or
unknown clamd scanner error or memory/resource/perms problem - exit status
-1/72057594037927935". Kindly hep me.
Regards..
Shaumarov Boburhon
2011-03-25 05:36:40 UTC
Permalink
Hy guys! Tanx for advice! I found out who was spamming!




This something related to Back Scatter.It seems one of your machine in network is compromised .

-Abhishek

On Thu, Mar 24, 2011 at 5:07 PM, Shaumarov Boburhon <mighty_bob-***@public.gmane.org> wrote:



The best way to deal with such issue is to allow only you mail servers to talk to the www on port 25 alone. On your gateway put a rule that drops all other hosts smtp connections. I use a Linux gateway, to check who is spamming I use tcpdump and it has sufficient details
Hi Guys! I need your help...
I can't find who is sending spam from my qmail server.
If you will see with ps ax, u can see like this.

3355 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojpasricha-/***@public.gmane.org
3356 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojpandeydo11s-/***@public.gmane.org
3360 ? S 0:00 qmail-popup mail.intal.uz /var/popboxes/bin/vchkpw qmail-pop3d Maildir
3366 ? S 0:00 qmail-pop3d Maildir
3370 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojkumardhankhar-83-/***@public.gmane.org
3371 ? S 0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org manojkumar4891-/***@public.gmane.org
3373 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojkumar10_yadav-/***@public.gmane.org
3374 ? S 0:00 qmail-remote phmhealth.com david2000-QOiod4cnrWAN+***@public.gmane.org manojkum-HNfW5e86Fy21Z/+***@public.gmane.org
3376 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojkmundhra-/***@public.gmane.org
3378 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojjk2003-/***@public.gmane.org
3380 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojjain14-/***@public.gmane.org
3381 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojdwivedi_obra-/***@public.gmane.org
3383 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojdhuran-/***@public.gmane.org
3385 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojcoco_07-/***@public.gmane.org
3388 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manojamrit-/***@public.gmane.org
3390 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_yk-/***@public.gmane.org
3400 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_ya123-/***@public.gmane.org
3402 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_srg-/***@public.gmane.org
3403 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_shuklajss-/***@public.gmane.org
3404 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_sharmarjit-/***@public.gmane.org
3412 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_sharmamks-/***@public.gmane.org
3413 ? S 0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org manoj_sharma_786-/***@public.gmane.org
3414 ? S 0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org manoj_sh76-/***@public.gmane.org
3423 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_rkgit007-/***@public.gmane.org
3442 ? S 0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org manoj_paswan22-/***@public.gmane.org
3443 ? S 0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org manoj_pandey511-/***@public.gmane.org
3444 ? S 0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org manoj_nerist-/***@public.gmane.org
3445 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_mehta20007-/***@public.gmane.org
3448 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_march02-/***@public.gmane.org
3450 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_manojmbd-/***@public.gmane.org
3451 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_kv_engg-/***@public.gmane.org
3452 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_kumar_malik-/***@public.gmane.org
3453 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_kumar_kushwaha-/***@public.gmane.org
3454 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_kumar_choudhary25-/***@public.gmane.org
3455 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_kulwant-/***@public.gmane.org
3456 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_kmohapatra-/***@public.gmane.org
3457 ? S 0:00 qmail-remote yahoo.co.in david2000-QOiod4cnrWAN+***@public.gmane.org manoj_iimc2000-/***@public.gmane.org
3458 ? S 0:00 qmail-remote yahoo.com david2000-QOiod4cnrWAN+***@public.gmane.org manoj_happy2005-/***@public.gmane.org


while looking tail -f /var/service/qmail-send/log/main/current, see just this

@400000004d8b2c13158bf014 starting delivery 14104: msg 854481 to remote mirbin24dec-/***@public.gmane.org
@400000004d8b2c13158c039c status: local 0/10 remote 255/255
@400000004d8b2c131d94614c delivery 13856: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
@400000004d8b2c131d9478bc status: local 0/10 remote 254/255
@400000004d8b2c131d94885c starting delivery 14105: msg 854481 to remote minaxi_ism-/***@public.gmane.org
@400000004d8b2c131d949be4 status: local 0/10 remote 255/255
@400000004d8b2c132659295c delivery 13954: deferral: Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/
@400000004d8b2c13265940cc status: local 0/10 remote 254/255
@400000004d8b2c1326595454 starting delivery 14106: msg 854481 to remote minal_likerain-/***@public.gmane.org
@400000004d8b2c13265963f4 status: local 0/10 remote 255/255
@400000004d8b2c140cff2024 delivery 13947: deferral: Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/
@400000004d8b2c140cff3b7c status: local 0/10 remote 254/255
@400000004d8b2c140cff4b1c starting delivery 14107: msg 854481 to remote mig_26aug-/***@public.gmane.org
@400000004d8b2c140cff5ea4 status: local 0/10 remote 255/255
@400000004d8b2c1500918bc4 delivery 14022: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
@400000004d8b2c150091ab04 status: local 0/10 remote 254/255
@400000004d8b2c150091be8c starting delivery 14108: msg 854481 to remote micheymahapatro-/***@public.gmane.org
@400000004d8b2c150091ce2c status: local 0/10 remote 255/255
@400000004d8b2c1500be4114 delivery 14000: success: 84.54.69.222_accepted_message./Remote_host_said:_250_2.0.0_p2OBZ9O1018947_Message_accepted_for_delivery/
@400000004d8b2c1500be5884 status: local 0/10 remote 254/255
@400000004d8b2c1500be6c0c end msg 854058
@400000004d8b2c1500c2e494 starting delivery 14109: msg 854481 to remote mia11011972-/***@public.gmane.org
@400000004d8b2c1500c2f81c status: local 0/10 remote 255/255
@400000004d8b2c15051b2eac delivery 12735: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
@400000004d8b2c15051b461c status: local 0/10 remote 254/255
@400000004d8b2c15051b55bc starting delivery 14110: msg 854481 to remote mi_siddiqui-/***@public.gmane.org
@400000004d8b2c15051b6944 status: local 0/10 remote 255/255
@400000004d8b2c1512e7f934 delivery 14031: deferral: Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/
@400000004d8b2c1512e810a4 status: local 0/10 remote 254/255
@400000004d8b2c1512e8242c starting delivery 14111: msg 854481 to remote mgupta314-/***@public.gmane.org
@400000004d8b2c1512e833cc status: local 0/10 remote 255/255
@400000004d8b2c1530fab434 delivery 13891: deferral: Connected_to_180.222.96.138_but_connection_died._(#4.4.2)/
@400000004d8b2c1530facf8c status: local 0/10 remote 254/255
@400000004d8b2c1530fae314 starting delivery 14112: msg 854481 to remote mgulati_19nov-/***@public.gmane.org


how to find out by which user it's sending from my server. I think one of my users infacted, and from his login it's all sending.
Relay clinet configured proparly.

Thanks in advace
--
With best regards,
Shaumarov Boburhon

ISP <<UzNet>>
Contacts :
icq# : 192-467-164
mailto: mighty_bob-***@public.gmane.org
--
Shitur
--
With best regards,
Shaumarov Boburhon

ISP <<UzNet>>
Contacts :
icq# : 192-467-164
mailto: mighty_bob-***@public.gmane.org
Shepherd Nhongo
2011-03-25 05:39:52 UTC
Permalink
On Fri, Mar 25, 2011 at 7:36 AM, Shaumarov Boburhon
Post by Shaumarov Boburhon
Hy guys! Tanx for advice! I found out who was spamming!
Great...
How did you find out man ? Can you share with us ?
--
Shepherd Nhongo

Do not Queue mail with SENDMAIL, send mail with QMAIL

Mobile +267 74476040
Loading...