Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a problem with a qmailtoaster server. Users reported that their email get blocked on the other side.
I have checked the server and found out that it has been blacklisted. I've analized the logs and found out that someone managed to relay through that server, but I don't understend how.
When I check the server for relaying it is ok, every test passes, but logs are filled with:
Code:
2010-02-08 16:35:43.583710500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <msblack2@yahoo.com> : client allowed to relay
2010-02-08 16:35:43.598674500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <msayresmck@yahoo.com> : client allowed to relay
2010-02-08 16:35:43.626655500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <msbury@yahoo.com> : client allowed to relay
2010-02-08 16:35:43.672258500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <mschampaert@gmail.com> : client allowed to relay
2010-02-08 16:35:43.689442500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <mschick06@comcast.net> : client allowed to relay
2010-02-08 16:35:43.793443500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <mscappy@ridersworld.com> : client allowed to relay
2010-02-08 16:35:43.795327500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <msazarloza@yahoo.com> : client allowed to relay
2010-02-08 16:35:43.795158500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <msbus8113@yahoo.com> : client allowed to relay
2010-02-08 16:35:43.828333500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <mschanae@yahoo.com> : client allowed to relay
2010-02-08 16:35:43.871368500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <mschickie30@yahoo.com> : client allowed to relay
2010-02-08 16:35:43.944214500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <mscarb@comcast.net> : client allowed to relay
2010-02-08 16:35:43.950087500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <msbutler21@yahoo.com> : client allowed to relay
2010-02-08 16:35:43.952199500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <msazende@yahoo.com> : client allowed to relay
2010-02-08 16:35:44.023657500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <mschiernbeck@yahoo.com> : client allowed to relay
2010-02-08 16:35:44.026578500 simscan:[13691]:RELAYCLIENT:0.3529s:-:66.134.225.162:info@consejos-e.com:msb22087@yahoo.com:,msb234@yahoo.com,msb3207@aol.com,msb33_36@yahoo.com,msb5039@psu.edu,msb72@buckeye-exp
ress.com,msbaby_girl22@yahoo.com,msbabydoll1023@yahoo.com,msbabyw1ldch1ld@yahoo.com,msbadejo@gmail.com,msbagrimm@yahoo.com,msbailey@live.com,msbaileyhome@aol.com,msbainer@yahoo.com,msbajabeauty@hotmail.com,ms
balb@comcast.net,msballer89@yahoo.com,msbanderson@yahoo.com,msbang41@yahoo.com,msbank@hotmail.com,msbanks12225@yahoo.com,msbaptist@yahoo.com,msbarb1@comcast.net,msbarbaraowen@yahoo.com,msbarbaras@aol.com,msba
rbie267@yahoo.com,msbarnes_81@yahoo.com,msbarnes64@yahoo.com,msbarr20@yahoo.com,msbarrit@cox.net,msbartond@aol.com,msbatc@hotmail.com,msbates1310@yahoo.com,msbattle2004@yahoo.com,msbattytou@yahoo.com,msbaybee
@yahoo.com,msbb4952@yahoo.com,msbbernard@charter.net,msbbristol@msn.com,msbburke@aol.com,msbc2@aol.com,msbcutshaw@hotmail.com,msbdog@aol.com,msbdraper@aol.com,msbea@cox.net,msbea4real@yahoo.com,msbean20@yahoo
.com,msbean318@aol.com,msbeasleyhound@msn.com,msbeatrice1@gmail.com
I don't use chkuser, but after reading its logging format documentation, it looks from your logs:
Quote:
2010-02-08 16:35:43.583710500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <msblack2@yahoo.com> : client allowed to relay
that somehow someone at 66.134.225.162 knows the password of one of your users, so he can authenticate to your server and send spam.
In your case I suppose it's info@stik.si that is the remoteinfo value on the above logs.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.