Hi,
While I have been running Scalix Community for several years the current issue has floored me. My catch all/webmaster account is receiving all sorts of postmaster/MAILER/returned/delayed messages suggesting that one of my domains in particular is sending spam from non-existent users - about 20 to 30 each day, which given that this is just family email (one domain each and one we use only for shopping) that is a lot of worrying activity...
So, I have 5 domains being managed from 1 scalix server. this has worked fine for the best part of 10 years but I am wondering whether I have never done something in smtpd.cfg which is needed for runnging more than one domain or whether it is something else more sinister that has happened within the last month or so.
In smptd.cfg I have added SMTPFILTER=TRUE above the standard RELAY lines but only have a "RELAY accept .DOMAIN.com" line for the "main" domain, which is the one set-up as the main domain when installing scalix.
I have increased logging to 15 as suggested elsewhere and looked at the audit log but am not sure what i am looking for in SMTP relay or Routing.
Any help would be appreciated and i guess the first step in that will be to post some config or log data here but I am not sure what that would be, so am holding off for now.
Thanks
Gary
I appear to have been hacked and am sending spam
-
pinnks
- Posts: 83
- Joined: Tue Mar 06, 2007 10:56 am
- Location: Swindon, UK
-
pinnks
- Posts: 83
- Joined: Tue Mar 06, 2007 10:56 am
- Location: Swindon, UK
Re: I appear to have been hacked and am sending spam
A quick update. When I ran omscan it threw up 2 unknown users in the list it produces at the end. Neither of these showed up in SAC or omshowu -m all. One was "143 I. 143 Q." where CN=143, so presumably a sequential number of ever created users. The other was **********44. I deleted the first using omdelu and then the second showed up as ~"144 I. 144 Q." That too has been deleted and I await developments.
Does anyone have any thoughts on whether these may have been created by malware and therefore have been the source of my woes? I assume it will take a day or so for the "postmaster" and returned message messages to unwind...
Does anyone have any thoughts on whether these may have been created by malware and therefore have been the source of my woes? I assume it will take a day or so for the "postmaster" and returned message messages to unwind...
-
ScalixSupport
- Scalix
- Posts: 5503
- Joined: Thu Mar 25, 2004 8:15 pm
Re: I appear to have been hacked and am sending spam
Hello,
Could you please create a support ticket
Thanks !
Could you please create a support ticket
Thanks !
Regards,
Scalix Support Team
Scalix Support Team
Who is online
Users browsing this forum: No registered users and 8 guests