|
Home > Archive > Web Server Talk Lounge > February 2005 > Has my mail server been hijacked?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Has my mail server been hijacked?
|
|
| andy1275 2005-02-25, 10:40 pm |
| Hi,
Over the past 2 months, our mail queue has been growing about 3GB / week. Previously it was not growing at any significant amount. Upon looking at the messages in the mailqueue we found lots of messages that are spam, but yet we never seem to access these e-mail messages when we clear our mail off the server. We clear the mail off our server by first using web based squirel mail and then we download our true messages with outlook.
Looking at these spam messages that never seem to clear out of our mailqueue we see various IP addresses but it is not clear where they originated. Further lots of this spam has our domain name listed as a sender with the "name" seemingly just randomly assigned.
We are running apache with an ensim control panel. So far we have just been clearing the mailqueue each week, but it is not efficient to do this. Plus we are concerned that this is wasting our system resources and so on.
Does anybody have any ideas on what and how it is happening? We would appreciate any help given.
Thanks in advance for any feedback!
Andy | |
| eWebtricity 2005-02-26, 11:29 am |
| That's pretty significant volume, if your consistently getting 3GB of mail stacked up in the queue per week. Have you watched the maillog to maybe see a pattern of the mail traffic and if the messages are actually destined for your domain.
Is this Sendmail, Qmail, etc ...? | |
| andy1275 2005-02-28, 3:11 pm |
| Hi,
Thanks for answering. Most of the mail has in the "to and from line" bogus names with our domain name. It is very confusing as there are lots of lines showing relaying and being resent and so on and I am not entirely sure where this mail was even being sent to in the first place. I haven't looked at the mail logs, only the server logs. I wasn't aware that the mail had it's own logs. Are they named something like mail logs and generally located where the mail queue is? By looking at the mail messages themselves I haven't been able to detect any clear patterns in terms of IP addresses, etc. I will go look for the mail logs and see what I can dig up. Any other thoughts about what I might do?
I sincerely appreciate any further help.
Andy
quote:
Originally posted by eWebtricity
That's pretty significant volume, if your consistently getting 3GB of mail stacked up in the queue per week. Have you watched the maillog to maybe see a pattern of the mail traffic and if the messages are actually destined for your domain.
Is this Sendmail, Qmail, etc ...?
|
|
|
|
|