Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-04-28, 13:33:34
« previous next »
Pages: [1]   Go Down

Author Topic: My qmail is being used for spam by someone. How can I stop qmail?  (Read 2925 times)

0 Members and 1 Guest are viewing this topic.

Offline want2fly

  • Junior Member
  • *
  • Posts: 49
  • Karma: +0/-0
    • View Profile
My qmail is being used for spam by someone. How can I stop qmail?
« on: 2016-10-15, 17:14:09 »
Hello.
I got email from my vps hosting that my server was used to send spam. They sent me the log:
Code: [Select]
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 299 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 299 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 299 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 301 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 303 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 303 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 183 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 183 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 184 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 283 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 283 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 287 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 287 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 281 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 280 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 162 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 259 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 151 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 151 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 284 SMTP connections
VPS 264 (2607:f348:101e:0000:0000:0000:b4e0:b372) has 284 SMTP connections
How do I fix that?
Can I just disable qmail? I don't use the email for anything on that vps
Logged

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: My qmail is being used for spam by someone. How can I stop qmail?
« Reply #1 on: 2016-10-15, 17:20:59 »
Inform here 'mail log' from 'log manager'.
Logged
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline want2fly

  • Junior Member
  • *
  • Posts: 49
  • Karma: +0/-0
    • View Profile
Re: My qmail is being used for spam by someone. How can I stop qmail?
« Reply #2 on: 2016-10-15, 17:54:36 »
Code: [Select]
Oct 15 09:57:52 vps send: status: local 0/10 remote 1/60
Oct 15 09:58:32 vps send: delivery 26: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/
Oct 15 09:58:32 vps send: status: local 0/10 remote 0/60
Oct 15 10:02:19 vps smtp: tcpserver: status: 1/100
Oct 15 10:02:19 vps smtp: tcpserver: pid 29053 from 127.0.0.1
Oct 15 10:02:19 vps smtp: tcpserver: ok 29053 vpsl.mydomain.com:::ffff:127.0.0.1:25 :::ffff:127.0.0.1::50300
Oct 15 10:02:19 vps smtp: 29053 < [EOF]
Oct 15 10:02:19 vps smtp: tcpserver: end 29053 status 256
Oct 15 10:02:19 vps smtp: tcpserver: status: 0/100
Oct 15 10:02:19 vps smtp: 29053 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:02:19 vps smtp: 29053 > [EOF]
Oct 15 10:07:19 vps smtp: tcpserver: status: 1/100
Oct 15 10:07:19 vps smtp: tcpserver: pid 29118 from 127.0.0.1
Oct 15 10:07:19 vps smtp: tcpserver: ok 29118 vpsl.mydomain.com:::ffff:127.0.0.1:25 :::ffff:127.0.0.1::52899
Oct 15 10:07:19 vps smtp: 29118 < [EOF]
Oct 15 10:07:19 vps smtp: 29118 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:07:19 vps smtp: tcpserver: end 29118 status 256
Oct 15 10:07:19 vps smtp: tcpserver: status: 0/100
Oct 15 10:07:19 vps smtp: 29118 > [EOF]
Oct 15 10:07:44 vps smtp: tcpserver: status: 1/100
Oct 15 10:07:44 vps smtp: tcpserver: pid 29129 from 210.3.184.74
Oct 15 10:07:44 vps smtp: tcpserver: ok 29129 vpsl.mydomain.com:::ffff:104.193.42.175:25 :::ffff:210.3.184.74::45000
Oct 15 10:07:44 vps smtp: 29129 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:07:44 vps smtp: 29129 < HELO mail.mydomain.com - Welcome to Qmail?
Oct 15 10:07:44 vps smtp: 29129 > 250 mail.mydomain.com - Welcome to Qmail?
Oct 15 10:07:45 vps smtp: 29129 < AUTH LOGIN?
Oct 15 10:07:45 vps smtp: 29129 > 334 VXNlcm5hbWU6?
Oct 15 10:07:45 vps smtp: 29129 < cHJpbnRlcg==?
Oct 15 10:07:45 vps smtp: 29129 > 334 UGFzc3dvcmQ6?
Oct 15 10:07:45 vps smtp: 29129 < MTIzNA==?
Oct 15 10:07:45 vps vpopmail[29131]: vchkpw-smtp: vpopmail user not found printer@:210.3.184.74
Oct 15 10:07:50 vps smtp: 29129 > 535 authentication failed (#5.7.1)?
Oct 15 10:07:50 vps smtp: 29129 < QUIT?
Oct 15 10:07:50 vps smtp: tcpserver: end 29129 status 0
Oct 15 10:07:50 vps smtp: tcpserver: status: 0/100
Oct 15 10:07:50 vps smtp: 29129 > 221 mail.mydomain.com - Welcome to Qmail?
Oct 15 10:07:50 vps smtp: 29129 > [EOF]
Oct 15 10:12:19 vps smtp: tcpserver: status: 1/100
Oct 15 10:12:19 vps smtp: tcpserver: pid 29204 from 127.0.0.1
Oct 15 10:12:19 vps smtp: tcpserver: ok 29204 vpsl.mydomain.com:::ffff:127.0.0.1:25 :::ffff:127.0.0.1::55750
Oct 15 10:12:19 vps smtp: 29204 < [EOF]
Oct 15 10:12:19 vps smtp: tcpserver: end 29204 status 256
Oct 15 10:12:19 vps smtp: tcpserver: status: 0/100
Oct 15 10:12:19 vps smtp: 29204 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:12:19 vps smtp: 29204 > [EOF]
Oct 15 10:12:46 vps send: starting delivery 27: msg 24381197 to remote admin@1daily.net
Oct 15 10:12:46 vps send: status: local 0/10 remote 1/60
Oct 15 10:13:26 vps send: delivery 27: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/
Oct 15 10:13:26 vps send: status: local 0/10 remote 0/60
Oct 15 10:13:41 vps smtp: tcpserver: status: 1/100
Oct 15 10:13:41 vps smtp: tcpserver: pid 29264 from 1.162.235.93
Oct 15 10:13:41 vps smtp: tcpserver: ok 29264 vpsl.mydomain.com:::ffff:104.193.42.175:25 :::ffff:1.162.235.93::3180
Oct 15 10:13:41 vps smtp: 29264 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:13:41 vps smtp: 29264 < HELO 104.193.42.175?
Oct 15 10:13:41 vps smtp: 29264 > 250 mail.mydomain.com - Welcome to Qmail?
Oct 15 10:13:42 vps smtp: 29264 < MAIL FROM: <dlh@email.cta.cq.cnt>?
Oct 15 10:13:42 vps smtp: CHKUSER accepted sender: from <dlh@email.cta.cq.cnt::> remote <104.193.42.175:unknown:1.162.235.93> rcpt <> : sender accepted
Oct 15 10:13:42 vps smtp: 29264 > 250 ok?
Oct 15 10:13:42 vps smtp: 29264 < RCPT TO: <gogo@linwayedm.com.tw>?
Oct 15 10:13:42 vps smtp: CHKUSER rejected relaying: from <dlh@email.cta.cq.cnt::> remote <104.193.42.175:unknown:1.162.235.93> rcpt <gogo@linwayedm.com.tw> : client not allowed to relay
Oct 15 10:13:43 vps smtp: 29264 > 553 5.7.1 sorry, that domain isn't in my list of allowed rcpthosts (chkuser)?
Oct 15 10:13:43 vps smtp: 29264 < [EOF]
Oct 15 10:13:43 vps smtp: tcpserver: end 29264 status 256
Oct 15 10:13:43 vps smtp: tcpserver: status: 0/100
Oct 15 10:13:43 vps smtp: 29264 > [EOF]
Oct 15 10:13:46 vps pop3: tcpserver: status: 1/40
Oct 15 10:13:46 vps pop3: tcpserver: pid 29266 from 92.115.23.106
Oct 15 10:13:46 vps pop3: tcpserver: ok 29266 vpsl.mydomain.com:::ffff:104.193.42.175:110 :::ffff:92.115.23.106::62532
Oct 15 10:13:46 vps pop3: DEBUG: Connection, ip=[92.115.23.106]
Oct 15 10:17:20 vps smtp: tcpserver: status: 1/100
Oct 15 10:17:20 vps smtp: tcpserver: pid 29292 from 127.0.0.1
Oct 15 10:17:20 vps smtp: tcpserver: ok 29292 vpsl.mydomain.com:::ffff:127.0.0.1:25 :::ffff:127.0.0.1::58522
Oct 15 10:17:20 vps smtp: 29292 < [EOF]
Oct 15 10:17:20 vps smtp: tcpserver: end 29292 status 256
Oct 15 10:17:20 vps smtp: tcpserver: status: 0/100
Oct 15 10:17:20 vps smtp: 29292 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:17:20 vps smtp: 29292 > [EOF]
Oct 15 10:18:05 vps smtp: tcpserver: status: 1/100
Oct 15 10:18:05 vps smtp: tcpserver: pid 29333 from 180.222.157.66
Oct 15 10:18:05 vps smtp: tcpserver: ok 29333 vpsl.mydomain.com:::ffff:104.193.42.175:25 :::ffff:180.222.157.66::9640
Oct 15 10:18:05 vps smtp: 29333 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:18:05 vps smtp: 29333 < HELO mail.mydomain.com - Welcome to Qmail?
Oct 15 10:18:05 vps smtp: 29333 > 250 mail.mydomain.com - Welcome to Qmail?
Oct 15 10:18:06 vps smtp: 29333 < AUTH LOGIN?
Oct 15 10:18:06 vps smtp: 29333 > 334 VXNlcm5hbWU6?
Oct 15 10:18:06 vps smtp: 29333 < bWFpbGluZw==?
Oct 15 10:18:06 vps smtp: 29333 > 334 UGFzc3dvcmQ6?
Oct 15 10:18:06 vps smtp: 29333 < MTIzNA==?
Oct 15 10:18:06 vps vpopmail[29335]: vchkpw-smtp: vpopmail user not found mailing@:180.222.157.66
Oct 15 10:18:11 vps smtp: 29333 < QUIT?
Oct 15 10:18:11 vps smtp: 29333 > 535 authentication failed (#5.7.1)?
Oct 15 10:18:11 vps smtp: 29333 > 221 mail.mydomain.com - Welcome to Qmail?
Oct 15 10:18:11 vps smtp: 29333 > [EOF]
Oct 15 10:18:11 vps smtp: tcpserver: end 29333 status 0
Oct 15 10:18:11 vps smtp: tcpserver: status: 0/100
Oct 15 10:22:20 vps smtp: tcpserver: status: 1/100
Oct 15 10:22:20 vps smtp: tcpserver: pid 29362 from 127.0.0.1
Oct 15 10:22:20 vps smtp: tcpserver: ok 29362 vpsl.mydomain.com:::ffff:127.0.0.1:25 :::ffff:127.0.0.1::32989
Oct 15 10:22:20 vps smtp: 29362 < [EOF]
Oct 15 10:22:20 vps smtp: 29362 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:22:20 vps smtp: tcpserver: end 29362 status 256
Oct 15 10:22:20 vps smtp: tcpserver: status: 0/100
Oct 15 10:22:20 vps smtp: 29362 > [EOF]
Oct 15 10:27:40 vps smtp: tcpserver: status: 1/100
Oct 15 10:27:40 vps smtp: tcpserver: pid 30226 from 127.0.0.1
Oct 15 10:27:40 vps smtp: tcpserver: ok 30226 vpsl.mydomain.com:::ffff:127.0.0.1:25 :::ffff:127.0.0.1::35786
Oct 15 10:27:40 vps smtp: 30226 < [EOF]
Oct 15 10:27:40 vps smtp: tcpserver: end 30226 status 256
Oct 15 10:27:40 vps smtp: tcpserver: status: 0/100
Oct 15 10:27:40 vps smtp: 30226 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:27:40 vps smtp: 30226 > [EOF]
Oct 15 10:29:25 vps smtp: tcpserver: status: 1/100
Oct 15 10:29:25 vps smtp: tcpserver: pid 30240 from 187.5.7.252
Oct 15 10:29:25 vps smtp: tcpserver: ok 30240 vpsl.mydomain.com:::ffff:104.193.42.175:25 :::ffff:187.5.7.252::22053
Oct 15 10:29:25 vps smtp: 30240 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:29:25 vps smtp: 30240 < HELO mail.mydomain.com - Welcome to Qmail?
Oct 15 10:29:25 vps smtp: 30240 > 250 mail.mydomain.com - Welcome to Qmail?
Oct 15 10:29:25 vps smtp: 30240 < AUTH LOGIN?
Oct 15 10:29:25 vps smtp: 30240 > 334 VXNlcm5hbWU6?
Oct 15 10:29:26 vps smtp: 30240 < bm9yZXBseQ==?
Oct 15 10:29:26 vps smtp: 30240 > 334 UGFzc3dvcmQ6?
Oct 15 10:29:26 vps smtp: 30240 < MTIzNA==?
Oct 15 10:29:26 vps vpopmail[30242]: vchkpw-smtp: vpopmail user not found noreply@:187.5.7.252
Oct 15 10:29:31 vps smtp: 30240 < QUIT?
Oct 15 10:29:31 vps smtp: 30240 > 535 authentication failed (#5.7.1)?
Oct 15 10:29:31 vps smtp: 30240 > 221 mail.mydomain.com - Welcome to Qmail?
Oct 15 10:29:31 vps smtp: 30240 > [EOF]
Oct 15 10:29:31 vps smtp: tcpserver: end 30240 status 0
Oct 15 10:29:31 vps smtp: tcpserver: status: 0/100
Oct 15 10:30:21 vps pop3: tcpserver: status: 2/40
Oct 15 10:30:21 vps pop3: tcpserver: pid 30420 from 80.82.64.102
Oct 15 10:30:21 vps pop3: tcpserver: ok 30420 vpsl.mydomain.com:::ffff:104.193.42.175:110 :::ffff:80.82.64.102::33302
Oct 15 10:30:21 vps pop3: DEBUG: Connection, ip=[80.82.64.102]
Oct 15 10:30:22 vps pop3: INFO: LOGIN FAILED, user=support@seedporn.com, ip=[80.82.64.102]
Oct 15 10:30:27 vps pop3: INFO: LOGOUT, ip=[80.82.64.102]
Oct 15 10:30:27 vps pop3: DEBUG: Disconnected, ip=[80.82.64.102]
Oct 15 10:30:27 vps pop3: tcpserver: end 30420 status 0
Oct 15 10:30:27 vps pop3: tcpserver: status: 1/40
Oct 15 10:32:41 vps smtp: tcpserver: status: 1/100
Oct 15 10:32:41 vps smtp: tcpserver: pid 31032 from 127.0.0.1
Oct 15 10:32:41 vps smtp: tcpserver: ok 31032 vpsl.mydomain.com:::ffff:127.0.0.1:25 :::ffff:127.0.0.1::39064
Oct 15 10:32:41 vps smtp: 31032 < [EOF]
Oct 15 10:32:41 vps smtp: tcpserver: end 31032 status 256
Oct 15 10:32:41 vps smtp: tcpserver: status: 0/100
Oct 15 10:32:41 vps smtp: 31032 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:32:41 vps smtp: 31032 > [EOF]
Oct 15 10:37:42 vps smtp: tcpserver: status: 1/100
Oct 15 10:37:42 vps smtp: tcpserver: pid 31069 from 127.0.0.1
Oct 15 10:37:42 vps smtp: tcpserver: ok 31069 vpsl.mydomain.com:::ffff:127.0.0.1:25 :::ffff:127.0.0.1::41948
Oct 15 10:37:42 vps smtp: 31069 < [EOF]
Oct 15 10:37:42 vps smtp: tcpserver: end 31069 status 256
Oct 15 10:37:42 vps smtp: tcpserver: status: 0/100
Oct 15 10:37:42 vps smtp: 31069 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:37:42 vps smtp: 31069 > [EOF]
Oct 15 10:38:20 vps smtp: tcpserver: status: 1/100
Oct 15 10:38:20 vps smtp: tcpserver: pid 31081 from 74.208.228.64
Oct 15 10:38:20 vps smtp: tcpserver: ok 31081 vpsl.mydomain.com:::ffff:104.193.42.175:25 :::ffff:74.208.228.64::20250
Oct 15 10:38:20 vps smtp: 31081 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:38:20 vps smtp: 31081 < HELO mail.mydomain.com - Welcome to Qmail?
Oct 15 10:38:20 vps smtp: 31081 > 250 mail.mydomain.com - Welcome to Qmail?
Oct 15 10:38:21 vps smtp: 31081 < AUTH LOGIN?
Oct 15 10:38:21 vps smtp: 31081 > 334 VXNlcm5hbWU6?
Oct 15 10:38:21 vps smtp: 31081 < c3BhbQ==?
Oct 15 10:38:21 vps smtp: 31081 > 334 UGFzc3dvcmQ6?
Oct 15 10:38:21 vps smtp: 31081 < MTIzNA==?
Oct 15 10:38:21 vps vpopmail[31083]: vchkpw-smtp: vpopmail user not found spam@:74.208.228.64
Oct 15 10:38:26 vps smtp: 31081 < QUIT?
Oct 15 10:38:26 vps smtp: 31081 > 535 authentication failed (#5.7.1)?
Oct 15 10:38:26 vps smtp: 31081 > 221 mail.mydomain.com - Welcome to Qmail?
Oct 15 10:38:26 vps smtp: 31081 > [EOF]
Oct 15 10:38:26 vps smtp: tcpserver: end 31081 status 0
Oct 15 10:38:26 vps smtp: tcpserver: status: 0/100
Oct 15 10:43:03 vps smtp: tcpserver: status: 1/100
Oct 15 10:43:03 vps smtp: tcpserver: pid 31264 from 127.0.0.1
Oct 15 10:43:03 vps smtp: tcpserver: ok 31264 vpsl.mydomain.com:::ffff:127.0.0.1:25 :::ffff:127.0.0.1::44784
Oct 15 10:43:03 vps smtp: 31264 < [EOF]
Oct 15 10:43:03 vps smtp: 31264 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:43:03 vps smtp: tcpserver: end 31264 status 256
Oct 15 10:43:03 vps smtp: tcpserver: status: 0/100
Oct 15 10:43:03 vps smtp: 31264 > [EOF]
Oct 15 10:48:03 vps smtp: tcpserver: status: 1/100
Oct 15 10:48:03 vps smtp: tcpserver: pid 31329 from 127.0.0.1
Oct 15 10:48:03 vps smtp: tcpserver: ok 31329 vpsl.mydomain.com:::ffff:127.0.0.1:25 :::ffff:127.0.0.1::47637
Oct 15 10:48:03 vps smtp: 31329 < [EOF]
Oct 15 10:48:03 vps smtp: tcpserver: end 31329 status 256
Oct 15 10:48:03 vps smtp: tcpserver: status: 0/100
Oct 15 10:48:03 vps smtp: 31329 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:48:03 vps smtp: 31329 > [EOF]
Oct 15 10:48:37 vps smtp: tcpserver: status: 1/100
Oct 15 10:48:37 vps smtp: tcpserver: pid 31337 from 74.208.228.64
Oct 15 10:48:37 vps smtp: tcpserver: ok 31337 vpsl.mydomain.com:::ffff:104.193.42.175:25 :::ffff:74.208.228.64::30741
Oct 15 10:48:37 vps smtp: 31337 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:48:37 vps smtp: 31337 < HELO mail.mydomain.com - Welcome to Qmail?
Oct 15 10:48:37 vps smtp: 31337 > 250 mail.mydomain.com - Welcome to Qmail?
Oct 15 10:48:37 vps smtp: 31337 < AUTH LOGIN?
Oct 15 10:48:37 vps smtp: 31337 > 334 VXNlcm5hbWU6?
Oct 15 10:48:37 vps smtp: 31337 < ZmF4?
Oct 15 10:48:37 vps smtp: 31337 > 334 UGFzc3dvcmQ6?
Oct 15 10:48:38 vps smtp: 31337 < MTIzNA==?
Oct 15 10:48:38 vps vpopmail[31339]: vchkpw-smtp: vpopmail user not found fax@:74.208.228.64
Oct 15 10:48:43 vps smtp: 31337 < QUIT?
Oct 15 10:48:43 vps smtp: 31337 > 535 authentication failed (#5.7.1)?
Oct 15 10:48:43 vps smtp: 31337 > 221 mail.mydomain.com - Welcome to Qmail?
Oct 15 10:48:43 vps smtp: tcpserver: end 31337 status 0
Oct 15 10:48:43 vps smtp: 31337 > [EOF]
Oct 15 10:48:43 vps smtp: tcpserver: status: 0/100
Oct 15 10:53:04 vps smtp: tcpserver: status: 1/100
Oct 15 10:53:04 vps smtp: tcpserver: pid 984 from 127.0.0.1
Oct 15 10:53:04 vps smtp: tcpserver: ok 984 vpsl.mydomain.com:::ffff:127.0.0.1:25 :::ffff:127.0.0.1::50160
Oct 15 10:53:04 vps smtp: 984 < [EOF]
Oct 15 10:53:04 vps smtp: tcpserver: end 984 status 256
Oct 15 10:53:04 vps smtp: tcpserver: status: 0/100
Oct 15 10:53:04 vps smtp: 984 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:53:04 vps smtp: 984 > [EOF]
Oct 15 10:58:04 vps smtp: tcpserver: status: 1/100
Oct 15 10:58:04 vps smtp: tcpserver: pid 16927 from 127.0.0.1
Oct 15 10:58:04 vps smtp: tcpserver: ok 16927 vpsl.mydomain.com:::ffff:127.0.0.1:25 :::ffff:127.0.0.1::52779
Oct 15 10:58:04 vps smtp: 16927 < [EOF]
Oct 15 10:58:04 vps smtp: 16927 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:58:04 vps smtp: tcpserver: end 16927 status 256
Oct 15 10:58:04 vps smtp: tcpserver: status: 0/100
Oct 15 10:58:04 vps smtp: 16927 > [EOF]
Oct 15 10:59:06 vps smtp: tcpserver: status: 1/100
Oct 15 10:59:06 vps smtp: tcpserver: pid 20297 from 212.118.124.105
Oct 15 10:59:06 vps smtp: tcpserver: ok 20297 vpsl.mydomain.com:::ffff:104.193.42.175:25 :::ffff:212.118.124.105::58499
Oct 15 10:59:06 vps smtp: 20297 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 10:59:07 vps smtp: 20297 < HELO mail.mydomain.com - Welcome to Qmail?
Oct 15 10:59:07 vps smtp: 20297 > 250 mail.mydomain.com - Welcome to Qmail?
Oct 15 10:59:08 vps smtp: 20297 < AUTH LOGIN?
Oct 15 10:59:08 vps smtp: 20297 > 334 VXNlcm5hbWU6?
Oct 15 10:59:08 vps smtp: 20297 < bWFya2V0aW5n?
Oct 15 10:59:08 vps smtp: 20297 > 334 UGFzc3dvcmQ6?
Oct 15 10:59:08 vps smtp: 20297 < MTIzNA==?
Oct 15 10:59:08 vps vpopmail[20299]: vchkpw-smtp: vpopmail user not found marketing@:212.118.124.105
Oct 15 10:59:13 vps smtp: 20297 > 535 authentication failed (#5.7.1)?
Oct 15 10:59:13 vps smtp: 20297 < QUIT?
Oct 15 10:59:13 vps smtp: tcpserver: end 20297 status 0
Oct 15 10:59:13 vps smtp: tcpserver: status: 0/100
Oct 15 10:59:13 vps smtp: 20297 > 221 mail.mydomain.com - Welcome to Qmail?
Oct 15 10:59:13 vps smtp: 20297 > [EOF]
Oct 15 11:03:04 vps smtp: tcpserver: status: 1/100
Oct 15 11:03:04 vps smtp: tcpserver: pid 20570 from 127.0.0.1
Oct 15 11:03:04 vps smtp: tcpserver: ok 20570 vpsl.mydomain.com:::ffff:127.0.0.1:25 :::ffff:127.0.0.1::55383
Oct 15 11:03:04 vps smtp: 20570 < [EOF]
Oct 15 11:03:04 vps smtp: tcpserver: end 20570 status 256
Oct 15 11:03:04 vps smtp: tcpserver: status: 0/100
Oct 15 11:03:04 vps smtp: 20570 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 11:03:04 vps smtp: 20570 > [EOF]
Oct 15 11:08:04 vps smtp: tcpserver: status: 1/100
Oct 15 11:08:04 vps smtp: tcpserver: pid 20889 from 127.0.0.1
Oct 15 11:08:04 vps smtp: tcpserver: ok 20889 vpsl.mydomain.com:::ffff:127.0.0.1:25 :::ffff:127.0.0.1::57867
Oct 15 11:08:04 vps smtp: 20889 < [EOF]
Oct 15 11:08:04 vps smtp: 20889 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 11:08:04 vps smtp: tcpserver: end 20889 status 256
Oct 15 11:08:04 vps smtp: tcpserver: status: 0/100
Oct 15 11:08:04 vps smtp: 20889 > [EOF]
Oct 15 11:09:09 vps smtp: tcpserver: status: 1/100
Oct 15 11:09:09 vps smtp: tcpserver: pid 20912 from 74.208.228.64
Oct 15 11:09:09 vps smtp: tcpserver: ok 20912 vpsl.mydomain.com:::ffff:104.193.42.175:25 :::ffff:74.208.228.64::52188
Oct 15 11:09:09 vps smtp: 20912 > 220 mail.mydomain.com - Welcome to Qmail ESMTP?
Oct 15 11:09:10 vps smtp: 20912 < HELO mail.mydomain.com - Welcome to Qmail?
Oct 15 11:09:10 vps smtp: 20912 > 250 mail.mydomain.com - Welcome to Qmail?
Oct 15 11:09:10 vps smtp: 20912 < AUTH LOGIN?
Oct 15 11:09:10 vps smtp: 20912 > 334 VXNlcm5hbWU6?
Oct 15 11:09:10 vps smtp: 20912 < bWVldGluZw==?
Oct 15 11:09:10 vps smtp: 20912 > 334 UGFzc3dvcmQ6?
Oct 15 11:09:10 vps smtp: 20912 < MTIzNA==?
Oct 15 11:09:10 vps vpopmail[20914]: vchkpw-smtp: vpopmail user not found meeting@:74.208.228.64
Oct 15 11:09:15 vps smtp: 20912 > 535 authentication failed (#5.7.1)?
Oct 15 11:09:15 vps smtp: 20912 < QUIT?
Oct 15 11:09:15 vps smtp: tcpserver: end 20912 status 0
Oct 15 11:09:15 vps smtp: tcpserver: status: 0/100
Logged

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: My qmail is being used for spam by someone. How can I stop qmail?
« Reply #3 on: 2016-10-16, 02:09:01 »
From 'mail log', no information sending mail  (sendmail or stmp) from your server but many spammer try to brute-force for smtp. Fortunely, always failed.

Different between Kloxo-MR 6.5 and 7.0, in 7.0 also try to reject/block brute-force for smtp (beside for ssh and ftp). In your case, Kloxo-MR 7.0 possible to reject/block IP 210.3.184.74.
Logged
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --
Pages: [1]   Go Up
« previous next »
 


MRatWork Affiliates:    BIGRAF(R) Inc.    House of LMAR    EFARgrafix
Click Here

Page created in 0.036 seconds with 18 queries.

web stats analysis