Email overload! Options

[af199]

Help! Please help. I've had my server for a while and recently i've got to the point where i really need to do something about my email. I'm relatively new to this but from what i can tell i'm getting more emails to the server than it can deal with. Typically when i run 'sendmail -bp' there are in excess of 800 messages waiting to be sent. Looking through the list two things seem to stick out. 1) A significant amount are SPAM 2) The most recent messages seem to be delivered before those further in the 'backlog'.

The upshot of all this is that some messages appear to never get delivered.

I'm running the following versions :

sendmail-cf-8.13.1-3.RHEL4.5
sendmail-8.13.1-3.RHEL4.5
mailscanner-4.31.6-1
spamassassin-3.1.8-2.el4

As i mentioned i'm not an expert in these things and would appreciate a few tips where to start looking. Should i increase threads in the sendmail? Configure mailscanner better?

I'd really appreciate any pointers that someone can give me. 2 minutes, 20 minutes of your time, i'd really appreciate it.

Thanks.

[James Jhurani]

First and foremost, you might want to consider Professional Services.

If you decide to do this on your own, first you need to figure out which site the mail is coming from. since you are using sendmail, I must assume you are using Ensim. Look through the mail queue for each site, and find the ones that are excessive. That should tell you where you need to start.

From there you will need to look through their website scripts, and see if perhaps one of their scripts are being abused. Another area you may want to look into, is if the customer themselves are the cause of the spam. Last, look in their chrooted /tmp directory, if their site is exploited, you have a good chance of finding the scripts in /tmp.

Good luck!

[af199]

First and foremost, you might want to consider Professional Services.

If you decide to do this on your own, first you need to figure out which site the mail is coming from. since you are using sendmail, I must assume you are using Ensim. Look through the mail queue for each site, and find the ones that are excessive. That should tell you where you need to start.

From there you will need to look through their website scripts, and see if perhaps one of their scripts are being abused. Another area you may want to look into, is if the customer themselves are the cause of the spam. Last, look in their chrooted /tmp directory, if their site is exploited, you have a good chance of finding the scripts in /tmp.

Good luck!

Thank you for taking the time to reply. I have considered other services and to be honest its not something that i'll ignore. If i can i'd like to explore and understand a little more before i ask where i might find such services!

You are correct that i am using Ensim, and have started to look through the sites for a cause for concern. Having found a couple i'm going to look in more detail. The problem is that i've also found a lot of mail in the root mailq - /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue . Do i presume that this is SPAMers using my server to send mail through?

Couldn't find any obvious sign of scripts in any of the chroot'd /tmp folders, but thanks for the pointer.

[jorgece]

There are plenty of ways to relay spam through a server, the most common lately is exploiting PHP pages.
There are several threads in the forum covering this, but I suggest you to take a look at Ensims' particularly to those related to 'Modsecurity'

Hope this helps,

jorge