popowich, thanks for the reply. I'm not going to be keeping this server much longer. The server management software is Plesk, and the particular company I lease it from, who you should be able to figure out, wants to charge me $80 a pop for support, when I already pay them $150/month. I'm a small one man shop and I can pay extra is the already expensive $150 won't cover it.....and they are starting to get a little snotty about it. That company was acquired by Godaddy 6 or 8 months ago, and while they insist they will remain free-standing, it is obvious that Godaddy is having some say over their management and customer retention decisions.Hi whamprod,
The short term quick fix is to put anonymous@mydomain.com into /var/qmail/control/badmailfrom
It probably won't be hard for the spammer to change the From: address on the spams though.
I do not recommend qmail-scanner, it's nice for small installs but it's all perl and can get crushed under heavy loads. It's been many years since I last used it so it's possible they made it more efficient since I last had it installed anywhere.
SpamAssassin + simscan does a lot better if you're looking for an open source solution that will run on your Linux mail servers.
To track down the forms that are spamming grep through the apache logs for POST lines, sort by site since there are lots of them, and with a little bit of reporting work it should jump out at you which forms are being abused.
While you are working on moving to the new server I recommend separating your email and web hosting services so that spam from a compromised web site does not affect the email reputation of the core mail hosting and hosted email accounts.
I've had Google apps host MY email for 5 or 6 years, exactly to protect my business email from this kind of situation, so that my clients can still reach me by alternative email means if their domain email is offline...... as is the case right now.Hello,
The control files such as badmailfrom and content filtering such as SpamAssassin can be configured for both incoming and/or outgoing email. It gets a little blurry since you're using the same server as MX and smtp relay. Which brings us to another possibility, you should also check your mail logs since it might be a compromised email account that is being abused and the spammer is using smtp-auth to relay spams from your server and not using a compromised web site for sending the spam. Have you tried protecting your smtp-auth with any RBL's like you would for the incoming email on port 25 such as assing the Spamhaus RBL? That's a nice low false positive RBL that should help to block some international spammer IP's if that's the problem.
Plesk has a built in backup and restore mechanism so it should have been easy to revert to the previous plesk if the upgrade caused you a problem.
Yes, since you mention it, I checked, and I think I figured out your domain name. If I guessed correctly it seems like there is a problem and you have both your Plesk server and the MX's for Google Apps hosted domains listed in your MX records?
I've already migrated 6 domains there, and i have about 20-25 others still to do. If this weren't such a giant PIA, I'd be open to restarting somewhere else, but at this point, I'm kind of committed. I'm coming up on 62 years old now, and I just don't have the energy to redo all this stuff.They have a nice control panel, but...
I recommend against BlueHost if it's not too late unless you're OK with your VPS being down for several days per year.
In my case that's lots of outages that are several hours each, and an outage that lasted almost 48 hours, all in the last 9 months.
I made the mistake last year trying to migrate some of my smaller customers there.
I ended up having to remigrate those customers for free.
I moved their web hosting to AWS, and their email hosting to Office 365 / Google Apps for Business / LuxSci depending on what made the most sense for each customer.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?