Topic: 1000 of SPAM Emails : Pls Help

[cosy]

Hi All,

  I got SME 6.01.1 and got 4 virtual domains now all the domains got 1000 of spam/junk email and can't download. How do i stop this junk emails.
 I got one web form and it's fill by auto ????

 1. How do i backup all the domains email?
 2. Is my server hacked?

ex:
 -----Original Message-----
From: who@ausnetit.com.au [mailto:who@ausnetit.com.au]
Sent: Sunday, November 20, 2005 3:16 PM
To: user@domain.com.au
Subject: Quote Request From tecnOLOGY Web Site


HI,

 just filled in online quote form.

Quote details as follow:

 Company Details

 Name :  
 Address :  
 Contact :  
 Email : who

Content-Type: text/plain; charset=\"us-ascii\"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: learn the secrets the socio-economic elite have known and taken
   advantage of for years
bcc: socredusa@aol.com, masterofkashon@aol.com, scottmccallum1@aol.com,
   thorstenbaabe@aol.com, nobodycompares@aol.com, ptnelson1@aol.com,
   savn55@aol.com, rwfischer3@aol.com, ruthedab@aol.com,
   slb4198@uncw.edu, supbuh83@aol.com, njoybks@aol.com,
   jay31j@aol.com, wat1330@aol.com, steamer05@aol.com,
   rmacf55@aol.com, skippersemail@aol.com, pinksummersmile@aol.com,
   riceproperties@aol.com, newacct233523@aol.com, tanja15r@aol.com,
   pilgrim945@aol.com, marie98croom@aol.com, pacotepa@aol.com,
   misane1010@aol.com, mufinowski@aol.com, neckbreaker4u@aol.com,
   roospott@aol.com, maddiesmum02@aol.com, marie2505@aol.com,
   pmathas@jeffnet.org, twoscoopsrice@aol.com, planetarum@aol.com,
   tiggernevis1960@aol.com, mrpepeg@aol.com, vixter@netscape.com,
   test@1123928063.com, sscott6213@aol.com, wltal@aol.com,
   mannella02@aol.com, sunday007@msn.com, thosara@aol.com,
   sleept@marsusa.com, trout2662@aol.com, tracy0209@aol.com,
   wryven@aol.com, tswedwick@tcq.net, orphanzrus@inter-linc.net,
   mas8873@aol.com, tresall33@aol.com, m3sport@aol.com,
   willbobby1106@aol.com, natashar@ntdapparel.com, tx2cf7@aol.com,
   mxracer005@aol.com, rjtkbg@earthlink.net, susannbc@aol.com,
   marimoura@aol.com, suzyqc@rogers.com, rhzank@aci.on.ca,
   teddylver1@aol.com, thakur16@aol.com, pathol816@aol.com,
   springgurl401@aol.com, purecane2000@aol.com, silawila@aol.com,
   shmoo38@aol.com, sassylouf@aol.com, psealyjr@aol.com,
   moor6480@bellsouth.net, msmith2858@aol.com, mkssd@aol.com,
   lildreamcheater@aol.com, jeanecea@aol.com, pinkspider666@aol.com,
   nonhironori2002@aol.com, smcoffee100@aol.com, spg103@aol.com,
   norwoodc41@aol.com, meandv30@aol.com, sshaller@aol.com,
   lonepineok@earthlink.net, spsharkbite@aol.com, tflum@netzero.net,
   qrtrlinhisuprstr@aol.com, mad544@aol.com, tkokan@aol.com,
   michaelbugaboo@aol.com, nathan.rich@nrl.navy.mil,
   mrmushroom47@aol.com, walnutgang12a@aol.com, wpdodge4@aol.com,
   pattykt@aol.com, tazgolf@bellsouth.net,
   sberscheit@impactmailing.com, shovely1@aol.com, scronk@nctc.net,
   mlebe@aol.com, mcld92@aol.com, quackers128@aol.com,
   mlbfan62@aol.com, ptrish2@aol.com, steveec1@aol.com,
   rjscobra@verizon.net, rich7720@aol.com, ps734@aol.com,
   nightingail@alltel.net, weetzer@aol.com, wderry7571@aol.com,
   gcarker@entouch.net, wmassalony@aol.com, oremadness@aol.com,
   sbo112@aol.com, roubinam@corp.earthlink.net, sophcas@aol.com,
   lvnre@aol.com, nancyfrancis123@aol.com, wakmra23@aol.com,
   stephenkusch@aol.com, susanlgreen@aol.com, mtnbkr9999@aol.com,
   tagcity@aol.com, tunvision@aol.com, milieuproducts@aol.com,
   penny@giexpress.com, twobeyendor@aol.com,
   ppwells@wellsbrothers.org, midsqueak@aol.com, michzuck@aol.com,
   rjcontn@aol.com, marcellauno@aol.com, merry4u322@aol.com,
   straightpaths@aol.com, weirdfngrs@aol.com, shlongboy1@aol.com,
   sav4ex@aol.com, mgscheetz@slmpd.org, peterpandamo1@aol.com,
   slmoran670@aol.com, mrspepperpot54@aol.com, totespferd99@aol.com,
   padkinsmom@aol.com, stupid@people.net, rdh1inc@aol.com,
   nixroks@aol.com, pigrejc@aol.com, stevenrthomason@aol.com,
   wmbellewga@aol.com, prchris00@aol.com, ussendeavor@msn.com,
   nbegin53@aol.com, sonofsun2@aol.com, rcody08@comcast.net,
   tekman30@aol.com, rarowntree@aol.com, obdocflyboy@aol.com,
   mtnpaynes@aol.com, ps790forus@aol.com, slicksis@aol.com,
   mercedeskarel@aol.com, ssantha2k@yahoo.co.in, batts1005@aol.com,
   mep7@pitt.edu, sm3arburry@aol.com, miagirasole@aol.com,
   mchlzau@aol.com, wietwo@aol.com, pmonteleone@inlandnews.com,
   mhull@marshallip.com, rfergu6364@aol.com, stefansurner1@aol.com,
   rqmahoney@aol.com, thecassel@aol.com, mona.dahlgren@avent.com,
   shadobox33@aol.com, rickpanos@aol.com, polevltr25@aol.com,
   lstoll@afcu.org, rw073152@aol.com, tjalize@aol.com,
   test@1121622074.com, maciulka@one.lt, mgm@signimpressions.com,
   sjacholke@aol.com, txkhaki@aol.com, maxfabritius@aol.com,
   poops821@aol.com, pcampbell7@cox.net, postwolf@aol.com,
   w9scm1@aol.com, ogawa0208@aol.com, njbj4kidz@aol.com,
   rramajj@aol.com, solusenimsum@aol.com, medair01@aol.com,
   msrbloodyrat13@aol.com, towhome@aol.com, trkgrany@aol.com,
   mmath5b3@aol.com, sclubkirsty@aol.com, marisajo@aol.com,
   piecesmom@aol.com, mapucepuce95@aol.com, pittviper79@aol.com,
   oceanswavz@aol.com, nukyloveshao@aol.com, tedoracle@aol.com,
   m0nkeyfire@aol.com, wsiegferth@aol.com, superjess@ameritech.net,
   marielui77@aol.com, niclsrb@aol.com, timm@chartermi.net,
   womshan@aol.com, peteaem@aol.com, lyssa0723@aol.com,
   nursebyrd1@aol.com, reed45@aol.com, smirvis5@aol.com,
   sistaprez12@aol.com, opiejt@aol.com, vileck@able.es,
   woffcf44159@aol.com, mlavenhagen@aol.com, saatchi2@aol.com,
   newallarick@aol.com, naalegria@aol.com, nelsonnypr@aol.com,
   slappyschlup@aol.com, sixpack222@aol.com, rdfarm5@aol.com,
   rcoffino@bellsouth.net, skoal777@aol.com,
   stevenyounglove@aol.com, ncsg1111@aol.com, trubiet@aol.com,
   phoebu1115@aol.com, mlstuckart@aol.com, mucq1@aol.com,
   suzieg15@aol.com, orama55@aol.com, shdaran4@aol.com,
   suziesen1@aol.com, mom682@aol.com, sphinx2464726124@aol.com,
   thebutterfly83@aol.com, rchatoff@aol.com, sallyslotoroff@aol.com,
   trejester1@aol.com, ohappyday700@aol.com,
   thugzpassion730@aol.com, nikedaddy24@aol.com, reichartds@aol.com,
   rreed2630@aol.com, wind50k@aol.com, randulic@aol.com,
   shollis@umich.edu, witeck.sieh@c2i.net, walleye699@aol.com,
   suesemaus999@aol.com, niftytalker@aol.com, ms38golf@aol.com,
   rtaylor@edcor.com, sta4e4r4@aol.com, w.millett@comcast.net,
   thesr500@aol.com, pralloux51@aol.com, rgd2679@aol.com,
   rozsnics@aol.com, markclayb@aol.com, sagit13@aol.com,
   topseller4@aol.com, myab124lyfe@aol.com, jfk7134@aol.com,
   thebettertwin999@aol.com, thealiendragon@aol.com,
   owl4bucs@aol.com, rlsavage@tassnet.net, nuunuu1972@aol.com,
   merlinwiz0@aol.com, sissy97613@aol.com, scottdee@aol.com,
   rthatchrsr@aol.com, kurtmis@comcast.net, skatter4@aol.com,
   rpolkaudio@aol.com, pariny204@aol.com, podders813@aol.com,
   wisperzrox@aol.com, rsdesousa@aol.com, mitchamy@bright.net,
   molokodark@aol.com, oblateosblc@aol.com,
   woodsawoods18346@aol.com, nicbaz@aol.com, rihomeshow@aol.com,
   lmalone@us.ibm.com, pagsofisabella@juno.com,
   supermaus1908@aol.com, monakhamm@aol.com, maddogmbb@aol.com,
   susancalleo@aol.com, nonni213@aol.com, mnigliazzo@aol.com,
   taka777yuki@aol.com, werwen@voliacable.com, mwales4452@aol.com,
   spbmstl@aol.com, mks40215@insightbb.com, magyk16@aol.com,
   tygret@aol.com, maggiotruck@aol.com, spiritwolf214@aol.com,
   mike8786@aol.com, mike4tiger@aol.com, whb1418990@aol.com,
   playa2105@aol.com, plowey@aol.com, mslauralynne@aol.com,
   shoutbeerz@aol.com, llgates@comcast.net, sheninke14@aol.com,
   noiramcrafts%4
 Phone :  
 Fax :  


 

 Tank Testing Location Details

 Location 1 Details

 Address :  
 Tanks :  
 Lines :  
 

 Location 2 Details

 Address :  
 Tanks :  
 Lines :  
 

 Location 3 Details

 Address :  
 Tanks :  
 Lines :  
 

 Comments :
 

 END OF QUOTE REQUEST

[CharlieBrady]

I got SME 6.01.1 and got 4 virtual domains now all the domains got 1000 of spam/junk email and can't download. How do i stop this junk emails.

Everyone has lots of junk emails, and would love to stop them. But there is no simple solution. You should expect to spend some time understanding and dealing with the problem, or you should hire someone to do that for you.

I got one web form and it's fill by auto ????

I don't know exactly what you mean, but if you have a web form and it has not been correctly written, then it could have been discovered by spammers and be used by them. I suspect that is what has happened to your server. You should remove the form immediately.

[raem]

cosy

I agree with Charlie, remove that form immediately.
Install spam filtering and enable approx 4 RBLs to reject spam.

http://sme.swerts-knudsen.dk/index.html?frame=http%3A//sme.swerts-knudsen.dk/howtos/howto_29.htm

[cosy]

Hi Just install the spam filter it's ask to add the list not sure ne by one or list name?

-------------------------------
Current RBL entires:

RBL Entry  
Conservative lists Remove
-----------------------------------

How do i backup all the domain email?

Can i block some known domain?

Lots of outgoing mail to unknown domain from my server??

[raem]

cosy

A search on RBL would probably have found a few different users recommendations.
Try these
sbl-xbl.spamhaus.org
dnsbl.sorbs.net
relays.ordb.org
whois.rfc-ignorant.org


> How do i backup all the domain email?

Install backup2ws contrib and specify the users MailDir in a backup job eg
/home/e-smith/files/users/"username"/MailDir

You probably want to include all users so just do
/home/e-smith/files/users/
but this will include users home folders as well.


> Can i block some known domain?
> Lots of outgoing mail to unknown domain from my server??

Install qmHandle contrib to manage the existing mail queue,
also read this
http://mirror.contribs.org/smeserver/contribs//rmitchell/smeserver/howto/Mail%20system%20tweaks%20HOWTO%20for%20sme%20server.htm

...and learn to use the search function at the top right corner of this page.

[judgej]

Your web form is not validating its input correctly, and so is being used by spammers to send out spam to third parties.

Remove the web form *now*, before your ISP removes your web access.

-- Jason

[cosy]

hI aLL,
 
  i GOT DAILY LOTS OF THESE EMAILS? HOW TO SYOP OR FIXED?

Quoting Cron Daemon <root@ausnetit.com.au>:

> Usage: mrtg <config-file>
>
> mrtg-2.9.17 is the Multi Router Traffic Grapher.
>
> If you want to know more about this tool, you might want
> to read the docs. They came together with mrtg!
>
> Home: http://people.ee.ethz.ch/~oetiker/webtools/mrtg/
>
> /etc/mrtg/all-ip: /etc/mrtg/spamassassin.cfg: Permission denied
> /etc/mrtg/all-ip: usr/bin/mrtg: No such file or directory
>

[CharlieBrady]

  i GOT DAILY LOTS OF THESE EMAILS? HOW TO SYOP OR FIXED?

Have you followed any of the advice you have already been given?

Please learn not to shout, it does not help.

[cosy]

Hi,

Yes,Install spam filtering and enable approx 4 RBLs to reject spam now no SPAM but these Quoting Cron Daemon <root@ausnetit.com.au>: emails from my server.

[CharlieBrady]

Yes,Install spam filtering and enable approx 4 RBLs to reject spam

Did you remove the webform which appeared to be the source of the spam?

 now no SPAM but these Quoting Cron Daemon <root@ausnetit.com.au>: emails from my server.

You'll have to work out where those have come from. You haven't shown any Received: headers, so nobody can help you to do that.

That's not really spam, BTW, it's admin email indicating that some software is not functioning properly. Do you have mrtg installed on your server?