<HTML>
<HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="OPENWEBMAIL" name=GENERATOR>
</HEAD>
<BODY bgColor=#ffffff>
It may be mail still on the server, waiting to go out. And as soon as you enable Sendmail again - it starts flowing.
<br />
<br />Check to see what's waiting on the server to go out with the command-line command "mailq", or if its long - "mailq | more". The last line should be the number of messages waiting to go out from your server. Most servers are usually 0 - since mail goes out quickly. If there just a few - this isn't the problem. But if there are a LOT (I've seen 40,000+ on a exploited server before) - you have to get rid of them!
<br />
<br />In that case, go into /var/spool/mqueue - which is the directory mail sits in while waiting to go out. Each message is either one or two files - so there could be a LOT of files in here if there are a lot of messages in the "mailq" output. And while there could be valid customer e-mails in there - its VERY time consuming to identify which is which. So I just delete everything in that directory - risking loosing a couple of valid customer e-mails along with all the SPAM in there. Just "rm -f *" in that directory to get rid of them all, and then restart the mail services on your server.
<br />
<br />Good luck cleaning up. I know your pain!!
<br />
<br />
<br />Chuck
<br />
<br /><font size="2">
<br />
<br /><b>---------- Original Message
-----------</b>
<br />
From: Meaulnes Legler <bluelist@waveweb.ch>
<br />
To: BlueOnyx General Mailing List <blueonyx@mail.blueonyx.it>
<br />
Sent: Wed, 15 Jun 2016 16:43:34 +0200
<br />
Subject: [BlueOnyx:19711] prevent user from sending e-mail in /etc/mail/access
<br />
<br />> dear list
<br />>
<br />>
with iptables, I have been able to stop the e-mail flooding attacking a
<br />>
specific user, see previous post [BlueOnyx:19698] Re: e-mail flooding
<br />>
<br />>
But that user is still sending out tons of mails if I enable it again
<br />>
(unchecking «Suspend» in the GUI), thousands in a couple of hours with
<br />>
subjects like:
<br />>
Subject: Warning: could not send message for past 4
hours
<br />>
Subject: Returned mail: see transcript for details
<br />>
That user must have some virus and I'm afraid that my server will be
<br />>
tagged...
<br />>
<br />>
I read that I could prevent user from sending e-mail by adding these
<br />>
lines to /etc/mail/access
<br />>
From:janis@legler.org REJECT
# Reject user from sending mails
<br />>
and restarting sendmail. But /etc/mail/access is pretty much empty:
<br />>
<br />>
--------------------------------------------
<br />>
# By default we allow relaying from localhost...
<br />>
Connect:localhost.localdomain RELAY
<br />>
Connect:localhost
RELAY
<br />>
Connect:127.0.0.1
RELAY
<br />>
# Cobalt Access Section Begin
<br />>
<br />>
# Cobalt Access Section End
<br />>
/etc/mail/access lines 1-15/15 (END)
<br />>
--------------------------------------------
<br />>
<br />>
Can I do so as said above without compromising the mailer?
<br />>
<br />>
Thank you and best regards
<br />>
<br />>
Meaulnes Legler
<br />>
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
<br />>
~ <a target="_blank" href="http://www.waveweb.ch/">http://www.WaveWeb.ch</a> ~
<br />>
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
<br />>
~ Zurich, Switzerland ~
<br />>
~ +41\0 44 260 16 60 ~
<br />>
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
<br />>
<br />>
_______________________________________________
<br />>
Blueonyx mailing list
<br />>
Blueonyx@mail.blueonyx.it
<br />>
<a target="_blank" href="http://mail.blueonyx.it/mailman/listinfo/blueonyx">http://mail.blueonyx.it/mailman/listinfo/blueonyx</a>
<br /><b>------- End of Original Message
-------</b>
<br />
</font>
</BODY>
</HTML>