I have gotten my server shut off 2x now by my provider because of spam complaints. I need to get this resolved ASAP, and needed a little assistance. First off, I need to know exactly how to make sure that there is nothing in the config files that is allowing for open relay. Where exactly am I looking for such entries? I also have a sneaking suspicion that there may be a script that is triggering the SMTP function allowing people to spam is there anyway to prevent against such attacks? If so, recommendations?
I know the default Iworx Qmail setup is secure, so its most likely not that. I know I wrote a very poor PHP script to send an email from a web based form that was open to the public. Well because it was so simple I didn’t spend a lot of time on it and someone was able to inject their own email message into the code and use it to spam people. I noticed this b/c there was an higher load on my system and also there was a low by steady Eth0 traffic. I forget how but I eventually tracked it down to the site in question.
So you may want to see if it is a PHP script gone bad somewhere.