Hi! Got a HUGE spam problem. I have a old server (Windows NT) with the MDaemon mailserver and around 90 accounts. My ISP has blocked my IP address due to "vast amounts of outgoing spam" (and told me to fix that problem, because otherwise I'm out permanently). So that now I can't send anything out from my accounts. The spam blocker in this system is awful to say the least - it blocks spam as well as normal e-mail and makes problems where they shouldn't be. It's so user-unfriendly that it makes me . Anyways, the incoming spam's not the big problem - it's the outgoing spam. Outgoing, goddamnit? Nobody sends spam from my accounts! That I can guarantee - most of the users don't even know what Cc: is or that you can send the same e-mail to several persons simultaniously. Alright... the question: what's wrong? virus? is there a external outgoing-spam blocker/filter/whatever anywhere available? suggestions? And believe me - I'd like to dump that server, but I can't - 'cause there won't be any replacement! Frack... Thanks for any help!
Yup it might be a trojan or a virus. First off, do a full system scan. Review the logs of your smtp server, from there you can trace which account has been sending loads of emails. If possible delete that account.
Thanks, thoonie! I already did the scan on my server - some worms turned up. Apparently, the anti-viruses active shield had been off. Anyways, my AVG healed those files. But the server still keeps sending those emails. As for deleting accounts: the logging process shows that the sender in my SMPT(out) is unknown and the recipient is, well, some e-mail address... of course, the sending fails, because I'm on the Blacklist, but still - the attempts are there... but I remember seeing some known accounts which I might even be able to delete (thoonie - your advice ). Any other suggestions?
Great you taking a closer look into this, thoonie - I appreciate that! But please note that my system's NT - the MDaemon's pretty old. The younger versions come only for XP and 2k. So you might consider looking up also some old ones, if they have any archived trials still available. Thanks!
What version are you using? Are you using SPF record on your domain? If your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad
Sounds gread, thoonie! But since I got a little confused, could you, please, give me some guidelines on how to set up that SPF? Occoured to me like it's a linuxish thing - and I have little expierience in that region (as well as with mail-servers as such). Thanks!
There's a wizard on how to create a SPF Record on the link i gave you. Now once you've finished the wizard, copy the output. Go to your DNS manager for your domain(assuming that youre in control) Make a new txt/spf_record ffor your domain, insert the SPF's winzrs output. And your done. You also forgot to mention the correct version of MDaemon, not SPF alone can protect your mail server from spammers. It will just protect you from phishers and spammers using your domain.
MDaemon Server Version: SMTP/POP/IMAP server: v6.8.5 WorldClient HTTP server: v6.8.5 WorldClient DLL: v6.8.5 ComAgent client: v6.8.5 Content filter server: v6.8.5 Content filter DLL: v6.8.5 SpamAssassin engine: v2.5.5 SpamAssassin dll: v2.5.5 Original "Flat-File" API (MDUser.dll): v6.8.5 COM/DCOM API (MDUserCOM.dll): v5.0.1 LDAP API (MDUserLDAP.dll): v6.8.5 ODBC/SQL API (MDUserODBC.dll): v6.8.5 NT/2K/XP utility API (NTUtil.dll): v6.8.5 :: I found that wizard and used it as well; I'll try it out. All I really need right now is to at least be able to bring the spamming from my domain to a certain limit or halt, if possible.
Maybe consider this: SME Server Much, much, MUCH more stable and secure than NT, easier to setup, and believe it or not, totally free. Built-in spam-assasin & anti-virus without setup required, secure webmail, POP, POPS, SMTP, IMAP, IMAPS. I've already deployed this for many small & medium-sized businesses, and not a single problem so far.
I've got 102 accounts + webmail on that server. There has been some ideas about Linuxish solutions (more like FreeBSDish), but never this. Should be taken into consideration.
If you already know UNIX-like systems well, you might like the control of simply using something like CentOS (Red Hat Enterprise Linux without the licensing). But otherwise, SME is basically CentOS pre-configured to be a stand-alone ISP (or NAS, or both). You've got everything you need in about 5-minutes setup, and you can admin it with a secure web interface. It'll even build a nice software RAID for you upon installation if you have multiple drives.
