How might I stop BACKSCATTER using Qmail?
- by alecb
New to ServerFault , please pardon if my details are too much
Linux box acting as Virtual Host for domain hosting. Runs CentOs.
Runs Parallels Plesk 9.x
Regardless of the following, the SPAM keeps flowing in at 1-3 / second.
An explanation of the problem...
"xinetd service listens for SMTP connections and forwards to qmail-smtpd. The qmail service only process the queue, but does not control messages coming into the queue...that's why stopping it has no effect. If you stop xinetd AND qmail, then kill any open qmail-smtpd processes, all mail flow comes to a stop SOMETIMES
Problem is, qmail-smtpd is not smart enough to check for valid mailboxes on the localhost before accepting the mail. So, it accepts bad mail with a forged replyto address which gets processed in the queue by qmail. Qmail cannot deliver locally and bounces to the forged replyto address."
We believe the fix is to patch the qmail-smtpd process to give it the intelligence to check for the existence of local mailboxes BEFORE accepting the message. The problem is when we try to compile the chkuser patch we run into failures due to Plesk Control Panel."
Is anyone aware of something we could do differently or better?"
Other things that have NOT worked thus far:
-Turning off any and all mail processes (to check as an indicator that an individual account has been compromised. This has been verified as NOT the case.)
-Turning off mail AND http server processes (in the case of a compromised formmail)
-Running EXIM in lieu of Qmail( easy/quick install but xinetd forces exim to close and restarts qmail on its own)
-Turned on SPF protection via Plesk GUI. Does not help.
-Turned on Greylisting via Plesk GUI. Does not help.
-Disabled Bounce notifications via command line
That which MIGHT work but have complications:
-Use POSTFIX instead of QMAIL (No knowledge of POSTIFX and don't want to bother with it unless anyone knows it has potential to handle backscatter WELL before investing time)
-As mentioned above, compiling a chkusr patch, we believe will STOP this problem, along with qmail (because of plesk in the mix, the comile fails every time and Parallels Plesk support is unresponsive unless I cough up MONEY)
If I don't clear out the SPAM from the outgoing mail queue nightly, then it clogs up with millions of SPAMs and will bring down the OUTGOING email services.
Any and all help welcome and appreciated!
