I have Plesk on my Linux server and I receive lots of spam emails from the root account on my server.
Here’s what happened. My forum used to send emails to non-existent email accounts around the web and I used to receive the failure notices for them.
To block failure notice emails in qmail that were forwarded to my main email I had to modify the aliases from
/var/qmail/alias
Here’s a sample email I received:
MAILER-DAEMON@nixware.net Mar 30 (7 days ago) to postmaster Hi. This is the qmail-send program at nixware.net. I tried to deliver a bounce message to this address, but the bounce bounced! : 2a00:1450:4013:0c01:0000:0000:0000:001a does not like recipient. Remote host said: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 q5si14669450wjx.9 - gsmtp Giving up on 2a00:1450:4013:0c01:0000:0000:0000:001a. --- Below this line is the original bounce. Return-Path: <> Received: (qmail 8634 invoked for bounce); 29 Mar 2015 23:50:02 +0200 Date: 29 Mar 2015 23:50:02 +0200 From: MAILER-DAEMON@nixware.net To: root@nixware.net Subject: failure notice
As you can see, the postmaster account was receiving the spam from MAILER-DAEMON and MAILER-DAEMON was forwarding them to my gmail.com account. Pretty nasty…
The fix:
Go to
/var/qmail/alias
do a
ls -alh
and you will see a couple of hidden config files.
Inside each of those file I had my @gmail account. With the next script I overwrote the gmail account with a non-existent email:
for FILE in ./.qmail-*;do echo "nonexistent@nodomain.tld" > $FILE;done
Restart/reload qmail:
service qmail reload
That’s it! You should not receive any spam from any of the root, mailman or postmaster accounts.
Leave a Reply