I was hoping that someone who knows more about linux than I could help me fix a security problem on my headless leased server.
I'm currently running CentOS 5 (updated to latest stable via yum), and have qmail installed both to "deliver" to my SMTP mailbox for me and my friend's email addresses and I also use it to route my outgoing mail.
I don't know a lot about mail servers, and have used Kloxo's web interface to configure the server and my email addresses.
I removed my domain name where noted, but the IP address listed twice isn't mine at all.
Here's the problem
About two weeks ago, I began receiving bunches of mailer daemon messages encasing SPAM messages:
**note. I changed what was my actual fully qualified domain name below for privacy and security reasons, but haven't a clue who, if anyone, the IP and email belong to
I'm really not sure where to start - I think that someone's logging onto my server to send massive amounts of spam, and I'm just getting the mis-delivered ones.
Hi. This is the qmail-send program at myserversFQD.domain.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
User and password not set, continuing without authentication.
22.214.171.124 does not like recipient.
Remote host said: 550 Requested action not taken: mailbox unavailable Giving up on 126.96.36.199.
--- Below this line is a copy of the message.
**lengthy spam message about online drug companies and fake ED medication appeared here . . . .
I know that I need to make it stop asap, but i'm not sure how to properly configure the server to make this stop. I tried applying lots of config changes via kloxo, but the only one that actually worked seemed to just turn the server off all-together (switching mail delivery from remote to local and then not specifying an external mail service).
I'd really appreciate any help on how I might be able to disallow use of my server by bulk spam companies. :)