Server used in for spam with ghost accounts

[SimonBalk]

Hi,

I've been searching for a few weeks now and since I found no solution I decided to post my problem here.

Somehow it's possilble for spammers to add e-mail accounts to my DA user accounts with which they can use my SMTP to send spam. One time I even saw that there was a new user created with an e-mail account.

About once a week my server is used to sent spam. When I search for these "ghost" accounts, delete them and delete te mail queue the sending of spam stops. I've also tested my server if it was an open relay but this was not the case.

Now I know how to stop the sending of spam but I want to prevent this ofcource. But after searching alot the last few weeks I can't find the solition/fix for this.

I'm running DA on Debian 5 and have updated DA to the latest version last friday. I hope someone can point me in the right direction.

 

[Arieh]

If even a user is created under admin (or a reseller?) then it looks like they simply log in. Have you changed your password?

 

[SimonBalk]

I've changed my password a couple of times. The passwords are strong (8 or longer, lowercase, uppercase, numeric and special chars) so I don't think my password is hacked.

 

[nobaloney]

Some hacker could have previously created a back door which is still open.

Are these linux user accounts with mailboxes, DirectAdmin accounts created either under the admin or other reseller accounts? Do they show up in the DirectAdmin login?

Jeff

 

[SimonBalk]

Sorry for the delayed reaction.

One time there was a DirectAdmin account. All other times there where email accounts added to DA user acounts.

Since I started this topic nothing happend but the interval of de spam runs is often about 7-10 days. Hope I can find the solution soon.