SingleUserUnixInstall ?

To start with, DirectAdmin uses Exim. DirectAdmin does NOT use Procmail. You'd have to make a lot of changes to make this work. Why don't you use the standard DirectAdmin installation of SpamAssassin?

Jeff
 
Because I think bigger is better?

I saw atmail is using SA+Razor+Pyzor+DcC, and I tought that was the best combo.

And now look like I messed around with the system, is there anyway that I can
go back to standard DA setting?

Im using centos64

thank you..
 
decke said:
And now look like I messed around with the system, is there anyway that I can go back to standard DA setting?
Click to expand...
Yes, but I certainly don't know what you've done, and it appears you may not know either. So the only thing I can tell you is to hire someone with extensive DirectAdmin email experience to look at your server's mail systems, piece by piece, and return them to DirectAdmin standard.

After that I highly recommend you make changes/additions one-at-a-time, testing extensively after each change, and being able to roll-back if necessary.

You can do just about everything you want from a custom exim.conf file; it's very configurable. But everything has to be done quite methodically so if you do something that doesn't work, you can undo it before you move forward.

Jeff
 
thank you for your explanation,

I search and found this:
http://www.directadmin.com/forum/showthread.php?t=26888

But yes, maybe back to basic is best choice.

Oh, and btw when I try to tail /var/log/exim/mainlog it showed hundreds or maybe thousand line like this:

2009-06-24 19:39:40 H=(frcj0x3) [202.162.204.253] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2009-06-24 19:39:41 H=(frcj0x3) [202.162.204.253] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2009-06-24 19:39:42 H=(frcj0x3) [202.162.204.253] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2009-06-24 19:39:42 H=(frcj0x3) [202.162.204.253] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2009-06-24 19:39:43 H=(frcj0x3) [202.162.204.253] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2009-06-24 19:39:44 H=(frcj0x3) [202.162.204.253] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2009-06-24 19:39:45 H=(frcj0x3) [202.162.204.253] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2009-06-24 19:39:45 H=(frcj0x3) [202.162.204.253] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2009-06-24 19:39:46 H=(frcj0x3) [202.162.204.253] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2009-06-24 19:39:46 H=(frcj0x3) [202.162.204.253] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2009-06-24 19:39:47 H=(frcj0x3) [202.162.204.253] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2009-06-24 19:40:46 unexpected disconnection while reading SMTP command from bzq-84-108-123-229.cablep.bezeqint.net (admin) [84.108.123.229]
2009-06-24 19:40:46 H=(gihlbji) [202.162.204.253] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2009-06-24 19:40:47 H=(gihlbji) [202.162.204.253] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2009-06-24 19:40:48 H=(gihlbji) [202.162.204.253] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2009-06-24 19:40:49 H=(gihlbji) [202.162.204.253] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2009-06-24 19:40:49 H=(gihlbji) [202.162.204.253] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2009-06-24 19:40:50 H=(gihlbji) [202.162.204.253] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2009-06-24 19:40:51 H=(gihlbji) [202.162.204.253] F=<[email protected]> rejected RCPT <[email protected]>: authentication required


===========

Is that mean that our DA server has been compromised ?

Last time we use Andy service (servertune.com) to do security patch to at our server and things go well.

Rightnow we upgrade to the newest 64bit amd server, and want to try service from other company such as:

1. http://serverwizards.com/security.php
(linux adv sec)
2. http://www.logicsupport.com/serversecurity.php
(phase 3 sec)

which one is better solution?
 
Not if it says authentication required. It looks like a brute force attack on your server.
 
omg... :confused:

What should I do?
Or I must use ELS? or just asked serverwizard/logicsupport to do the task?



==============

I try to turn on http://help.directadmin.com/item.php?id=142
But I got:

2009-06-24 22:05:52 failed to open /etc/virtual/use_rbl_domains for linear search: No such file or directory
2009-06-24 22:06:55 failed to open /etc/virtual/use_rbl_domains for linear search: No such file or directory

Is this kb is still applicable?
 
use_rbl_domains is a simple file (it starts out empty, but you add into it the domain names (copy them from the /etc/virtual/domains file); Depending on how old is your installation of DirectAdmin you may not have any of the files required for SpamBlocker to run. The file should have the same ownership and rights as the domains file.

If you're running SpamBlocker version 2 (the DirectAdmin default), the README is here. If you're running SpamBlocker verison 3 (you or someone working for you would have had to install it), then the README is here.

Jeff
 
hi jeff,

we use the new spamblocker3, and I believe i've done everything in the README.

" use_rbl_domains is a simple file (it starts out empty, but you add into it the domain names (copy them from the /etc/virtual/domains file) "

Could you explain it to me more detail?
inside /etc/virtual/domains file, there are the list of the domains.
Do you mean that I must copy all the domains list to /etc/virtual/use_rbl_domains ? and than start the procedure again?


thank you.


============

One more thing Jeff,

2 days ago, one of our website is act strangely, the DA server keep sending email to everywhere, especially hotmail, yahoo, etc.

I didnt setup any email account for this website, but this email ([email protected]) is sending crazily. Finally dont know what must I do, I suspend the account, but it still keep doing the crazy things, and yesterday I delete the account the folder everything...and...
This email still act crazily..

Something must be wrong....
Kindly help me please.

===========================

2009-06-24 23:37:58 1MJVTy-0007K5-4B <= [email protected] U=apache P=local S=1814 T= "Security Notification for your Online Banking (IMPORTANT)" from <[email protected]> for [email protected]
2009-06-24 23:37:58 1MJVTy-0007K7-5D <= [email protected] U=apache P=local S=1814 T= "Security Notification for your Online Banking (IMPORTANT)" from <[email protected]> for [email protected]
2009-06-24 23:37:58 1MJVTy-0007K9-68 <= [email protected] U=apache P=local S=1814 T= "Security Notification for your Online Banking (IMPORTANT)" from <[email protected]> for [email protected]
2009-06-24 23:37:58 1MJVTy-0007KB-74 <= [email protected] U=apache P=local S=1814 T= "Security Notification for your Online Banking (IMPORTANT)" from <[email protected]> for [email protected]
2009-06-24 23:37:58 1MJVTy-0007KD-81 <= [email protected] U=apache P=local S=1814 T= "Security Notification for your Online Banking (IMPORTANT)" from <[email protected]> for [email protected]
2009-06-24 23:37:58 1MJVTy-0007KF-8x <= [email protected] U=apache P=local S=1814 T= "Security Notification for your Online Banking (IMPORTANT)" from <[email protected]> for [email protected]
2009-06-24 23:37:58 1MJVTy-0007KH-9t <= [email protected] U=apache P=local S=1814 T= "Security Notification for your Online Banking (IMPORTANT)" from <[email protected]> for [email protected]
2009-06-24 23:37:58 1MJVTy-0007KK-BK <= <> R=1MJVTy-0007KJ-Ao U=mail P=local S=981 T="Mail fail ure - no recipient addresses" from <> for [email protected]
2009-06-24 23:37:58 1MJVTy-0007KK-BK => hartarto <[email protected]> F=<> R=localuse r T=local_delivery S=1086
2009-06-24 23:37:58 1MJVTy-0007KK-BK Completed
2009-06-24 23:37:59 1MJVTy-0007KD-81 ** [email protected] F=<[email protected]> R= lookuphost T=remote_smtp: SMTP error from remote mail server after end of data: host mx1.biz.ma il.yahoo.com [4.79.181.18]: 554 Message not allowed - []
2009-06-24 23:37:59 1MJVTz-0007KW-Sq <= <> R=1MJVTy-0007KD-81 U=mail P=local S=2780 T="Mail del ivery failed: returning message to sender" from <> for [email protected]
2009-06-24 23:37:59 1MJVTy-0007KD-81 Completed
2009-06-24 23:37:59 1MJVTy-0007K5-4B ** [email protected] F=<[email protected]> R= lookuphost T=remote_smtp: SMTP error from remote mail server after end of data: host mx1.biz.ma il.yahoo.com [209.191.89.172]: 554 Message not allowed - UP Email not accepted for policy reaso ns. Please visit http://help.yahoo.com/help/us/mail/defer/defer-04.html [120]
2009-06-24 23:37:59 1MJVTz-0007KY-Tm <= <> R=1MJVTy-0007K5-4B U=mail P=local S=2901 T="Mail del ivery failed: returning message to sender" from <> for [email protected]
2009-06-24 23:37:59 1MJVTy-0007K5-4B Completed
2009-06-24 23:37:59 1MJVTz-0007KW-Sq => hartarto <[email protected]> F=<> R=localuse r T=local_delivery S=2885
2009-06-24 23:37:59 1MJVTz-0007KW-Sq Completed
2009-06-24 23:37:59 1MJVTz-0007KY-Tm => hartarto <[email protected]> F=<> R=localuse r T=local_delivery S=3006
2009-06-24 23:37:59 1MJVTz-0007KY-Tm Completed
2009-06-24 23:37:59 1MJVTy-0007KB-74 ** [email protected] F=<[email protected]> R= lookuphost T=remote_smtp: SMTP error from remote mail server after end of data: host mx1.biz.ma il.yahoo.com [209.191.89.172]: 554 Message not allowed - UP Email not accepted for policy reaso ns. Please visit http://help.yahoo.com/help/us/mail/defer/defer-04.html [120]
2009-06-24 23:37:59 1MJVTy-0007K9-68 ** [email protected] F=<[email protected]> R= lookuphost T=remote_smtp: SMTP error from remote mail server after end of data: host mx1.biz.ma il.yahoo.com [209.191.89.172]: 554 Message not allowed - UP Email not accepted for policy reaso ns. Please visit http://help.yahoo.com/help/us/mail/defer/defer-04.html [120]
2009-06-24 23:37:59 1MJVTz-0007Ke-Vd <= <> R=1MJVTy-0007KB-74 U=mail P=local S=2901 T="Mail del ivery failed: returning message to sender" from <> for [email protected]
2009-06-24 23:37:59 1MJVTy-0007KB-74 Completed
2009-06-24 23:38:00 1MJVTz-0007Kf-Vv <= <> R=1MJVTy-0007K9-68 U=mail P=local S=2901 T="Mail del ivery failed: returning message to sender" from <> for [email protected]
2009-06-24 23:38:00 1MJVTy-0007K9-68 Completed
2009-06-24 23:38:00 1MJVTz-0007Ke-Vd => hartarto <[email protected]> F=<> R=localuse r T=local_delivery S=3006
2009-06-24 23:38:00 1MJVTz-0007Ke-Vd Completed
2009-06-24 23:38:00 1MJVTz-0007Kf-Vv => hartarto <[email protected]> F=<> R=localuse r T=local_delivery S=3006
2009-06-24 23:38:00 1MJVTz-0007Kf-Vv Completed
2009-06-24 23:38:00 1MJVTy-0007K7-5D ** [email protected] F=<[email protected]> R= lookuphost T=remote_smtp: SMTP error from remote mail server after end of data: host mx1.biz.ma il.yahoo.com [67.28.113.136]: 554 Message not allowed - UP Email not accepted for policy reason s. Please visit http://help.yahoo.com/help/us/mail/defer/defer-04.html [120]
2009-06-24 23:38:00 1MJVU0-0007Km-3c <= <> R=1MJVTy-0007K7-5D U=mail P=local S=2896 T="Mail del ivery failed: returning message to sender" from <> for [email protected]
2009-06-24 23:38:00 1MJVTy-0007K7-5D Completed
2009-06-24 23:38:00 1MJVTy-0007KH-9t ** [email protected] F=<[email protected]> R= lookuphost T=remote_smtp: SMTP error from remote mail server after end of data: host mx1.biz.ma il.yahoo.com [67.28.113.136]: 554 Message not allowed - UP Email not accepted for policy reason s. Please visit http://help.yahoo.com/help/us/mail/defer/defer-04.html [120]
2009-06-24 23:38:00 1MJVU0-0007Km-3c => hartarto <[email protected]> F=<> R=localuse r T=local_delivery S=3001
2009-06-24 23:38:00 1MJVU0-0007Km-3c Completed
2009-06-24 23:38:00 1MJVU0-0007Kp-4q <= <> R=1MJVTy-0007KH-9t U=mail P=local S=2896 T="Mail del ivery failed: returning message to sender" from <> for [email protected]
2009-06-24 23:38:00 1MJVTy-0007KH-9t Completed
2009-06-24 23:38:00 1MJVU0-0007Kp-4q => hartarto <[email protected]> F=<> R=localuse r T=local_delivery S=3001
2009-06-24 23:38:00 1MJVU0-0007Kp-4q Completed
2009-06-24 23:38:00 1MJVTy-0007KF-8x ** [email protected] F=<[email protected]> R= lookuphost T=remote_smtp: SMTP error from remote mail server after end of data: host mx1.biz.ma il.yahoo.com [67.28.113.136]: 554 Message not allowed - UP Email not accepted for policy reason s. Please visit http://help.yahoo.com/help/us/mail/defer/defer-04.html [120]
2009-06-24 23:38:00 1MJVU0-0007Ku-BR <= <> R=1MJVTy-0007KF-8x U=mail P=local S=2896 T="Mail del ivery failed: returning message to sender" from <> for [email protected]
2009-06-24 23:38:00 1MJVTy-0007KF-8x Completed
2009-06-24 23:38:00 1MJVU0-0007Ku-BR => hartarto <[email protected]> F=<> R=localuse r T=local_delivery S=3001

==============================
 
As you've just noticed, sometimes it takes me a few days between visits to the forums :(.
decke said:
" use_rbl_domains is a simple file (it starts out empty, but you add into it the domain names (copy them from the /etc/virtual/domains file) "

Could you explain it to me more detail?
inside /etc/virtual/domains file, there are the list of the domains.
Do you mean that I must copy all the domains list to /etc/virtual/use_rbl_domains ? and than start the procedure again?
Click to expand...
You can. But you can also automate it by deleting the use_rbl_domains file and from a root shell, create a link (a regular link will work but I use a symbolic link because it acts as documentation as to which is the parent and which the link):
Code: 
# cd /etc/virtual
# ln -s domains use_rbl_domains
2 days ago, one of our website is act strangely, the DA server keep sending email to everywhere, especially hotmail, yahoo, etc.

I didnt setup any email account for this website, but this email ([email protected]) is sending crazily. Finally dont know what must I do, I suspend the account, but it still keep doing the crazy things, and yesterday I delete the account the folder everything...and...
This email still act crazily..

Something must be wrong....
Kindly help me please.
Click to expand...
You've probably got mail in your queue that's still trying to get it.

Clean your mail queue.

Jeff
 
You must log in or register to reply here.
Back
Top