unresolved issues with qmail and server

I'm looking for the best way to monitor/report on qmail activity.

A bit of background first: My joomla install was hacked last month (fully recovered), and recently, all the domains I have on a shared server at a different provider were hacked (also fully recovered), and it's got me to wondering about email security. Why? Because it's not so obvious.

When a website gets hacked, the hacker leaves his/her mark on the homepage. You know immediately. But how do you know when a spammer is using your account?

I want to give my Linode a reasonable amount of security with the least fuss. I'm using the CentOS disk image as a LAMP & FTP server with qmail+courier+squirrelmail. I used the qmailrocks.org guide to set it up, but it has never worked quite right. For example, I had to add a daily "svscanboot &" process to my crontab because qmail kept falling out of memory, and then every few days I go in through ssh and kill the obsolete "svscan /service" processes.

The qmail nightly report has never worked like it should, reporting incorrect dates, and the numbers don't make sense. But the part that really bothers me is at the bottom, where it will report about 10-15 times too many emails processed compared to how many I believe were sent/received by all accounts on the system.

What's the best way to handle this? Is there a favorite app out there folks use to send an admin report on qmail that really works? Is there a firewall or similar app I should also be using to protect the Linode in general?

Thank you for taking the time to read and respond.

4 Replies

@totalsuper:

I used the qmailrocks.org guide to set it up, but it has never worked quite right. For example, I had to add a daily "svscanboot &" process to my crontab because qmail kept falling out of memory, and then every few days I go in through ssh and kill the obsolete "svscan /service" processes.

This seems unneccesary to me. Do you have something similar to the following in your /etc/inittab:

SV:123456:respawn:/command/svscanboot

It seems there is something wrong with your basic setup. I'm not familiar with the qmailrocks.org guide, but I would seriously suggest using the http://www.lifewithqmail.org/ guide. I've used it numerous times without fail.

@totalsuper:

The qmail nightly report has never worked like it should, reporting incorrect dates, and the numbers don't make sense. But the part that really bothers me is at the bottom, where it will report about 10-15 times too many emails processed compared to how many I believe were sent/received by all accounts on the system.
I'm not sure what "nightly report" you're referring to, but emails processed won't necessarily equal emails delivered and sent if you have some kind of spam protection.

@totalsuper:

Is there a firewall or similar app I should also be using to protect the Linode in general?
You've been hacked twice. I think the answer to your question is obvious.

You said: I'm not sure what "nightly report" you're referring to, but emails processed won't necessarily equal emails delivered and sent if you have some kind of spam protection.

I'm referring to the Nightly Qmail Stats Report sent to the postmaster account at midnight local time.

You said: You've been hacked twice. I think the answer to your question is obvious.

Cute. The question is not whether I need protection, but rather, what's the best option that's easiest to install and maintain?

I'll check my inittab. Thank you for that info. I'll also compare life with qmail with the qmail rocks guide and see what I could do different.

@totalsuper:

The question is not whether I need protection, but rather, what's the best option that's easiest to install and maintain?

For a Linode, I recommend Shoreline Firewall (Shorewall) - the 'easy-to-use' firewalls usually have a GUI, Shorewall just uses config files.

Me, I've been using FWBuilder, it works well for me 8)

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct