SuiteCRM Spamming my Server??

Hello Guys

Recently we have been getting thousands of spam emails being received and sent from our server

We have been looking into it today and have received the below information from my iT guy

Of course we are not accusing Suite of this act but would like to know if anyone out there has had the same issue and how was it solved?

Thanks again


Content-Type: text/plain; charset=UTF-8
Auto-Submitted: auto-generated
X-Cron-Env: <LANG=en_US.UTF-8>
X-Cron-Env: <SHELL=/usr/local/psa/bin/chrootsh>
X-Cron-Env: <HOME=/var/www/vhosts/domain>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=greeninc>
X-Cron-Env: <USER=greeninc>

A break down will be invoked by uid 10003 = sent from Green-inc domain
cd /var/www/vhosts/domain/subdomain-with-suite-crm; php -f cron.php > /dev/null 2>&1
change directory to sub-domain, then parse and execute cron.php,
then send all output to dev/null (operate quietly)

This may be a legit script (automating sending of mail) but there are 5000 in mail queue up from 4000 from yesterday

Hi Taufique,

Is SuiteCRM the only thing running on that server? What workflows do you have set up/running? Are they on repeated runs? What is the information from your mailserver? Who is sending the emails from the CRM i.e. is it the admin user/user set in email settings?

Thanks,

Will.

1 Like

Hi Will

No we have 7 websites on this server - 1 other Suite CRM system

The domain related to this has around 9 subdomains

Only 5 workflows and none are repeated runs

Probably 2 or 3 users send emails directly from the system

The main emails that are sent from the system are assigned to alert emails

Can you explain further - “What is the information from your mailserver?”

Thanks again for the fast response and help will :wink:

Hi Taufique,

In terms of “What is the information from your mailserver?”, are there any error messages in your logs? What mail service is running? What provider are you using to send emails?

Thanks,

Will.

SMTP Server (QMail)

from maillog
Jul 16 09:39:01 s16383796 qmail: 1405499941.609949 info msg 271568: bytes 804 from root@s16383796.onlinehome-server.info qp 7365 uid 10003
Jul 16 09:39:01 s16383796 qmail: 1405499941.688579 starting delivery 80051: msg 271568 to local greeninc@s16383796.onlinehome-server.info
Jul 16 09:39:01 s16383796 qmail: 1405499941.688600 status: local 1/10 remote 0/20
Jul 16 09:39:01 s16383796 qmail: 1405499941.692458 delivery 80051: deferral: /bin/sh:_/deliverquota:_No_such_file_or_directory/

Hi Taufique,

There seem to be a few errors there. If there was spam going out from the CRM, there may be some logs showing lots of email being sent out? Obviously we’re not email/server experts so you may need to consult with someone on your end to identify if this problem is originating from SuiteCRM or not.

Thanks,

Will.

1 Like

Hi Taufique,

You should contact 1and1 tech support - they are your linux server hosting provider. Share with them the exact error messages above. Tell them qmail application on your server is deferring delivery of thousands of your notifcation emails because it cannot find the file deliverquota. They should know how to fix qmail configuration so it sends the mail properly, or work with you adjusting the settings in SuiteCRM, until it does.

2 Likes

Is your outbound email configured insecurely; i.e. unauthenticated or without SSL or TLS? If so, I would definitely require an account and make sure that’s configured for SSL or TLS. Otherwise it’s simple for spammers to use your essentially not secured email relay.

1 Like

Hi Guys

Thanks for all the support

We have now removed Qmail from our server and have installed another client

This seems to have stopped the issue entirely for the time being! Fingers crossed forever

Thanks