DirectAdmin Knowledge Base and Support

DirectAdmin is a web panel for a simple administration of both virtual and dedicated servers. DirectAdmin is faster, safe and more powerful than any other CP. And we know how to customize and support it.

spamd: unauthorized connection from IP to port 783

| 00:31:51 03.09.2015

Should you happen to notice that SpamAssassin does not check incoming emails, or to see lines similar to the following in mail logs:

Wed Sep  2 21:03:57 2015 [12881] warn: spamd: unauthorized connection from server.domain.com [11.22.33.xx]:56486 to port 783, fd 6 at /usr/bin/spamd line 1603.
Wed Sep  2 21:03:57 2015 [12842] info: prefork: child states: II
Wed Sep  2 21:13:12 2015 [12881] warn: spamd: unauthorized connection from server.domain.com [11.22.33.xx]:57262 to port 783, fd 6 at /usr/bin/spamd line 1603.
Wed Sep  2 21:13:12 2015 [12842] info: prefork: child states: II
Wed Sep  2 21:13:39 2015 [12881] warn: spamd: unauthorized connection from server.domain.com [11.22.33.xx]:57274 to port 783, fd 6 at /usr/bin/spamd line 1603.
Wed Sep  2 21:13:39 2015 [12842] info: prefork: child states: II
Wed Sep  2 21:14:05 2015 [12881] warn: spamd: unauthorized connection from server.domain.com [11.22.33.xx]:57293 to port 783, fd 6 at /usr/bin/spamd line 1603.
Wed Sep  2 21:14:05 2015 [12842] info: prefork: child states: II

here is a possible solution for a directadmin powered server:

Open /etc/init.d/exim

Find a line with:

if [ -e /usr/bin/spamd ]; then /usr/bin/spamd -d -c -m 15 1>/dev/null 2>/dev/null; fi

and append it with IP address(es) of your server :

-A 11.22.33.xxx, 127.0.0.1

so it would look like:

if [ -e /usr/bin/spamd ]; then /usr/bin/spamd -A 11.22.33.xxx, 127.0.0.1 -d -c -m 15 1>/dev/null 2>/dev/null; fi

Note to replace 11.22.33.xxx with an actual IP of your server.

Save changes, quit editing the file and restart exim.

/etc/init.d/exim restart

If successful you will see lines similar to:

Thu Sep  3 00:44:07 2015 [6636] info: spamd: connection from server.domain.com [11.22.33.xx]:48004 to port 783, fd 6
Thu Sep  3 00:44:07 2015 [6636] info: spamd: setuid to userbob succeeded
Thu Sep  3 00:44:07 2015 [6636] info: spamd: processing message <20150902184336.665991849A9@gmail.com> for userbob:507
Thu Sep  3 00:44:13 2015 [6636] info: spamd: clean message (-0.0/5.0) for userbob:507 in 5.3 seconds, 1058 bytes.

p.s. Man pages

       -A host,..., --allowed-ips=host,...
           Specify a comma-separated list of authorized hosts or networks
           which can connect to this spamd instance. Each element of the
           list is either a single IP addresses, or a range of IP addresses
           in address/masklength CIDR notation, or ranges of IPv4 addresses
           by specifying 3 or less octets with a trailing dot.  Hostnames
           are not supported, only IPv4 or IPv6 addresses.  This option can
           be specified multiple times, or can take a list of addresses
           separated by commas.  IPv6 addresses may be (but need not be)
           enclosed in square brackets for consistency with option --listen.
           Examples:

           -A 10.11.12.13 -- only allow connections from 10.11.12.13.

           -A 10.11.12.13,10.11.12.14 -- only allow connections from
           10.11.12.13 and 10.11.12.14.

           -A 10.200.300.0/24 -- allow connections from any machine in the
           range "10.200.300.*".

           -A 10. -- allow connections from any machine in the range
           "10.*.*.*".

           -A [2001:db8::]/32,192.0.2.0/24,::1,127.0.0.0/8 -- only accept
           connections from specified test networks and from localhost.

           In absence of the -A option, connections are only accepted from
           IP address 127.0.0.1 or ::1, i.e. from localhost on a loopback
           interface.
About Us
We are a team of professionals, and specialize in installation, configuring and managing of remote virtual and dedicated servers powered by Linux/Unix-like OS with DirectAdmin. We support various sets of software, including web-servers Apache, Nginx; internet domain name servers Bind, PowerDNS; mail-servers with POP3, IMAP and SMTP, FTP-servers, etc. After years of working through the most complex server challenges our team has gathered valuable experience and universal solutions suitable for everyday tasks. We are here to lend you a helping hand and take care of your servers in order to let you have enough time to do more of what you love.




All of the information and data on this site is for informational purposes only and is provided for the convenience of the user.
Powered by: Amiro.CMS - Free edition