EMERGENCY - need to secure my server against an ongoing SPAMMER
Paul Howarth
paul at city-fan.org
Fri Mar 11 11:06:13 UTC 2005
Bob Brennan wrote:
> On Fri, 11 Mar 2005 10:48:29 +0000, Paul Howarth <paul at city-fan.org> wrote:
>
>>Bob Brennan wrote:
>>
>>>Sorry for the brevity here but I woke this morning to find my
>>>mailserver sending 1000+ rejected email notices to postmaster@, and it
>>>was increasing by the minute. I have shut down Sendmail and am
>>>removing all relay permissions (I hope) but have a few issues that
>>>need to be resolved quickly before going back online - knowing the
>>>spammer will be retrying and my legitimate users are losing services.
>>
>>What relaying permissions did you have?
>
>
> FEATURE('relay_entire_domain')
> HACK('popauth')
> ...none of which worked for *me* in my continuing struggle to find a
> secure way to let my users use a remote MUA
> ...both commented out for now, as well as removed all domains in the
> "Relay Domains" (Webmin again) file
No real clues there, need to see a qf file as mentioned last time.
>>>2. MySql is shut down for some reason, I don't know if it's related to
>>>the attack. "service msqld status" returns "msqld dead but subsys
>>>locked"
>>
>>Perhaps it collapsed under the load? Will "service msqld restart"
>>restart it?
>
>
> "Timeout error occured trying to start MySQL Deamon"
> "Starting MySQL [FAILED]
> ... having to do with the "subsys locked" problem above I believe -
> but how to fix that?
Doesn't "service msqld stop" clear the "subsys locked" error?
Paul.
More information about the users
mailing list