EMERGENCY - need to secure my server against an ongoing SPAMMER
Robin.Laing at drdc-rddc.gc.ca
Fri Mar 11 15:17:00 UTC 2005
Bob Brennan wrote:
>>If you followed the instructions I gave, they'd be in /var/spool/mqueue.spam
> As soon as I got to the machine, with spam still obviously being sent
> out, I checked all users. There were only entries for me as root
> having logged on just a few moments earlier, nothing else. I won't
> rule that out of course but occam's razor points to my many attempts
> to get sendmail to relay my remote Evolution/Outlook clients.
> Apparently I *did* get relaying working - just not for me! I had
> carefully noted my changes to sendmail.mc (mentioned earlier) and the
> first thing I did was comment them out, rebuild and reboot. It was the
> reboot that flagged up the mysqld problem, and that might have
> happened over several weeks since I rarely reboot.
I wonder if one of the Outlook clients was doing the spamming? Again
the headers and log files may give a hint but the headers were deleted.
More information about the users