[NCLUG] spam problem with qmail

Frank Whiteley techzone at greeleynet.com
Mon Jan 12 22:56:02 MST 2004


----- Original Message ----- 
From: "mherndon" <mherndon at lamar.colostate.edu>
To: <nclug at nclug.org>
Sent: Monday, January 12, 2004 18:32
Subject: [NCLUG] spam problem with qmail


> Hello all,
>
> I've a little experience with Linux, but consider myself very much so a
newbie
> in this arena.
>
> I have a mail server running Slackware with qmail 1.03.
>
> Over the last couple of days, the server has been compromised and appears
to
> be relaying spam.  When I generate a ps aux, it informs me that it's
running
> on qmail-remote process.  The qmail-queue reflects 1000's of messages with
the
> from address showing the same address everytime.  The address reflected
was
> actually an alias account which has since been removed.
>
> I'm in the process of removing all messages from the qmail-queue related
to
> that address, and I have already killed the qmail processes.
>
> I'm stumped on what I need to exactly do now.  I would be greatful for any
> help or suggestions.
>
> Thanks.  -Mark
>
Once you think you have it tightly configured, register at
http://www.abuse.net/relay.html and test it for relay vulnerabilities also.

Frank Whiteley




More information about the NCLUG mailing list