[NCLUG] spam problem with qmail
Frank Whiteley
techzone at greeleynet.com
Mon Jan 12 22:56:02 MST 2004
----- Original Message -----
From: "mherndon" <mherndon at lamar.colostate.edu>
To: <nclug at nclug.org>
Sent: Monday, January 12, 2004 18:32
Subject: [NCLUG] spam problem with qmail
> Hello all,
>
> I've a little experience with Linux, but consider myself very much so a
newbie
> in this arena.
>
> I have a mail server running Slackware with qmail 1.03.
>
> Over the last couple of days, the server has been compromised and appears
to
> be relaying spam. When I generate a ps aux, it informs me that it's
running
> on qmail-remote process. The qmail-queue reflects 1000's of messages with
the
> from address showing the same address everytime. The address reflected
was
> actually an alias account which has since been removed.
>
> I'm in the process of removing all messages from the qmail-queue related
to
> that address, and I have already killed the qmail processes.
>
> I'm stumped on what I need to exactly do now. I would be greatful for any
> help or suggestions.
>
> Thanks. -Mark
>
Once you think you have it tightly configured, register at
http://www.abuse.net/relay.html and test it for relay vulnerabilities also.
Frank Whiteley
More information about the NCLUG
mailing list