[NCLUG] spam problem with qmail
Steve Chadsey
tyr at teiresias.net
Tue Jan 13 08:57:19 MST 2004
On Mon, Jan 12, 2004 at 07:20:11PM -0700, Bob Proulx wrote:
> If you really think you server has been root compromised then you
> should bring the machine offline and make a copy of the disk and
> reinstall clean from known good sources. Then poke at the disk
> offline to detect how they got in. Trying to do forensics on a
> running machine is not advised and can obscure the trail.
> Reinstalling can be painful. Which is why I ask if you are sure.
[...]
> I am sure others on the list will have better suggestions than these
> poor ones of mine.
I was about to respond to the original when I read your reply. You put
it perfectly. Unless I was absolutely sure it was a simple local
configuration error, I would be tracking down my installation CDROMs.
Then again, I'm a bit more paranoid than most.
--
Steve Chadsey <tyr at teiresias.net>
More information about the NCLUG
mailing list