[vox-tech] Spammers using my server

ME dugan at passwall.com
Fri Sep 24 09:27:25 PDT 2004


Assuming you have all of the latest patches, and the messages are from
apache, I would examine the CGI that you have on your system to see if any
are for form to mail gateway. If so, some of these may be the actual cause
of messages being relayed through you.

Looking for processes owned by apache which are not the web server is
another helpful thing. If the messages are being sent by the web server,
check the package fies to see if they are the same as the ones from the
package.

-ME


Ehrhart, Jay said:
> This morning I had over 7000 emails in my Linux server's outbound queue
> which I deleted.  My firewall log shows over 20,000 emails went out with
> a
> SunTrust bank announce saying to login and enter your username and
> password.
> I do not see the emails coming in like I would in a relay.  How can I
> stop
> this or how are they doing this?
>
> My firewall using a SMTP proxy and only allows my domain in.  I run
> MailScanner on my Red Hat 3.0 mail server with Sendmail.  The box has
> the
> lastest patches from Red Hat.  I have Sendmail setup to accept only my
> domain email.
>
> The non-deliverable reports are coming from my Linux apache user.
> Non-deliverables usually come from root.  I am running apache on the
> server
> with forms.  The forms software is the latest version and patches.
>
> Can anybody help on this?
>
> Thanks,
> Jay
>
> Jay Ehrhart
>
> _______________________________________________
> vox-tech mailing list
> vox-tech at lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>
>



More information about the vox-tech mailing list