Been blacklisted >_< Was: Re:Is this spam coming from inside my network?

Madison Kelly linux-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org
Mon Feb 13 19:04:06 UTC 2006 

Lennart Sorensen wrote:
> Hmm, it really does look like the user apache on srv01.nouvelocity.com
> (or at least the server thinks that is its name) is being asked to email
> those people and that since there probably is no DNS record for such a
> server the remote mail servers are denying it.
> 
> Does the server in question have any code on the web server that should
> send email to anyone ever?  
> 
> Any chance you installed one of those stupid perl formmail.pl or whatever
> they are called things which are known to have major security problems
> and allow remote creation of mail essentially making an open spam
> relay system?
> 
> Any chance you have a script on the server that is buggy and permitting
> someone to run code that tries to send spam?
> 
> Check the web logs around the time of each email was supposedly sent to
> see what requests were coming in.
> 
> Of course there is also the chance someone managed to hack the server
> and gain access to run as the apache user (which can't usually do much,
> but it can try to sent email).
> 
> Len Sorensen

Hi,

   I have RoundCube and Squirrelmail setup for a couple of the domains 
on the server but other than that it's a pretty stock Apache2/Fedora 
Core 3 setup. I checked for the 'formmail.pl' script but it isn't there.

   As the title says, the server has now been blacklisted which is a 
pretty good (??) sign that I'm either being used as an open-relay or 
that my machines has been, to some degree, hacked. Needless to say I am 
pretty frustrated/upset/pissed off at the moment!

   How could I check to see if I am an open relay? I've tried sending 
mail through that server (mail.tle-bu.org is an actual server on it) and 
I didn't authenticate from home (good thing). That was a pretty simple 
test though; do you have any more advanced things I could try in order 
to figure out what happened/is happening?

   Thanks!

A desperate Madison

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
           Madison Kelly (Digimer)
    TLE-BU; The Linux Experience, Back Up
Main Project Page:  http://tle-bu.org
Community Forum:    http://forum.tle-bu.org
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list