Been blacklisted >_< Was: Re:Is this spam coming from inside my network?
Madison Kelly
linux-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org
Mon Feb 13 22:33:50 UTC 2006
Jason Shein wrote:
> On Monday 13 February 2006 14:04, Madison Kelly wrote:
>> How could I check to see if I am an open relay?
>
> These will work.
>
> http://members.iinet.net.au/~remmie/relay/
> http://www.globedom.com/cgi-bin/relay
Thanks for the links! My server passed (not open).
Since then I've been digging through my logs and found this in
'/var/log/messages'
Feb 12 05:01:01 srv01 crond(pam_unix)[2456]: session opened for user
root by (uid=0)
Feb 12 05:01:01 srv01 crond(pam_unix)[2456]: session closed for user root
Which is just seconds before the first spam from my 'apache' user was
sent. From '/var/log/maillog':
Feb 12 05:01:15 srv01 sendmail[2445]: k186LxI0005105:
to=<mdenika-5SK1gwG8BQs at public.gmane.org>, ctladdr=<apache-RdzIV7WH+z2kJxZZvsxEJOqUGfbH9hYC at public.gmane.org> (48/48),
delay=4+03:39:16, xdelay=00:02:00, mailer=esmtp, pri=11822817,
relay=qaol.com. [38.119.83.27], dsn=4.0.0, stat=Deferred: Connection
timed out with qaol.com.
So it looks like something connected for less than a second and then
somehow started the flood. I've tried upgrading to Apache 2.0.54 and I
(re)set the user password for 'apache' but the mail is still being sent.
Needless to say, I am starting to get desperate!
Madison
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Madison Kelly (Digimer)
TLE-BU; The Linux Experience, Back Up
Main Project Page: http://tle-bu.org
Community Forum: http://forum.tle-bu.org
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list