Spam problem

John Van Ostrand john-Da48MpWaEp0CzWx7n4ubxQ at public.gmane.org
Thu Jun 14 06:44:49 UTC 2007


On Thu, 2007-06-14 at 02:21 -0400, Madison Kelly wrote:
> Sadly, it is/was coming from my machine. :<
> 
> I've upgraded the server and blocked about 8 class A networks at my 
> firewall. It's draconian, but it seems to have stemmed the tide until I 
> can look at the problem tomorrow (it's 2:30am now...).
> 
> It looks like they've found a way to connect to my machine's sendmail 
> even though relaying should be denied. Any idea how this could have 
> happened? At any rate, I will look into that tomorrow. Thanks for your help!
> 
> a tired Madi

If you are running any web applications you may want to look at
fill-in-forms. Also I saw a squirrelmail exploit recently, although I
didn't pay much attention to it, just upgraded.

There is also an MSP (mail submission port) that usually requires
authentication by default. Make sure  you don't have guessable
passwords.

It's also possible that it's coming from a machine internal to your
network that is using your email server for sending email or for
NAT/firewall.

Finally, an open proxy server could be the culprit.

Is your machine the 192.139.81.120? How did you determine it was your
system? Does the email show up in logs? Was it just an IP address in the
received header that tipped you off?

--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list