[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] HELP!! Somebody is spamming through my box!

Subject: Re: [cobalt-users] HELP!! Somebody is spamming through my box!
From: flash22@xxxxxxx
Date: Wed Sep 12 14:26:22 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Sun, 9 Sep 2001, Chip wrote:

> 
> 
> I just checked the admin logs, and found hundreds of messages like the 
> following.  I know that I have relaying turned off, I'm using 
> pop-before-smtp for security, and I've got all of the updates installed.
> 
> I don't know how to figure out which user is doing this, and I obviously 

> Sep 9 16:48:25 www sendmail[11725]: QAA11723: 
> to=corso5@xxxxxxx,abean34@xxxxxxx,huskerhawg@xxxxxxx,bucksfan@xxxxxxx,angeiofsorrow@xxxxxxx,bling02bling@xxxxxxx,rleon2@xxxxxxx,rubertin@xxxxxxx, 
> ctladdr=admin (110/27), delay=00:00:00, xdelay=00:00:00, mailer=esmtp, 
> relay=mailin-04.mx.aol.com. [152.163.224.122], stat=Sent (OK)

Since the ctladr is admin. it's either an internal user like a web script,
or a forward address....you will need to look further back in the logs and
match up the queue numbers, eg QAA11723 should match a similar number like 
SAA11723 ...which will mostlikely be the related message reciept, if there
is none at all, it was probably internally generated via a script.

Don't overlook the possability a web user with shell or ftp access made a
.forward file crammed with email addresses ....

gsh

References:
- [cobalt-users] HELP!! Somebody is spamming through my box!
  - From: Chip

Prev by Date: RE: [cobalt-users] [OT] dns problems
Next by Date: Re: [cobalt-users] CobaltSSL-RaQ2-3.2-Upgrade.pkg
Previous by thread: [cobalt-users] HELP!! Somebody is spamming through my box!
Next by thread: RE: [cobalt-users] HELP!! Somebody is spamming through my box!

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index