[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] RAQ3 - Baffling SPAM Message Relay

Subject: Re: [cobalt-users] RAQ3 - Baffling SPAM Message Relay
From: Jay Summers <jay@xxxxxxxxxxxxxxxxxxxxx>
Date: Fri Oct 19 10:02:09 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> Hello All;
> Our server is being used to relay Spam messages to hundreds of addresses.
> 
> Have been working to try and fix this for two weeks now.
> We tried all of the following:
> - Read a lot of (very helpful) advice on this forum.
> - Have installed all of the latest RPMs on Cobalt site.
> - Found the T0RN rootkit and deleted and replaced all of affected files.
> - Installed POP b4 Relay
> - Switched to SSH and killed telnet
> 
> SPAM still continuing!
> The emails appear to be originating from=admin
> I also see relay=admin@localhost
> 
> Questions:
> 1) How do I turn off ALL relaying? Simply using the UI panels does not seem
> to work.
> 2) Any suggestions as to what might this be?
> 
> Any comments welcome!

If you found a T0RN kit and you're machines been rooted, then the only
solution is a full restore with the restore CD. That is the only way that
you'll know your machine is clean. Most likely Mr. h4x0r has a number of
back doors into your system. Bummer deal...

HTH,
j

-- 
http://www.bizmanuals.com

Follow-Ups:
- Re: [cobalt-users] RAQ3 - Baffling SPAM Message Relay
  - From: flash22
- RE: [cobalt-users] RAQ3 - Baffling SPAM Message Relay & Restore CD
  - From: Efrem Habteselassie

References:
- [cobalt-users] RAQ3 - Baffling SPAM Message Relay
  - From: Efrem Habteselassie

Prev by Date: Re: [cobalt-users] Server Spamming
Next by Date: RE: [cobalt-users] Server Spamming
Previous by thread: [cobalt-users] RAQ3 - Baffling SPAM Message Relay
Next by thread: Re: [cobalt-users] RAQ3 - Baffling SPAM Message Relay

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index