RE: [cobalt-users] severe problem

["Jolley, Carl" <Carl.Jolley@xxxxxxx>]

-----Original Message-----
From: Devin Smith [mailto:devinsmith@xxxxxxxxxxxxxxx]
Sent: Thursday, July 11, 2002 6:08 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-users] severe problem


It sounds like you are an open relay, and someone is sending it out
using his name from your server.  You need to enable "Pop Before Relay"
to force a person to check their mail before they send mail.  Have the
user change his password too - that way if somehow the spammer got his
password, they won't be able to log in with it.  Hopefully this will
stop the spammer from using your server as a launching point for his
evilness. :-)

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of Randy Davis
Sent: July 11, 2002 4:05 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] severe problem


Any help would greatly be appreciated!  We have an emergency problem
that I would appreciate any assistance in fixing.  A user account on the
system is the user associated with a mass amount of spam email going
out.  He isn't even logged into the system and I know for a fact he
didn't sent this stuff out.  I've tried to clear the mail queue and shut
down sendmail for a while, but then all of a sudden the emails will be
back filling up the queue again.  I've got ssh running on the box and
the account they used doesn't have any admin priv.  Any advice or
suggestions????
------------------------------------

To find out if this is a problem of an open relay, taking a look at
/var/log/maillog should help. If you find the matching entries
for the flood of e-mail that are being relayed, then an entry
of the offending domain name (i.e. of the server that is doing
the relaying) into the /etc/mail/access file with a REJECT will
tend of stop the problem. You need to run makemap on the
/etc/mail/access file after you change it and you should also then
do a /etc/rc.d/init.d/sendmail restart