[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] [OT] Email spam
- Subject: RE: [cobalt-users] [OT] Email spam
- From: Joseph R Brennskag <jbrennsk@xxxxxxxxxxxx>
- Date: Tue Aug 27 05:29:01 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
The FormMail exploit happened to us last week. A review of the [raq3]
/var/log/maillog shows the excessive activity. A review of
/home/log/httpd/access will reveal if the formail exploit is being used.
Also check out the messages sitting in /home/spool/mail/mqueue yet to be
delivered. We had thousands of spam messages sitting in there.
Joe Brennskag
Hardy Telecom
304-897-9911
joe@xxxxxxxxxxxx
-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of jale@xxxxxxxxxx
Sent: Tuesday, August 27, 2002 7:57 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] [OT] Email spam
>http://www.domain.com/cgi-bin/formmail.pl?recipient=fred@xxxxxxxxxxxxxxxxxx
&
> > message=Buy%20viagra
> >
>
>don't think it is that since the domain name they're using doesn't have
>FormMail. i double checked the access log for that virtual site and there's
>nothing there.
Okay, I know some stuff really well, other stuff I've never had to do -
with my SMTP server not responding problem (about 4-6 times/day) - how do I
check the mail logs to see what happened in that time period.
As always, help is greatly appreciated!!!
JALE
_____________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users