[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Solarspeed's Spam Filter

Subject: RE: [cobalt-users] Solarspeed's Spam Filter
From: "Dan Kriwitsky" <list1@xxxxxxxxxxxxxxxxxxxx>
Date: Sun Apr 13 15:38:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> As always Dan and others, you've been quite helpful.
> 
> The 550 has been tested to not be an open relay, so I suspect 
> that that someone hacked in and running a spam script.
> 
> I have telnet turned off, and a pretty good alphanumeric 
> password used for SSH.
> 
> Which is the best log to look into re: 'others' getting into 
> the box and where is it located on a 550?
> 
> What have been the more commonly used spam scripts hackers 
> are installing so I can start the search?
> 

Unless you're seeing tons of action in your maillog, my guess is all
those deferred connections are from before you fixed your relay problem.
I'd wait a couple of days and watch:
tail -f /var/log/maillog to see if there's a lot of mail being sent via
your server. If not, nothing to worry about. Otherwise run top and see
what scripts are running.

-- 
C2003 Dan Kriwitsky

Please reply to the list only. Off list replies are not read.

Follow-Ups:
- RE: [cobalt-users] Solarspeed's Spam Filter
  - From: Manny Tau, Psy.D.

References:
- RE: [cobalt-users] Solarspeed's Spam Filter
  - From: Manny Tau

Prev by Date: Re: [cobalt-users] bind bug on reverse dns
Next by Date: [cobalt-users] Poprelayd for Qpopper v.4.0.5
Previous by thread: RE: [cobalt-users] Solarspeed's Spam Filter
Next by thread: RE: [cobalt-users] Solarspeed's Spam Filter

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index