Spammers using my server

[Mike Kercher]

Jay Ehrhart wrote:
> This morning I had over 7000 emails in my Linux server's outbound
> queue which I deleted.  My firewall log shows over 20,000 emails went
> out with a SunTrust bank announce saying to login and enter your
> username and password.
> I do not see the emails coming in like I would in a relay.  How can I
> stop this or how are they doing this?
>
> My firewall using a SMTP proxy and only allows my domain in.  I run
> MailScanner on my Red Hat 3.0 mail server with Sendmail.  The box has
> the lastest patches from Red Hat.  I have Sendmail setup to accept
> only my domain email.
>
> The non-deliverable reports are coming from my Linux apache user.
> Non-deliverables usually come from root.  I am running apache on the
> server with forms.  The forms software is the latest version and
> patches.
>
> Can anybody help on this?
>
> Thanks,
> Jay

I would certainly look at the configuration of that form processor!  I'd
take it out of service until you figure out how to secure it.  I'd also look
for other form processors on the system that maybe YOU didn't install.

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).