Slightly OT: Postcard Virus/SPAM

Alex Neuman alex at rtpty.com
Tue Oct 13 22:43:29 IST 2009


Sure, but there's so much you need to test...

First of all, how many logged in users do you have? Did you run "last"  
to see if anyone's logged in? Does it still run if you "init 1" then  
start networking and the MTA/MailScanner?

On Oct 13, 2009, at 4:35 PM, Philip Zeigler wrote:

> I just noticed that one of my mail servers has been compromised  
> somehow and has begun sending out spam/virus as if it was coming  
> from postcard.org.  The emails seem to be originating from my web  
> server with the apache at mydomain.com address.
>
> I have stopped the sendmail out process so that these don’t get  
> sent.  This also prevents more of these emails from being  
> generated.  If I flush the mail queue and restart the outbound  
> sendmail process then more of these emails get generated.  Until I  
> get this cleaned up, I’m leaving it off.
>
> My problem is that I can’t figure out how they are actually getting  
> generated so that I can put a stop to it.  There is no trace in my  
> access_log files of anyone posting through a form, etc.
>
> Has anyone else dealt with this and know how to clean up this mess.
>
> Philip
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean. --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list