Slightly OT: Postcard Virus/SPAM

Philip Zeigler philip at zeiglers.net
Tue Oct 13 23:00:06 IST 2009


There are no users logged in.  Server is a web server and mail server.
There are accounts set up for users for the email but they are accessed only
through imap/dovecot.  None of the users have shell access (set to
/bin/nologin or /bin/false).

I am remote from the machine right now so I will not be able to test the
"init 1" until the tomorrow morning.

Philip

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex Neuman
Sent: Tuesday, October 13, 2009 5:43 PM
To: MailScanner discussion
Subject: Re: Slightly OT: Postcard Virus/SPAM

Sure, but there's so much you need to test...

First of all, how many logged in users do you have? Did you run "last"  
to see if anyone's logged in? Does it still run if you "init 1" then  
start networking and the MTA/MailScanner?

On Oct 13, 2009, at 4:35 PM, Philip Zeigler wrote:

> I just noticed that one of my mail servers has been compromised  
> somehow and has begun sending out spam/virus as if it was coming  
> from postcard.org.  The emails seem to be originating from my web  
> server with the apache at mydomain.com address.
>
> I have stopped the sendmail out process so that these don't get  
> sent.  This also prevents more of these emails from being  
> generated.  If I flush the mail queue and restart the outbound  
> sendmail process then more of these emails get generated.  Until I  
> get this cleaned up, I'm leaving it off.
>
> My problem is that I can't figure out how they are actually getting  
> generated so that I can put a stop to it.  There is no trace in my  
> access_log files of anyone posting through a form, etc.
>
> Has anyone else dealt with this and know how to clean up this mess.
>
> Philip
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean. --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list