|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ralf Hildebrandt (Ralf.Hildebrandt
charite.de)
Date: Wed Sep 17 2008 - 11:32:35 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
* Milos Prudek <prudekbvx.cz>:
> I suspect that my email server has been cracked. How do I make sure it
> happened?
You check the logs.
You check the integrity of the system files using aide or samhain
> However, /var/log/mail contains huge number of lines like this one:
What does
qshape
report?
What does
qshape deferred
report?
> Sep 17 18:23:58 mail postfix/error[31376]: C9D81529A036:
> to=<omfg.qsqswisshaus.ru>, relay=none, delay=39275, delays=39275/0.19/0/0.2,
> dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to
> 127.0.0.1[127.0.0.1]: Connection refused)
>
> There are about 100 such lines every second. The "to=" address is different
> each time, but the rest is the same. Is it my server refusing spam, or is it
> my server sending spam?
fgrep C9D81529A036 /var/log/mail*
--
Ralf Hildebrandt (Ralf.Hildebrandtcharite.de) snickebocharite.de
Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de I'm looking for a job
Vampireware /n/, a project, capable of sucking the lifeblood out of
anyone unfortunate enough to be assigned to it, which never actually
sees the light of day, but nonetheless refuses to die.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]