Spammer on my system
Charles Hatvany
charles at hatvany.com
Tue Mar 1 22:38:05 GMT 2005
Hi guys,
This may not be the correct forum for this. My apologies if this is the
wrong place - could use direction.
I have someone abusing one of our servers. The mails "originate" with
user "www".
The log entry is like this:
Feb 28 20:19:03 sixty sendmail[33993]: j211J29r033993: from=www,
size=7430, class=0, nrcpts=200,
msgid=<200503010119.j211J29r033993 at sixty.hatvany.com>, relay=www at localhost
pxytest shows open proxies at port 25 and 587. The apache config file has
<Directory proxy:*>
Order Deny,Allow
Deny from all
</Directory>
If I reject relay for 127.0.0.1 - I stop him, but also all mail
originating on the server and on our web mail.
Any ideas of what I should look for/do?
Charles Hatvany
More information about the freebsd-isp
mailing list