Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] spam - acting as a relay
  • From: Sven Michels <smichels@xxxxxxxxxxxx>
  • Date: Thu, 24 Jan 2002 10:36:35 +0100
  • Message-id: <3C4FD5A3.5A1F3E40@xxxxxxxxxxxx>
Delia Wakelin wrote:

> I have recently been informed that my machine is relaying
> spam.Need some help to identify the problem.
> I have had sendmail switched off on a suse 7.3 machine.

Take a look into the logfiles of sendmail (/var/log/mail?)
and grep for the sending address, that helps you to identify
the spam and the source. also grep your Webserver logfiles
for *mail* maybe a script is on your maschine (uploaded
by a user maybe?)


> here is the gist of the problem - my machine aaa.bbb.cc.dd.
>
> It seems they are using wwwrun - does that mean it is via php?
> Where and how should I block this

php is one possibility, another is cgi (perl etc.).
you can try to use filterrules on your box that block
mail from your webserver, but that makes you unable
to send mails via the webserver (maybe a webmailer etc.)


--
intraDAT AG http://www.intradat.com
Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0
D - 60329 Frankfurt am Main Fax: +49 69-25629-256
Junk mail is war. RFCs do not apply.

< Previous Next >
References