Date: Tue, 1 Mar 2005 17:37:58 -0500 (EST) From: Charles Hatvany <charles@hatvany.com> To: freebsd-isp@freebsd.org Subject: Spammer on my system Message-ID: <20050301173622.N26116@forty.hatvany.com>
next in thread | raw e-mail | index | archive | help
Hi guys,
This may not be the correct forum for this. My apologies if this is the
wrong place - could use direction.
I have someone abusing one of our servers. The mails "originate" with
user "www".
The log entry is like this:
Feb 28 20:19:03 sixty sendmail[33993]: j211J29r033993: from=www,
size=7430, class=0, nrcpts=200,
msgid=<200503010119.j211J29r033993@sixty.hatvany.com>, relay=www@localhost
pxytest shows open proxies at port 25 and 587. The apache config file has
<Directory proxy:*>
Order Deny,Allow
Deny from all
</Directory>
If I reject relay for 127.0.0.1 - I stop him, but also all mail
originating on the server and on our web mail.
Any ideas of what I should look for/do?
Charles Hatvany
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050301173622.N26116>