Date: Wed, 05 Jan 2011 10:47:36 -0500 From: Jerry Bell <jerry@nrdx.com> To: freebsd-questions@freebsd.org Subject: Re: Bot? Message-ID: <4D249298.9080706@nrdx.com> In-Reply-To: <4D249129.6090008@webtent.net> References: <4D249129.6090008@webtent.net>
next in thread | previous in thread | raw e-mail | index | archive | help
It's unlikely that the bot would relay outbound spam through your MTA - that would be inconvenient, slow and raise some suspicion. If the provider is right, you most likely have a bit of code running on the server that is directly connecting to external mail servers. There could be reasons you aren't seeing a spike, such as you're only looking at traffic processed by the MTA, or it simply doesn't show as a material increase on a graph of traffic on the network interface if the server is busy. Jerry On 1/5/2011 10:41 AM, Robert Fitzpatrick wrote: > Keep getting calls from our provider at one location that our FreeBSD > 8.0-RELEASE server is sending bursts of >1000 spam messages to >70K > recipients. Since the first call a few weeks ago, I have MRTG and Mail > Statistics graphs setup and see no spikes in traffic. Their last > sighting was over the weekend and graphs show a reduction in traffic > during that time as expected, again with no spikes in traffic or > messages sent/received by our Postfix/Amavisd-maia MTA. All services > on that server including SSH, SMTP and mail queue size all monitored > by Nagios and have had no alerts from that server. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D249298.9080706>