* Milos Prudek <[EMAIL PROTECTED]>: > I suspect that my email server has been cracked. How do I make sure it > happened?
You check the logs. You check the integrity of the system files using aide or samhain > However, /var/log/mail contains huge number of lines like this one: What does qshape report? What does qshape deferred report? > Sep 17 18:23:58 mail postfix/error[31376]: C9D81529A036: > to=<[EMAIL PROTECTED]>, relay=none, delay=39275, delays=39275/0.19/0/0.2, > dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to > 127.0.0.1[127.0.0.1]: Connection refused) > > There are about 100 such lines every second. The "to=" address is different > each time, but the rest is the same. Is it my server refusing spam, or is it > my server sending spam? fgrep C9D81529A036 /var/log/mail* -- Ralf Hildebrandt ([EMAIL PROTECTED]) [EMAIL PROTECTED] Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de I'm looking for a job Vampireware /n/, a project, capable of sucking the lifeblood out of anyone unfortunate enough to be assigned to it, which never actually sees the light of day, but nonetheless refuses to die.
