On Wed, 17 Sep 2008, Noel Jones wrote:
Milos Prudek wrote:
Dne Wednesday 17 of September 2008 18:32:35 Ralf Hildebrandt napsal(a):
* Milos Prudek <[EMAIL PROTECTED]>:
I suspect that my email server has been cracked. How do I make sure it
happened?
You check the logs.
You check the integrity of the system files using aide or samhain
However, /var/log/mail contains huge number of lines like this one:
What does
qshape
report?
What does
qshape deferred
report?
This command showed that over 60000 emails addressed to one domain are
deferred to be delivered to a localhost mailserver (Lotus Domino) that is
currently turned off.
I am sure that 99% of that is spam.
Are they addressed to real Domino users?
If not, your best use of time is to get postfix to reject mail to invalid
users during SMTP, before it ever gets accepted.
Either use relay_recipient_maps to list the valid users, or use
reject_unverified_sender to let postfix build its own list of valid users.
^^^^^^^^^^^^^^^^^^^^^^^^
Did you mean reject_unverified_recipient?
Now, spamassassin is not currently installed.
Before turning on the destination Lotus Domino I would like to scan the
deferred queue and DELETE all emails that SpamAssassin considers spam.
Can this be done in SpamAssassin itself (running spamassassin on the queue
folder), or do I need to connect/configure SpamAssassin with Postfix and
will then Postfix automatically send even the deferred mail thru
SpamAssassin? Assuming that I set SpamAssassin to DELETE mail considered to
be spam.
Spamassassin doesn't understand postfix's private queue file format, so you
can't just scan the queue files directly.
You can add a content_filter to postfix that uses SpamAssassin, then requeue
the deferred mail so it knows to go through the content filter.
Requeuing a large amount of mail will cause a high system load while postfix
reprocesses the mail.
Usually this should be avoided; but it's the only way to redirect existing
mail to a new content_filter.
On the other hand, that load will be slight compared to asking SpamAssassin
to scan 60000+ messages...
--
Noel Jones
-d
