Greetings,
In the logs I have been seeing many attempts made to send messages to
gmail which seem like there's spam being sent from my server. In the
logs I see this:
Dec 24 00:05:11 triata amavis[29729]: (29729-06) Passed CLEAN,
<apa...@triata.globalchangemultimedia.net> -> <ickovjulee...@gmail.com>,
Message-ID:
<20101224070510.bf7acfd8...@triata.globalchangemultimedia.net>, mail_id:
s69xqJA1Kuer, Hits: -2.6, size: 669, queued_as: 9F457FD80A9, 898 ms
Dec 24 00:05:11 triata postfix/smtp[1065]: BF7ACFD8063:
to=<ickovjulee...@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1,
delays=0.09/0.01/0/0.9, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
9F457FD80A9)
What is a problem is that there is no user named apa...@triata... and
this user is sending hundreds of emails out to Gmail. So it looks like
there's been a compromise. My question is, how do I begin to plug this
hole?
- Mail Server Compromised? ASAI
-
