What are people doing about joe jobs at this point? What custom rules, and or pluggins? I use qmail with spamassassin and I'm seeing a increase in these over the last few weeks on some of my domains.
Jason > -----Original Message----- > From: Rubin Bennett [mailto:[EMAIL PROTECTED] > Sent: Monday, May 05, 2008 11:53 AM > To: Jon-Paul Kelly > Cc: spamassassin-users > Subject: Re: joe jobbed or hacked? > > Read the headers in the bounce messages; look for the originating IP > address. If it's the address of your server, then you know it's not a > joe job (but it probably is). > > Rubin > > On Mon, 2008-05-05 at 09:45 -0700, Jon-Paul Kelly wrote: > > I just received around 2000 bounce messages from various servers > > rejecting messages (supposedly) coming from my email address. > > This has happened to me before but not on this scale. Any ideas on > how > > to tell if this is just a joe job or if someone has actually used my > > server as a spam sending platform? > > I am on a centos5 box. > > Any help on this will be greatly appreciated. > -- > Rubin Bennett > RB Technologies > http://thatitguy.com > [EMAIL PROTECTED] > (802)223-4448 > > "They that can give up essential liberty to obtain a little > temporary security deserve neither liberty nor safety" > --Benjamin Franklin, Historical Review of Pennsylvania, 1759 >
