Server compromised

Server compromised

Postby brianmccairn » Wed May 05, 2010 5:03 pm

I think my outgoing mail is compromised, I've tried disabling all user accounts and the smtp service but I still jump to 20 connections and loads of outgoing mail as soon as I start up Ability. What do I do?
brianmccairn
 
Posts: 3
Joined: Tue Mar 04, 2008 3:20 pm

Re: Server compromised

Postby rob » Thu May 06, 2010 7:05 am

This does indeed sound like your SMTP has been subject to either a SPAM relay attack or an abusive user. The outgoing mail queue will probably be loaded with a lot of mails and these will either naturally be removed from the queue when their life expires, or simply if you unload the mail server and delete the 'config/outmail' folder in the installation folder. You must now of course track down the source, and the best way to do this is to look at some of the outgong mails (or outgoing mail log) and identify some addresses in their belong to SPAM mails. Then if you search the smtp logs for these entries, you will then be able to trace how those mails got in and then handle any abusive users. You should also check your SMTP relay settings and ensure that SMTP authentication is enabled too.
rob
 
Posts: 415
Joined: Mon Sep 10, 2007 2:34 pm


Return to General

Who is online

Users browsing this forum: No registered users and 26 guests

cron