[plug] Postfix Problems again (Spam Originating frommy mailserver)

Shannon Carver shannon.carver at p-s-t.com.au
Thu Dec 1 21:56:30 WST 2005


If theres one thing I love about linux, and about this list, is no 
matter what the topic theres always some little thing to learn.  I must 
admit, I've never used the /proc/<process number> to get information 
before.  I've noticed them there but never pieced together they might be 
process information.

Anyway back to it.. The script that started on Nov29 which may, or may 
not be causing an issue is some form of statistics generation script for 
my webmail client openwebmail, in the form 
/usr/lib/cgi-bin/openwebmail/userstat.pl.  This seems fine, apart from 
the fact that it was started by a random IP 61.218.37.215 which I've 
never heard of, nor have any affiliation with.

Wether or not this could be causing the issue will have to wait and 
see.  I'll leave it for tonight with openwebmail stopped, and the 
scripts moved (a tack on solution to see if the problem stops) and I'll 
look for security vulnerabilities in openwebmail and make sure to get 
the latest source from APT tomorrow.

Thanks Timothy, thanks all, I'll update if I find anything else

Regards

Shannon

Timothy White wrote:

>>>started both at midnight, I'll look at my crons now.. I thought I
>>>checked this already, must have been after I restarted the box.
>>>      
>>>
>
>What are the last 2 processes?
>(/proc/<process pid> will provide with you heaps of info on running
>processors, encase you didnt' already know)
>
>Also check /var/spool/mail, because I do know of away, for things to
>be stored in the mail spool, and executed at will, and being hard to
>trace back there.
>
>Tim
>--
>Linux Counter user #273956
>_______________________________________________
>PLUG discussion list: plug at plug.org.au
>http://www.plug.org.au/mailman/listinfo/plug
>Committee e-mail: committee at plug.linux.org.au
>  
>



More information about the plug mailing list