[BlueOnyx:01732] Re: Sendmail attack, again RESOLVED
Greg Kuhnert
greg.kuhnert at theanchoragesylvania.com
Wed Jul 15 23:33:46 -05 2009
Steve Davis wrote:
> I have still not resolved this.?? 3.2 million in the mailq. It appears
> that this attack is intended on crashing the server/sendmail? VAR at
> 100% is generally not good.
I've been working with Steve, and the good news is that this appears to
be fixed. For the benefit of others who might run into this, here are
some notes about the solution.
Basically, I cleaned the queue (deleted files from /var/spool/mailq),
and then did a forced rebuild of the sendmail config file
cd /etc/mail
touch sendmail.mc
make
service sendmail start
What we do know is that mail relaying is now blocked. What we don't know
with 100% certainty is the method the attackers used to allow his box to
be an open relay in the first place.... but at least its sorted for now.
Regards,
Greg Kuhnert
--
+---------------------------------------------------------------------+
| / \ Greg Kuhnert, gkuhnert at compassnetworks.com.au |
| < o > Compass Networks - Pointing you in the right direction |
| \ / Come see us for BlueQuartz / BlueOnyx modules & Support. |
+---------------------------------------------------------------------+
More information about the Blueonyx
mailing list