You should make sure there are no rogues in your lsof - no need to post but do double check you know why every port is open. Are you sure about that port 2600 port? It's used by zebra but I doubt you would be doing routing, web service and email on one machine. I don't see smptd or master in that lsof list so is postfix on a different machine? If so you need to check ports there also. Last time I had an intrusion, the hackers liked ports with 666 or 667 as the last 3 digits. (Sign of the beast - funny to them). They also had IRC server and clients. So check for those ports. You mention http - if you are running PHP it is possible to mail directly via localhost from PHP. It is possible that all the headers before localhost are forged which makes the problem much harder.
On Aug 3, 2009, at 10:07 AM, Trevor Jacques wrote: > The above is naturally a subset of the full report (I've only excluded > http and the other non-e-mail-related services). The assp raw stats > port is set in assp to be available only to localhost. I suspect that > the extra processes used by amavisd are for the various processes that > use it (assp, Postfix, etc.); note that they are only available to > localhost. > > I'm still none the wiser to how the mail got past assp. > > T. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
