Running a
RaQ550. We've been fighting off a spammer since Friday. Then woke up
this morning having been hacked. Early on we were noticing that the REJECT
lines in /etc/mail/access were not being respected. The pop-before-relay
seemed to be working but these spammers were still getting in. When we
attempted to block their IPs, that is when we noticed the issue with
/etc/mail/access.
One interesting
note, when they would connect to our sendmail it would see their IP, but they
were identifying themselves with a server name that was our IP address.
Still not sure how they were pulling off the relay, as their IP was not in
popip.db. Doesn't poprelayd only look at
/var/log/maillog?
Anyhoo, just curious
if anyone else has ventured down this road.
-keith
