Hi Folks,
I got a report that our Qube had been used for Spam and as far as I know it is locked down pretty tight so I don't know what to make of this. I had one person on the Dshield list say to check the maillogs and I tried that but they only go back to 4/16 and this happened on 4/13. Then someone else just noted that they are not aware of any way to spoof the "NNTP-Posting-Host" that shows our IP address in this email and "You'll have to look for outbound HTTP connections to posting.google.com from your IP, not SMTP transactions."
So how do I do that ?
And is there a way to keep logs from rolling off so fast ?
If you are familiar with the command line interface, see if you have a file /etc/logrotate.conf (RaQ 550 does).
It will make sense when you read the file. I changed mine to effectively never remove logs. I keep them all, and occasionally export them and burn them to a cd.
Thanks and here is the original email notice I received:
_______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
