Sorry to bother you, but I would like to show you some aspects about how a Sendmail running on an OpenBSD 3.8 system can be involved in a spam attack. I'm not quite sure that OpenBSD 3.8 or Sendmail are exploitable, but I would like some help to clarify this problem. More precisely, one day I've noticed that /var/spool/mqueue was full with 30000 messages (in fact return messages, showing that some servers including Yahoo! do not accept some mails from me). I've noticed that the "mailstats" command reports 130000 (!!!) messages sent (!) outside. My computer is a small server running OpenBSD 3.8, MySQL+PHP+Apache for the website; it's a FRESH install so that I don't think it's a problem in the system. I have around 30 users that use POP3+Outlook Express to send and receive their mail messages. The problem is that I have antispoofing on, "scrub in all"; some suspect (probably Windows machines from the neighbouring departament which are supposed to have some viruses are bloked through the PF). I also have NAT for my local network (192.128.x.x) and ip forwarding for the global addresses. Relaying is stopped so this could not be a problem (Yahoo! asks me if I am am open-relay!). My machine seems quite secure, but I cannot say why my machine sends so much mail messages (day & night). Maybe some accounts are compromised, but I have no way of determining this. How can I see how many mail messages a user sends? I don't think this is an ordinary problem. I have some experience on FreeBSD (2 years) and on OpenBSD; moreover, I have 2.5 years of experience with GNU/Linux systems. Maybe this is a simple problem, but I can't solve it all by myself and thus I now requested help from our great OpenBSD community. My OpenBSD 3.8 system was not patched and the kernel was not recompiled. Thank you very much for your attention and I hope someone can help me with this (could it be problem with Sendmail on OpenBSD 3.8? - I really don't think this could happen).
Respectfully yours, George Popa