* ASAI <a...@globalchangemusic.org>: > Greetings, > > In the logs I have been seeing many attempts made to send messages to > gmail which seem like there's spam being sent from my server. In the > logs I see this: > > Dec 24 00:05:11 triata amavis[29729]: (29729-06) Passed CLEAN, > <apa...@triata.globalchangemultimedia.net> -> > <ickovjulee...@gmail.com>, Message-ID: > <20101224070510.bf7acfd8...@triata.globalchangemultimedia.net>, > mail_id: s69xqJA1Kuer, Hits: -2.6, size: 669, queued_as: 9F457FD80A9, > 898 ms > Dec 24 00:05:11 triata postfix/smtp[1065]: BF7ACFD8063: > to=<ickovjulee...@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, > delay=1, delays=0.09/0.01/0/0.9, dsn=2.0.0, status=sent (250 2.0.0 > Ok: queued as 9F457FD80A9) > > What is a problem is that there is no user named apa...@triata... and > this user is sending hundreds of emails out to Gmail. So it looks > like there's been a compromise. My question is, how do I begin to > plug this hole?
stop apache look further -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de