On 12/30/2011 10:17 AM, Gary Smith wrote:
I've been administering the same postfix server for years so I'm a little
confused as to how this happened. Granted postifx hasn't been updated in a
year or so.
This morning I came in to a mailq of over 93000 messages all destine to
@yahoo.com.tw
For now I'm just blocking all email destined for this domain but I would
really like to find out what happened. I haven't changed my main.cf
file for over a year. I can post it if needed.
Are you an open relay or did one of your user accounts get hacked. I'd check
the envelope of one of the messages, cross that with where it originated and go
from there. Just a shoot from the hip guess with little information.
I'm pretty sure. I'm watching the connections coming in and they are
from external IP addresses. A who is shows them as being from south
America and Europe.
--
Stephen Atkins
Information Systems
Resorts of the Canadian Rockies INC.
http://www.skircr.com
satk...@skircr.com
Voice: (403) 209-3367
Cell: (403) 510-8333
Fax: (403) 244-3774
