On Thu, May 17, 2001 at 10:32:41PM -0600, Roger Walker wrote:
> I understand completely. I administer mail servers for a major
> ISP, so the principles are not a problem. I run qmail on my own servers,
> but there could always be something that I'm overlooking in the config. I
> know it sure looks as if the message originated locally, but I have my
> doubts - I've been checking the system over very carefully for intrusions
> and have gone over the log files, but I don't see anything out of the
> ordinary to suggest that someone has gotten access to a shell.
So you are saying that you've checked the qmail-send logs and there is
no injection that matches the headers of the bounce? Are you sure?
If you found a match, then the uid trail will tell you who did it.
> Thanks, all, for your speculations so far...
Well, if you showed us the headers and corresponding log entries from
qmail-send and tcpserver, we wouldn't have to speculate would we now?
Surely as a person who "administer[s] mail servers for a major ISP"
you realise the value that concrete data has in reducing speculation.
Regards.
