On 18 May 2001, Mark Delany wrote:
> So you are saying that you've checked the qmail-send logs and there is
> no injection that matches the headers of the bounce? Are you sure?
>
> If you found a match, then the uid trail will tell you who did it.
The log portion I supplied is indicative of all of the stuff
related to the aol mail. The PID associated with those messages was not
there when I became aware of what was happening, so I can't definitively
trace it.
> Well, if you showed us the headers and corresponding log entries from
> qmail-send and tcpserver, we wouldn't have to speculate would we now?
> Surely as a person who "administer[s] mail servers for a major ISP"
> you realise the value that concrete data has in reducing speculation.
All of the logs for qmail I have go to a single file. I do not
have headers, or I would probably have been able to definitely say that
this was a relay (or generated directly from my system by a cracker).
--
Roger Walker <http://www.rat-hole.com>
Voice/Fax 1-780-440-2685 <http://www.man-from-linux.com>
"HIS Pain; YOUR Gain" <http://www.rope.net>
<http://www.rope.net/signature.html>
