I got a few 'bounced' messages this morning quoting emails that I never
sent out. Now, I'm tailing my smtp log and it appears somebody is using
several machines to connect to my server and send out messages:
Which would mean you have an open relay, not really a hacked machine. I
would change
: Friday, August 22, 2003 9:43 AM
Subject: [xmail] Re: HEELP - mailserver has been hacked!!
I got a few 'bounced' messages this morning quoting emails that I
never
sent out. Now, I'm tailing my smtp log and it appears somebody is using
several machines to connect to my server and send out messages
Could you please provide me with a bit more detail as to how to do this?
How
do I change the management port?
The XMail registry entry for the control port is -Cp (as an example).
Default is 6017 (as of 1.15, unless it changed)
This is in your HKEY_LOCAL_MACHINE SOFTWARE GNU XMAIL --
1) Add your Class see to the smtprelay.tab file
X.X.X.0[tab]255.255.255.0
Or any other network configuration you need open
2) Make sure the line:
0.0.0.0[tab]0.0.0.0
does not exist in smtprelay.tab
3) Block the IP address(es) by using smtp.ipmap.tab
HTH
-Mike
