On Jan 29, 2004, at 5:39 PM, Bill Cole wrote:
That's just SIMS reading in queued messages at startup, so it does not say much about how your machine is being abused. If you have the logs for the arrival of that message, it might provide more clues.
The basic rules for keeping SIMS from being abused as a relay are:
1. Use the latest (last) version: 1.8b9d14 2. Make sure 'relay for clients only' is checked. 3. Watch for password-guessing attacks against POP3 or SMTP AUTH.
Without the records of how that mail arrived, it is impossible to know what exactly was done by the spammer.
Thanks a lot, thats what i did. looked at logs and saw a POP3 attack, had one of the accounts with a very easy username and password.
Spammer is blocked now.
-- Adri� Vidal Romero Director d'Art ___________________________________________________ Impr�s Grup de comunicaci� ___________________________________________________ Tel. 934 951 456 Fax 934 951 457 mailto: [EMAIL PROTECTED] http://www.impres-a.com
C. Ramon Turr� 23, 5 Pl. 08005 Barcelona ___________________________________________________
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
