This question isn't really appropriate to a SpamAssassin forum.
For what it's worth, it sounds like someone exploited an Apache vuln on your system and installed a mail generator. Given the severity of this (ie you are sending out thousands of email phishing frauds) you should probably take the server off the network until you fix it.
Jay Ehrhart wrote:
This morning I had over 7000 emails in my Linux server's outbound queue which I deleted. My firewall log shows over 20,000 emails went out with a SunTrust bank announce saying to login and enter your username and password. I do not see the emails coming in like I would in a relay. How can I stop this or how are they doing this?
My firewall using a SMTP proxy and only allows my domain in. I run MailScanner on my Red Hat 3.0 mail server with Sendmail. The box has the lastest patches from Red Hat. I have Sendmail setup to accept only my domain email.
The non-deliverable reports are coming from my Linux apache user. Non-deliverables usually come from root. I am running apache on the server with forms. The forms software is the latest version and patches.
Can anybody help on this?
Thanks, Jay
