EMERGENCY - need to secure my server against an ongoing SPAMMER
Bob Brennan
rbrennan96 at gmail.com
Fri Mar 11 12:37:10 UTC 2005
> The files in /var/spool/mqueue (and now also /var/spool/mqueue.spam)
> begin with either "qf" or "df" (queue file or data file). There should
> be one of each for each email. The rest of the filename is made up from
> sendmail's queue tag for that message, which also appears in
> /var/log/maillog.
>
> I want to see what's in one of the "qf" files for one of the spam emails.
Those are the files I deleted in the last message exchange :-( in
order to stop all queud message from going out. I did however save the
first and last rejection which contains header information - the bad
new there (too) is that I saved them in a Squirrelmail folder and SM
is now not responding without MySql running, although I didn't realise
there was a dependency there(?).
Having examined the headers I noticed the emails were coming from a
(randomletters)@yahoo account and being sent to (randonletters)@yahoo
and hotmail. The large bulk were in the queue undeliverable but it
looks like at least a few hundred go through.
> Try removing the lock file manually:
>
> # rm /var/lock/subsys/mysqld
>
> This is probably a symptom of the problem rather than being the problem
> itself though.
I had already tried that trick - no difference, it just creates a new
file when I try to restart.
The error seems to be:
/usr/libexec/mysqld: Can't find file: './mysql/host.frm' (errno:13)
but I haven't tracked that one down yet
bob
More information about the fedora-list
mailing list