Topic: my server attacking other servers

[mikehv]

I have been contacted by my ISP and they have told me that my server is send spam, or more to the point that my server is tring to access other servers and find formmail.pl on the servers that it is tring to connect to, how can i chack to see if this is my server, and what script may be causing this?

thx

mike

[duncan]

Hi,

I built an rpm for rkhunter that I use for my customers machines. You can grab it from here.

It might help to see whats going on.

[Anonymous]

you can let run a mailrelay attack against your server, search for "shields up".

[mikehv]

hi i tried rkhunter, but did not find anything, but thanks for the quick reply, i can not use shields up as the server in question sites behind another sme server o  n a 1 to 1 nat

[mikehv]

is there any utility to monitor what script, app, page is sending out ?

[Denbert]

I have been contacted by my ISP and they have told me that my server is send spam, or more to the point that my server is tring to access other servers and find formmail.pl on the servers that it is tring to connect to, how can i chack to see if this is my server, and what script may be causing this?

thx

mike

Hi Mike,


What version do you have?

What configuration? E.g.: Server-Gateway?

If server-gateway, do you have any clients behind?

[mikehv]

i have version 6.0.1, i had clients behind but have removed tham to elimate them, it is setup as server only public ip address is sent from a second sme server via 1 to 1 nat, second sme server is version 5.6.