Topic: hacker spamming through my esmith server

[John]

Someone is relaying spam through my e-smith 5.12 server. This is the second time it has happened -= the last time I reloaded the server and put all the latest patches in place.

How are they doing this and how can I stop them? Is there a know bug the patches do not cover?

I found out by getting the emails that bounced from my server to unknown email addresses.

Anyone have any suggestions? I am using default server with ssh open. But this happened after the ssh exploit was patched. I do not use telnet.

I am now on some spam lists and ppl dont get my email now.

Thanks in advance for your help.

[Paul Nesbit]

Everyone, please report security-related problems or suspicions to , not to the boards.   Let Mitel help you determine whether or not your system has been "hacked".  

John,

John wrote:
>
> Someone is relaying spam through my e-smith 5.12 server. This
> is the second time it has happened -= the last time I
> reloaded the server and put all the latest patches in place.
> [...]

Please report this to , where you'll likely be asked "Do you have any web-feedback or submission form applications installed?
(i.e. Formmail.pl?)".

Thanks,
 
 Paul

[Paul Nesbit]

For those of you receiving posts via e-mail, you may not have seen the e-mail address I provided in the post.  

It is "smesecurity@mitel.com".

Cheers,

  Paul

[Jeroen]

Are you sure the spam is sent by your server, and not just only using your domain as senders address?

Jeroen

[Tim Jones]

Either way, the "spoofed" sender's IP address ends up in the blacklist.  This has happened to us as well.  However, when we try to add the RCPT TO: procmail changes, legitimate mail gets blocked from going out and coming in.

This is a problem with procmail from what we've been able to determine.

Tim