Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Jay Dee on June 05, 2003, 03:59:28 AM
-
On release 5.1.2 I noticed my cpu was pegged a good deal of the time. My mail logs showed qmail trying to forward a few 20MB files which looked like:
smtp connection from UNKNOWN@localhost(127.0.0.1) MAIL FROM: <> RCPT TO: , allowed by line 22 of /etc/smtpd_check_rules
I disabled forwarding of localhost and that took care of it.
I found the same thing going on with 3 other e-smith boxes. Time to upgrade to 5.5.
Jay
-
Are you using any kind of FormMail applications or CGI based mail applications? Mail coming from localhost is often a good indicator of someone exploiting a web-based email/mailing application. It's likely that an upgrade to 5.6 won't help you out if that is the case.
-
I am not running any cgi on these boxes. Just has the default construction webpage. All 4 boxes are at different companies and domains. My 5.6 box didn't have the condition.
Jay
-
How lax, or not lax have you been in apply updates to the system outside of the rather outdated (no offense intended) errata packages supplied by E-Smith/Mitel/SME. IE, using Redhat Errata for the 5.1.2 series, by using the RH Errata packages for RH 7.1 since 5.1.2 is based off Redhat 5.1.2?
http://rhn.redhat.com/errata
Don't use RH Errata packages for:
Kernel updates
xinetd updates
imapd updates
qmail updates
Everything else should work perfectly, including OpenSSL, Apache, PHP, MySQL, etc.
-
Sorry for the typo, SME/E-Smitih 5.1.2 is based off RH 7.1..