L
lpittman
Guest
Hey team ...
I installed isoqlog to see what the usage was like on my server and was alarmed to see 6500+ "Sent" emails after scanner only todays log.
I run 'isologd' every 10 minutes or so just to see and the Sent emails increases by a nearly 100 every time. This mail server _does not_ send out that many legitimate outgoing emails.
So, I have two thoughts:
1. I do have qgreylist running - so, technically if I am receiving a lot of spam, this would be sending back a lot of emails, right?
2. The server has been compromised.
I've checked /tmp and /var/tmp and see nothing out of the ordinary. I have run chkrootkit and rkhunter and neither reports anything strange.
Can anyone offer any advice here?
Thanks,
Luke
I installed isoqlog to see what the usage was like on my server and was alarmed to see 6500+ "Sent" emails after scanner only todays log.
I run 'isologd' every 10 minutes or so just to see and the Sent emails increases by a nearly 100 every time. This mail server _does not_ send out that many legitimate outgoing emails.
So, I have two thoughts:
1. I do have qgreylist running - so, technically if I am receiving a lot of spam, this would be sending back a lot of emails, right?
2. The server has been compromised.
I've checked /tmp and /var/tmp and see nothing out of the ordinary. I have run chkrootkit and rkhunter and neither reports anything strange.
Can anyone offer any advice here?
Thanks,
Luke