[axxs-sysadmin] mail queue on axxs.org

[Dave Fregon]

On Fri, 2008-05-30 at 13:18 +1000, maikkeli wrote:
> Can we see where the emails are originating from?
> If it's sendmail, do logs show which user it's from?
> 
> Perhaps sendmail could be -x for all but members of a "sendmail-users"
> group, or disabled altogether?
> 
> Most web software should support SMTP-auth, so maybe anonymous SMTP
> from even localhost should be disabled.

All good stuff ...

I actually moved /usr/sbin/sendmail and put in place a script that logs to /var/log/spam_log so any PHP mail function will be logged, and then passed to the real sendmail.

I also for those that have sudo, have in my home directory a script xploitFinder.sh that logs to a directory in my home sploitfind with suspect scripts from the filesystem.

This is how I found some items in one sites directories that contains uploaded email scripts that were getting hit from an IP in italy.

I think the spam issue stuff has been solved, I've moved the suspect files into the users /private directory and anyone wanting to check them out just contact me for the user involved, rather than on public list.

Dave


> 
>  michael.
> 
> On Thu, May 29, 2008 at 12:09 PM, Dave Fregon <dave at netaxxs.com.au> wrote:
> >
> > Messages in local queue: 43760
> > Messages in remote queue: 11363
> >
> > this is causing the semaphore issue, and I think the server is just a
> > spam machine.
> >
> > What to do? we really need to move to a new clean server asap, and audit
> > accounts.
> >
> > I am concerned over some accounts on the server as users are uploading
> > various (sometimes obscure) software and not keeping it up to date, nor
> > possibly setting correct permissions, mainly forum/php software.
> _______________________________________________
> axxs-sysadmin mailing list
> axxs-sysadmin at lists.indymedia.org
> http://lists.indymedia.org/mailman/listinfo/axxs-sysadmin
-- 
Dave Fregon

NetAxxs Workers Collective
Ph:  +613 5721 7777
Mob: 0434 000 234
25A Ely Street
Wangaratta 3677
Australia