Well I am going to need some help from the James email server gurus. My
James 2.3.1 server, running under SuSE Linux 11.0, has definitely been
compromised and I need to get it fixed asap. There is a particular piece
of spam showing up in the mail lists now daily, that I have James
servicing, and all users of that list are getting it. (I suspect all
regular users of my mail server as well, at least my wife and I do...)
To me this indicates that mysql has been compromised as well since to my
understanding that is the only place where all the email address of my
clients are stored.
I have changed all of the system and my user account passwords, checked
for anything suspicious in the mysql database, changed all passwords
associated with users of mysql, and reconfigured James with the
necessary passwords... I have not asked all my James email users to
change their passwords yet, figured I would ask here first... James uses
smtp authorizations. The spam looks like it is either coming from my
personal account (I am the only non system user on this Linux system) or
it appears to be coming from the person to which the spam is sent i.e.
as if the receiver is also the sender. Same goes for the Reply To field
of the spam.
So what should I do next to stop this crap? Thanks for any and all help
offered...
Marc Chamberlin...
FYI - I tried to include a copy of the spam here for reference, but
the mail server for this mail list was overly aggressive and bounce my email.
Makes it rather hard to share information about who the particular spammer is.
In a nutshell to spam is selling replicated watches. The source code of the
spam email is encoded in base64, probably so as to bypass filters.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
