Hi Gordon,
No. I really couldn't keep the thing in honey-pot mode: I port-blocked the
offender and got it off all the block lists.
I am still completely skeptical that this was a root user: authdaemon requires
a password prior to invoking any backend - PAM or otherwise. All of these
messages were DSN resends for single emails with large numbers of recipient To
headers. I'm not sure how authentication was compromised, but do doubt the
veracity of the courierd log message suggesting root.
I too am disappointed I couldn't find an more reassuring answer.
Alan
Subject: Re: [courier-users] spammer masquerading as root
To: alan_milli...@hotmail.com; courier-users@lists.sourceforge.net
From: gordon.mess...@gmail.com
Date: Fri, 26 Jun 2015 10:14:09 -0700
On 06/16/2015 03:48 PM, alan milligan
wrote:
I'm awfully curious. Alan, have you
captured an auth request yet?
Not an offending one. But the debug log is neither extensive
nor surprising.
Did you ever get anywhere with this?
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
