The problem is over and the machines in question have been rebuilt from scratch, but I am still curious as to how it could have happened.
Many weeks ago I noticed that I my mail server was dealing with about 4x the amount of mail it normally does. After much digging I was able to trace it back to my brother's machine (different network, different location) who happens to be my secondary DNS. I mention the DNS part since most of the spam being sent to my system was addressed to domains I host. In any case, the machine sending me all the spam was not his mail server, but his router. Since his actual mail server lives within his network, all port 25 traffic should have been diverted to his internal machine, so it doesn't seem likely to have been a normal open relay issue. His router had qmail installed on it, and was running FreeBSD 4.5, but aside from the huge amount of mail coming out of it I didn't see any abnormal activity on the machine. So the question becomes, how does a router with port 25/993 directed to the internal network start relaying gobs of spam and why is all (?) mail directed at my domains in particular? I didn't see any new accounts on the machine, nor any strange processes. As soon as I shut down all of qmail's processes the problem went away. Any thoughts on this? _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"