Clint Savage wrote: > Gary thanx. > > That sort of blocked it, but now I get hundreds of Undeliverable > messages in > my inbox. I am guessing that if I remove the "mail for korea.com is not > deliverable" part from the transport file, this will go away? > > Also, I do think it's something local on my box, but nothing really > appears > out of the ordinary. Looking around, I've so far located a couple > processes > that are suspect, but nothing really solid. Are there any good tools out > there to help identify the culprit? > > Cheers, > > Clint > > On 1/30/07, Gary Thornock <[EMAIL PROTECTED]> wrote: >> >> You might check the mynetworks and relay_domains settings in >> Postfix, but I suspect they're fine. This looks more like >> there's an application running on your box that's sending mail. >> That's a more difficult problem to solve, unfortunately, unless >> it's an application that's supposed to be there and it's just >> being misused. >> >> If all of the mails being sent have the same destination domain, >> you can at least temporarily stop the flow by adding a couple of >> lines to /usr/local/etc/postfix/transport: >> >> korea.com error:mail for korea.com is not deliverable >> .korea.com error:mail for korea.com is not deliverable >> >> and then running the usual "postmap transport && postfix reload". >> Check first to make sure Postfix is using the transport map. >> There should be a line like this in main.cf: >> >> transport_maps = hash:/usr/local/etc/postfix/transport >> >> Ultimately, though, if there is an unwanted application on your >> system sending email, you've got some work ahead of you getting >> things cleaned up. The only way to really be sure that other >> parts of your system aren't also compromised is to reinstall. If you can't find what you want in your logs, look for a mail script (PHP, Perl, or whatever you use). It's likely an exploited script, and the fix not to send to certain places is only a band-aid fix. You'll cut down on processor/memory usage if you find the exploited script.
Brandon Stout http://mscis.org /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
