Ok I looked a little further in my logs and found that I wasn't compromised. Basically there were just too many connections from the following IP addresses 220.117.21.254 220.117.17.14 81.218.55.61 81.199.83.10 220.117.18.116 64.94.60.130 for my logs to keep up. By the time my logs caught up it appeared that the emails were internally driven from first glance. Now I just have to find out how the hell they relayed from my server
Kevin > Over the past 24 hours it seems that someone has been using my > mail server as a relay server. I don't know how this is possible > given I am using postfix, and most of my settings are left at > default. The other thing the mail jobs seem to be coming internally. > I can't really see any external connections coming. > > all the mails seem to be from [EMAIL PROTECTED] and to @hanmail.net > and looks like either they have a grudge or they are spammers. > > I have been looking for the source of the email, and have been checking > my config several times to see if I have left something open. > Can anyone help? > > TIA -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
