On Tue, 10 Jun 2003 09:54:12 -0600 ast1200 wrote:
> For 2 days I was logging network traffic on this server (huge files!)
> and I know the spam is coming direct from Internet to port 25,
Well OK. But where is the spam directed to? Domains on your system?
If not: how could the sender gain relay priviledges? The network dump
should make this visible. POP3-before-SMTP? SMTP-AUTH?
> The problem started just a few weeks ago. Did somebody found a method
> how hack qmail/vpopmail ???
Not I'm aware of.
Unless yo have weak patches applied there's no way known to me how
'RELAY' flag can be set for qmail-smtpd, except the intended methods:
environment variable (used by POP3-before-SMTP way) or SMTP-AUTH.
> Any advice welcome.
Formulate your question clearly. What _exactly_ is your problem?
You wrote something about spam and something different about mail coming
in from the internet.
The former is unsatisfying, the latter is intentional.
1.) Where does the spam come from
2.) Where is it directed to
a.) If you system is the target: there's nothing you can do, except
installing something like SpamAssassin
b.) If you're an relay: what does the traffic-dump say about the
SMTP-sessions; how where RELAY priviledges gained?