Article 13737 at 08/08/15 23:12:35 From: tfj-online (at mark) mail.tele.dk Subject: [coba-e:13737] Re: mail from local host

Index: [Article Count Order] [Thread]

Date:  Fri, 15 Aug 2008 16:12:29 +0200
From:  "thomas" <tfj-online (at mark) mail.tele.dk>
Subject:  [coba-e:13737] Re: mail from local host
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <203701c8fee0$f3f50670$967da8c0@thomasferrari>
X-Mail-Count: 13737


>From Ken
>There are several ways. My guess would be an old vulnerable formmail CGI 
>script or something similar. Look at the maillog and look at the time the 
>first one started to go out. grep the access_log for that time and see if a 
>CGI script was being accessed. Or, it's possible another type of vulnerable 
>script allowed the spammer to place their own script. Also, if you allow 
>your customers SMTP, it's possible one of your customers is the cause. They 
>could have a trojan using your SMTP AUTH.

I did'nt get your email or my own!!!, but when I looked for it on the ml on 
bluequartz I found it!

But I follow you advise and found the script that was the case.... Thanks.



--
Thomas Jensen