Re: Help. My system cracked and used to spam

To: David Teague <teague@jackson.main.nc.us>
Cc: debian-user@lists.debian.org
Subject: Re: Help. My system cracked and used to spam
From: Chris Kenrick <chrisk@aurema.com>
Date: Fri, 9 Aug 2002 15:49:47 +1000
Message-id: <[🔎] 20020809154947.B1481@chrisk.sw.oz.au>
Mail-followup-to: David Teague <teague@jackson.main.nc.us>, debian-user@lists.debian.org
In-reply-to: <[🔎] 01ec01c23f58$af75cc80$8806fea9@Gandalf>; from teague@jackson.main.nc.us on Thu, Aug 08, 2002 at 11:55:33PM -0400
References: <[🔎] 20020808192410.GA1970@leeds> <[🔎] Pine.LNX.4.21.0208082320450.18715-100000@sol.cs.wcu.edu> <[🔎] 20020809133943.A1481@chrisk.sw.oz.au> <[🔎] 01ec01c23f58$af75cc80$8806fea9@Gandalf>

On Thu, Aug 08, 2002 at 11:55:33PM -0400, David Teague wrote:
> It is a stock 2.0 install from CDs with Exim installed and 
> setup by the scripts. Nothing particular was done to prevent 
> entry.  What does "Properly locked down" mean?

I believe someone expounded on this a bit earlier on.
> 
> I had some accounts there that may not have had decent 
> passwords, but they would have needed root access to 
> change the Exim setup, don't you suppose?
> 
> I don't know enough to find whether it could have been set up as 
> a relay.  I do need to understand the spam relay. 
> 
> I want to stop the spam relay long enough to copy the data to another 
> machine (which will have Sarge installed).

Well, one option is to use a crossover cable between the two machines in
question.  Another would be to reboot into single user mode, so things
like exim won't get started.  Can't remember if you get networking on by
default in single user mode, but /etc/init.d/networking start should do
the trick if it isn't.

> 
> I still need references to do some reading so I can understand
> what I need to do to fix things.

A good first step would be to use one of the online services that test
whether you are an open relay.  Try googling on open relay test, or
search the list archives, it's definitely come up before.  If you are an
open relay, shut down exim and test again.  If that fixes it, then you
know that you have an exim config problem, and you can go from there.

- Chris

Reply to:

References:
- Re: should . be followed by doublespace?
  - From: David Jardine <david@jardine.de>
- Help. My system cracked and used to spam
  - From: David Teague <dbt@cs.wcu.edu>
- Re: Help. My system cracked and used to spam
  - From: Chris Kenrick <chrisk@aurema.com>
- Re: Help. My system cracked and used to spam
  - From: "David Teague" <teague@jackson.main.nc.us>

Prev by Date: Re: should . be followed by doublespace?
Next by Date: Re: No "unsubscribe" line
Previous by thread: Re: Several good suggestions Re: Help. My system cracked and used to spam
Next by thread: Re: should . be followed by doublespace?
Index(es):
- Date
- Thread