From: Milos Prudek (no email)
Date: Wed Sep 17 2008 - 12:28:31 EDT
I suspect that my email server has been cracked. How do I make sure it
I verified via external website service that my server is not an open relay.
I verified that my server is not listed at spamhaus RBL (yet).
However, /var/log/mail contains huge number of lines like this one:
Sep 17 18:23:58 mail postfix/error: C9D81529A036:
to=<>, relay=none, delay=39275, delays=39275/0.19/0/0.2,
dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to
127.0.0.1[127.0.0.1]: Connection refused)
There are about 100 such lines every second. The "to=" address is different
each time, but the rest is the same. Is it my server refusing spam, or is it
my server sending spam?
-- Milos Prudek