On Fri, 11 Mar 2005 10:48:29 +0000, Paul Howarth <paul@xxxxxxxxxxxx> wrote: > Bob Brennan wrote: > > Sorry for the brevity here but I woke this morning to find my > > mailserver sending 1000+ rejected email notices to postmaster@, and it > > was increasing by the minute. I have shut down Sendmail and am > > removing all relay permissions (I hope) but have a few issues that > > need to be resolved quickly before going back online - knowing the > > spammer will be retrying and my legitimate users are losing services. > > What relaying permissions did you have? FEATURE('relay_entire_domain') HACK('popauth') ...none of which worked for *me* in my continuing struggle to find a secure way to let my users use a remote MUA ...both commented out for now, as well as removed all domains in the "Relay Domains" (Webmin again) file > > > 1. There are 700+ emails sitting in the outgoing queue, I am using > > WebMin to delete them but at 20 at-a-time it is useless. I need a > > command line that will do it without causing more damage. > > # cd /var/spool > # mv mqueue mqueue.spam > # mkdir mqueue > # restorecon mqueue done it - 1 problem sorted! > That should leave you with an empty queue, plus the spam messages saved > in /var/spool/mqueue.spam. You might want to look in there and see if > there are any non-spam messages before you go deleting them all. It > would also be useful to see an example of one of the "qf" files in > /var/spool/mqueue.spam to see how the message reached your outgoing mail > queue. That may indicate the vulnerability being exploited by the spammer. > > > 2. MySql is shut down for some reason, I don't know if it's related to > > the attack. "service msqld status" returns "msqld dead but subsys > > locked" > > Perhaps it collapsed under the load? Will "service msqld restart" > restart it? "Timeout error occured trying to start MySQL Deamon" "Starting MySQL [FAILED] ... having to do with the "subsys locked" problem above I believe - but how to fix that? bob > Paul. > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list >