Bob Brennan wrote:
On Fri, 11 Mar 2005 10:48:29 +0000, Paul Howarth <paul@xxxxxxxxxxxx> wrote:
Bob Brennan wrote:
Sorry for the brevity here but I woke this morning to find my
mailserver sending 1000+ rejected email notices to postmaster@, and it
was increasing by the minute. I have shut down Sendmail and am
removing all relay permissions (I hope) but have a few issues that
need to be resolved quickly before going back online - knowing the
spammer will be retrying and my legitimate users are losing services.
What relaying permissions did you have?
FEATURE('relay_entire_domain')
HACK('popauth')
...none of which worked for *me* in my continuing struggle to find a
secure way to let my users use a remote MUA
...both commented out for now, as well as removed all domains in the
"Relay Domains" (Webmin again) file
No real clues there, need to see a qf file as mentioned last time.
2. MySql is shut down for some reason, I don't know if it's related to
the attack. "service msqld status" returns "msqld dead but subsys
locked"
Perhaps it collapsed under the load? Will "service msqld restart"
restart it?
"Timeout error occured trying to start MySQL Deamon"
"Starting MySQL [FAILED]
... having to do with the "subsys locked" problem above I believe -
but how to fix that?
Doesn't "service msqld stop" clear the "subsys locked" error?
Paul.
