1

[CentOS] SMTP Auth Spam Mail Attack

view story
linux-howto

http://centos.1050465.n5.nabble.com – Hi All I have a server which seems to be getting spam relayed through it. The story is this..... User reported loads of undeliverables being received so I had a trawl through the logs. So the attacker connects to our server using SMTP AUTH........ Oct  5 15:17:53 www sendmail[6972]: AUTH=server, relay=pppoe9.net109-120-27.se1.omkc.ru [109.120.27.9] (may be forged), authid=jon, mech=LOGIN, bits=0 This then seemingly passes the AUTH for the user jon and allows the system to send e-mails such as the following. Oct  5 15:17:58 www sendmail[6982]: r95EHqoc006972: to=<[hidden email]> (HowTos)