I'm getting a huge spike in sent mail today - well over 10x what is normally sent in a day and the day isnt even over yet.
Looking in the smtp logs i see a lot of messages which are obviously spam messages that are being sent to email address I don't host. Which means the user has to authenticate to send those messages.
AUTH AA== 235+Authenticated my-server-name 19 6 postmaster
That's the last line i see before it starts to actually send the emails. Does this mean they are logging in with the postmaster account? If so, which postmaster account since every post office has a postmaster account.
[SOLVED] I think the postmaster account has been compromised
-
- Posts: 560
- Joined: Mon Nov 03, 2003 7:48 am
- Location: Cape Town
Re: URGENT I think the postmaster account has been compromis
It could be the postmaster for the default domain as I see from my SMTP logs that authentication for non-default domains shows the user@domain form.
Cheers,
Brett
Cheers,
Brett
Re: URGENT I think the postmaster account has been compromis
Thanks,I just changed the password on that account.