[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Need some help on "spam" report

Subject: Re: [cobalt-security] Need some help on "spam" report
From: Matthew Goade <mgoade@xxxxxxxxxx>
Date: Tue, 20 Apr 2004 13:28:46 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Folks,

I got a report that our Qube had been used for Spam and as far as I know it
is locked down pretty tight so I don't know what to make of this. I had one
person on the Dshield list say to check the maillogs and I tried that but
they only go back to 4/16 and this happened on 4/13. Then someone else just
noted that they are not aware of any way to spoof the "NNTP-Posting-Host"
that shows our IP address in this email and "You'll have to look for
outbound HTTP connections to posting.google.com from your IP, not SMTP
transactions."

So how do I do that ?

And is there a way to keep logs from rolling off so fast ?

If you are familiar with the command line interface, see if you have a file/etc/logrotate.conf (RaQ 550 does).It will make sense when you read the file. I changed mine to effectivelynever remove logs. I keep them all, and occasionally export them and burnthem to a cd.

Thanks and here is the original email notice I received:

Follow-Ups:
- RE: [cobalt-security] Need some help on "spam" report
  - From: Bob Noordam
- RE: [cobalt-security] Need some help on "spam" report
  - From: Chuck Lewis

References:
- [cobalt-security] Need some help on "spam" report
  - From: Chuck Lewis

Prev by Date: [cobalt-security] Need some help on "spam" report
Next by Date: [cobalt-security] Re: Need some help on "spam" report
Previous by thread: [cobalt-security] Need some help on "spam" report
Next by thread: RE: [cobalt-security] Need some help on "spam" report

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index