Greetings,

My first post so please forgive me is something is wrong with it. While I don't consider myself a NOOB, I must admit that I'm not a seasoned Linux pro either. I have several services up and running including Samba, Squid, VSFTP, SOCKS5 etc. - all on Redhat 9 with updates and no signs of trouble.

However, I recently made some major changes to my /etc/hosts file in which I denied access to my LAN for certain workstations. I received a message immediately after restarting my network stating that I had mail in /var/spool/mail/root. Examining the file I noticed that it was approximately 20mb in size and contained several hundred Spam e-mails.

I ran ethereal several times and haven't noticed anything particularly suspicious and I do not have this unit set up as a mail server of any kind. The only e-mail I use is 'excite' which is web based and only on certain workstations. SpamAssassin is running; as I was planning to set up a mail server in the future.

Any information relating to this matter is very greatly appreciated. I usually browse these groups when I have troubles and very many helpful people have resolved them, but alas I am perplexed.

Thanks.

To whom were the mails addressed? To users that don't exist?

I'm guessing that your system is configured so that unknown addresses go to postmaster and that you have postmaster aliased to root.

Have a look in your aliases file (probably /etc/aliases or /etc/mail/aliases) - you may find a clue as to what is happening.

Greetings all;

kbcnetau, thank you very much for the reply and the information was right on target. I guess I am confused as to how I'm getting e-mail sent to the computer in the first place. Are they just taking an IP address and filling it with various names hoping to reach one or two users? I hope not because that sounds completely ludicrous to me.

Is there a way I can completely stop any mail from reaching any user anywhere on my Linux box? The only access I would even prefer to have to /var/spool/mail/ is by root and only to check for errors. Maybe not even for that. I figure that I don't need any type of e-mail services at all, as all the e-mail accounts here are web based requiring only http proxy services.

It wouldn't seem safe to me that junk mailers can simply send hundreds of spam e-mails to my IP address, if that is what they are doing, and instead of being blocked somehow they are merely redirected. I've been looking for a way to stop all e-mail services in my unit, but I can find nothing.

Thanks again for any and all help.

Having looked at rejects on my own mail server logs, what the spammers are doing is taking a domain (rather than an IP address) and are putting just about every concievable name in front of the @ in hope of hitting a legitimate account. If the MTA on your machine is not set to reject non-existent users, postmaster and thus root ends up getting all the junk.

If you don't need your mail server to handle incoming traffic and your Web mail is coming through on the normal http port (80), you could just block the smtp port (25) on your firewall. This should also cut down your incoming bandwidth...

Greetings,

Thank you again for the information. I know this follow-up is extremely late, but I wanted to let anyone know who may search this thread that kbcnetau's method worked. I now only have errors reported to local users in my mail folders and no spam at all.

Very much appreciated.