I run qmail on a Mandrake 10.1 box. I also have an OpenBSD firewall. Today when I came home I noticed unusual disk activity on the mail server. When I did ps aux it was full of qmail-remote processes.
qmailr 8826 0.0 0.0 2720 792 ? S 21:00 0:00 qmail-remote soza.com
anonymous@mail.mydomain.com 4woman@soza.com
qmailr 8830 0.0 0.0 2720 792 ? S 21:00 0:00 qmail-remote exemplary.net
anonymous@mail.mydomain.com bent@exemplary.net
qmailr 8839 0.0 0.0 2720 792 ? S 21:00 0:00 qmail-remote vm.tcnj.edu
anonymous@mail.mydomain.com admiss@vm.tcnj.edu
I yanked the network cable and rebooted. I figured that someone was using my server to send spam. There are only about 4 in there now. Any idea what this is and how to track it down.
Also, any idea if there is anywhere I should look on the OpenBSD firewall to get some insight on a securtiy breach?
Thanks for any help