Hi, i have problem with my server im a newbie in linux, im a FreeBSD user, im using linux cobalt and its my mail server, web and dns, and i have a spam bot installed, it sends a lot of mail and my /var its full, because many of the mails it send are rejected
please help me, how can i stop this?,
[CODE]
[root logcheck-1.2.33]# ps -aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 1120 68 ? S Feb12 0:05 init
root 2 0.0 0.0 0 0 ? SW Feb12 0:03 [kflushd]
root 3 0.0 0.0 0 0 ? SW Feb12 1:06 [kupdate]
root 4 0.1 0.0 0 0 ? SW Feb12 5:54 [kswapd]
root 5 0.0 0.0 0 0 ? SW< Feb12 0:00 [mdrecoveryd]
root 6 0.0 0.0 0 0 ? SW< Feb12 0:00 [raid1d]
root 7 0.0 0.0 0 0 ? SW< Feb12 0:00 [raid1d]
root 8 0.0 0.0 0 0 ? SW< Feb12 0:00 [raid1d]
root 9 0.0 0.0 0 0 ? SW< Feb12 0:00 [raid1d]
root 170 25.1 0.1 1172 156 ? S Feb12 769:57 syslogd -m 0
root 179 0.0 0.0 1440 0 ? SW Feb12 0:00 [klogd]
root 208 0.0 0.1 2300 232 ? S Feb12 0:00 /usr/sausalito/sbin/cced
root 734 0.0 0.0 1156 120 ? S Feb12 0:00 crond
root 830 0.0 0.2 1680 280 ? S Feb12 0:00 /usr/lib/ipsec/pluto --debug-all
root 858 0.0 0.0 1136 56 ? S Feb12 0:00 inetd
lp 901 0.0 0.0 2112 0 ? SW Feb12 0:00 [lpd]
root 920 0.0 0.0 1092 0 ? SW Feb12 0:00 [pafnanny]
root 922 0.0 0.0 1092 0 ? SW Feb12 0:00 [pafnanny]
root 923 0.0 0.0 1364 0 ? SW Feb12 0:00 [pafserver]
nobody 925 0.0 0.2 1480 256 ? S Feb12 0:00 thttpd-phoenix -p 8181 -d /etc/phoenix/html -N -c /cgi-bin/*
root 926 0.0 0.0 1092 0 ? SW Feb12 0:00 [pafnanny]
root 929 0.0 0.0 1120 24 ? S Feb12 0:01 paflogd -n
root 940 0.0 0.0 8840 72 ? S Feb12 0:03 /usr/sbin/ahttpd -f /etc/admserv/conf/httpd.conf
root 964 0.0 0.0 8048 68 ? S Feb12 0:02 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
root 979 0.0 0.0 1512 0 ? SW Feb12 0:00 [safe_mysqld]
root 1000 0.0 0.0 3668 0 ? SW Feb12 0:00 [squid]
squid 1006 0.0 1.2 5972 1608 ? S Feb12 1:07 (squid) -D
squid 1023 0.0 0.0 1080 0 ? SW Feb12 0:00 [unlinkd]
httpd 1036 0.0 0.9 8200 1232 ? S Feb12 0:00 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
httpd 1037 0.0 0.7 8180 1012 ? S Feb12 0:00 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
root 1049 0.0 0.3 2508 396 ? S Feb12 0:03 sendmail: accepting connections
root 1060 0.0 0.8 3780 1128 ? S Feb12 1:39 perl /usr/local/sbin/poprelayd -d
root 1089 0.0 0.2 3408 260 ? S Feb12 0:00 smbd -D
root 1098 0.0 0.3 2360 472 ? S Feb12 0:08 nmbd -D
root 1105 0.0 0.0 1084 56 ? S Feb12 0:02 /sbin/lcdsleep
root 1142 0.0 0.0 0 0 ? SW Feb12 0:00 [khubd]
root 1153 0.0 0.0 1080 32 ? S Feb12 0:00 /sbin/consoled /sbin/getty ttyS0 115200
httpd 28817 0.0 0.8 8200 1068 ? S Feb12 0:00 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
httpd 29975 0.0 0.8 8200 1064 ? S Feb12 0:00 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
httpd 29976 0.0 0.9 8180 1192 ? S Feb12 0:00 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
httpd 24147 0.0 6.2 13760 7980 ? S Feb13 0:07 /usr/sbin/ahttpd -f /etc/admserv/conf/httpd.conf
httpd 27619 0.0 5.3 12580 6852 ? S Feb13 0:13 /usr/sbin/ahttpd -f /etc/admserv/conf/httpd.conf
named 8429 0.0 0.6 2696 812 ? S Feb13 0:01 named -u named
root 9990 0.1 4.3 6856 5552 ? S 14:56 0:08 sendmail: q2/j1B1jGX03877 dellnet.com.: user open
root 10824 0.0 3.6 5916 4608 ? S 15:11 0:06 sendmail: q3/j1BFjHk22159 mail.ableweb.net.: client greeting
root 10825 0.0 1.2 2956 1656 ? S 15:11 0:01 sendmail: q4/j1CF4vW04145 mailin-01.mx.aol.com.: client DATA 354
root 11624 0.1 4.3 6864 5556 ? S 15:26 0:08 sendmail: q2/j1B9FGe31468 mx2.intercomm.com.: client HELO
root 11625 0.1 3.5 5840 4536 ? S 15:26 0:06 sendmail: q3/j1B9jGd00894 dellnet.com.: user open
root 12425 0.1 4.3 6840 5536 ? S 15:41 0:08 sendmail: q2/j1BBFGh06901 mail.boxfrog.com.: user open
root 12426 0.1 3.5 5828 4520 ? S 15:41 0:06 sendmail: q3/j1BEFGX17081 mail.ableweb.net.: client HELO
root 12427 0.0 1.1 2784 1480 ? S 15:41 0:00 sendmail: q4/j1CEFHc30896 mail.boxfrog.com.: user open
root 13062 0.0 0.5 1300 656 ? S 15:52 0:01 in.telnetd: 192.168.123.72
root 13063 0.0 0.7 1960 896 pts/0 S 15:52 0:00 login -- admin
admin 13087 0.0 0.6 1536 872 pts/0 S 15:53 0:00 -bash
root 13244 0.1 4.3 6840 5536 ? S 15:56 0:08 sendmail: q2/j1B3jGf11122 gateway.net.: user open
root 13245 0.0 1.0 2668 1360 ? S 15:56 0:00 sendmail: q3/j1CKoYv19593 mail.boxfrog.com.: user open
root 13246 0.0 1.1 2716 1412 ? S 15:56 0:00 sendmail: q4/j1D0BLU14383 mail.boxfrog.com.: user open
root 13705 0.0 0.6 1940 856 pts/0 S 16:03 0:00 su
root 13729 0.0 0.6 1552 880 pts/0 S 16:03 0:01 bash
root 14148 0.2 4.3 6856 5552 ? S 16:11 0:08 sendmail: q2/j1B1jGt03877 gateway.net.: user open
root 14149 0.0 1.0 2676 1376 ? S 16:11 0:00 sendmail: q3/j1BBFGa06902 dellnet.com.: user open
root 14150 0.0 1.1 2720 1416 ? S 16:11 0:00 sendmail: q4/j1BAFGn02856 dellnet.com.: user open
root 15120 0.3 4.3 6832 5528 ? S 16:26 0:08 sendmail: q2/j1B1jGX03879 dellnet.com.: user open
root 15121 0.0 1.0 2652 1348 ? S 16:26 0:00 sendmail: q3/j1BB0GZ05842 gateway.net.: user open
root 15122 0.0 1.0 2652 1348 ? S 16:26 0:00 sendmail: q4/j1BEFGg17081 dellnet.com.: user open
root 26242 0.0 0.9 2596 1248 ? S 16:41 0:00 sendmail: q1/j1EBQOP07646 dellnet.com.: user open
root 26243 0.0 0.9 2592 1244 ? S 16:41 0:00 sendmail: q2/j1D3GXf06851 mail.boxfrog.com.: user open
root 26244 0.0 1.0 2584 1280 ? S 16:41 0:00 sendmail: q3/j1BFjHl22159 gateway.net.: user open
root 26245 0.0 1.0 2640 1336 ? S 16:41 0:00 sendmail: q4/j1BEUHX18019 gateway.net.: user open
root 27122 0.0 0.9 2596 1188 ? S 16:56 0:00 sendmail: q1/j1ECQOR11047 dellnet.com.: user open
root 27123 0.0 0.9 2592 1184 ? S 16:56 0:00 sendmail: q2/j1D3VDl04808 mail.boxfrog.com.: user open
root 27124 0.0 0.9 2580 1168 ? S 16:56 0:00 sendmail: q3/j1EDfOR15188 dellnet.com.: user open
root 27125 0.0 0.9 2596 1224 ? S 16:56 0:00 sendmail: q4/j1EAuOT05660 mail.ableweb.net.: client HELO
root 29696 0.0 0.5 2360 724 pts/0 R 17:09 0:00 ps -aux


i run rkhunter to see if i have installe a rootkit an this is the results

i hope you can help me. THX