Yesterday morning, when I came into work, I was getting a lot of odd bouncebacks in my Inbox. Looking at them, they were bouncebacks from other servers that were rejecting connections from our server, so it was as if we were sending the spam. How odd ... because we don't send spam ourselves and I have open-relay turned off on our sendmail server.
So I login to the server and in the "top" display, I see a suspicious 'formail.pl' script running. Not a script I heard of or am familiar with (Google tells me it's one of Matt's infamous scripts), so I kill it and the spam stops. I go through the mail queue and delete any outgoing spam mail ('mailq' is a great command, btw). Then I try to find formail.pl on our server ... nothing. Can't find it anywhere, using both 'locate' and 'find'. Very odd ... leaves me with the bad feeling that there is a security hole somewhere on our system that spammers know about and can take advantage of.
Anyone else have something like that happen to them?
Peace,
Purdy
