[Info-vax] TCPIP Services IMAP and POP resource consumption
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Mon Feb 8 15:22:06 EST 2016
On 2016-02-08 18:45:01 +0000, Scott Dorsey said:
> On Saturday, February 6, 2016 at 10:08:36 AM UTC-6, Stephen Hoffman wrote:
>> Had a VMS box "discovered" by some malware, and that VMS box was then
>> used to blast out spam. I'd briefly shut off the SMTP sending queues
>> while troubleshooting that box, and the backlog that quickly piled up
>> in the outgoing queues was quite impressive.
>
> What was compromised? Were you running an open relay or an unsecured
> POP connection?
An internal-only open SMTP relay was found by some malware running on
some other internal box.
> So, MTAs all got patches or updates or changes to default
> configurations to shut the relays down.
All? No. Definitely not all MTAs.
http://labs.hoffmanlabs.com/node/1844#comment-3095
Have dealt with OpenVMS boxes that active participants in NTP and other
DDoSes, too.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list