I have an RSE server at OLM and recently my mailservers were hijacked and used for sending spam.

If it makes any difference, we use the Ensim control panel.

When I discovered the servers were hijacked I immediately removed all IPs from the "relay ip" box in the conrol panel.

What else can I do to help with mailserver security (I asked this at OLM over a week ago and have no reply yet).


Thanks for the help!

Does this run on a linux server? Do you have a copy of the sender's offending email? You can block his IP in sendmail. Are you using sendmail? Check your log files for activity that matches the details of the offending email, it may even be that someone has the typical dumb user/pass john/john. When I took my first unix class, my teacher said let's see how easy it is to telnet to a server where there is a user named john with the password john ...

We din't really find one, but the point is quite clear right? Check if you can for easy passwords to crack.

Hope this helps :)