Currently Being ModeratedAug 17, 2011 10:14 PM (in response to brasskazoo)
No, I never got a real answer.
I changed all the admin passwords and set the _www account to have no email permission.
I also installed Little Snitch and let it block a lot of outgoing connection attempts.
There were a number of outgoing attempts that looked suspicious, but I was never able to pin down exactly what was sending the mail.
Currently Being ModeratedAug 18, 2011 2:11 PM (in response to PatStanford)
Apache isn't going to send any mail on its own. The only way it would is through dynamic content systems such as a CGI or PHP page.
Do you have any such CGI or PHP on your server? It's possible someone's using an insecure web form to generate the mail. If your server isn't secure it's also possible that someone pushed such a form to your server.
The apache logs would be the logical place to start. If they're generating at that rate it shouldn't be hard to see where they're coming from.
Currently Being ModeratedAug 19, 2011 7:21 PM (in response to PatStanford)
One issue that I had was Apache's proxy settings were incorrect - it was initially acting as a forward proxy, and changes in our firewall meant that it was given a public IP, which then allowed it to be used as an open relay for spammers.
Config item was this: http://httpd.apache.org/docs/2.1/mod/mod_proxy.html#proxyrequests
I believe that has stopped some of the problem, but Little Snitch is still reporting a lot of weird requests.
I also turned off ping responses in OS X security settings, and the console still reports a massive amount IPs that it doesn't respond to... :-/