I was just informed by our postmaster that our RP media server is sending out spam emails\
I see no email SMTP settings from the admin web portal so it has to have been done via the linux root access.I do see a log with the name of the mail server process with all the errors in it
I have a call in to our vendor who supports this equipment to see about a remedy, but two things confuse me.
1 Our network engineers told me the SSH port was blocked by our firewall so they couldnt use port 22 from the outside.
2. they guessed or hacked the polycom root password for the box, I am assuming its a generic password polycom uses for service and somehow this got out?/
welcome to the Polycom Community.
I am not aware of any similar cases but have made our security department aware.
Can you contact me via community mail with details like the serial number etc. so the relevant support team in your region can work with yourself?
Polycom Global Services
Thank you for your reply, I have a ticket in with the vendor and spoke with them, they are now escalating it to Polycom Support.
It seems we nee dto disable the smpt service itself in root, since when I access the admin web gui page smpt is not checked!!!
the hacker seems to be using the mail server as a relay
If they dont resole the issue I will follow up with you
I am already in touch with our Security department and also send you an email.
If you respond to this you get faster access as going through your vendor. They should open a ticket with Polycom in parallel but I assume working with our security department makes more sense.