Sylvain Robitaille wrote:


>
> All mail-related logs. These aren't relevant to the ssh session(s) the
> remote site is reporting.

I read that a specially crafted email "start up a few "yes 'root@0'"
I may have misunderstood the security it is about a DOS attack I was
thinking some email sent to root was connected.
>
> Try last, w, who, and lastlog
I must admit I have not used these.

I am just going to assume I have a root kit installed and start from scratch
again and it is nothing to do with comsat this is just informing me I have
email via biff.
I should install tripwire and so on in future and harden my site.