Help with hijacked sendmail

From: Dan Abend (dan_abend@hotmail.com)
Date: 09/24/01

Previous message: Trevor Benson: "RE: iptables anti-nimda anyone?"
Next in thread: stephen@acgroup.ucsc.edu: "Re: Help with hijacked sendmail"
Reply: stephen@acgroup.ucsc.edu: "Re: Help with hijacked sendmail"
Reply: Rajeev Kumar: "Re: Help with hijacked sendmail"
Reply: info@perimeterdefence.com: "Re: Help with hijacked sendmail"
Reply: Moeller, Arno: "RE: Help with hijacked sendmail"
Reply: Anthony Baratta: "Re: Help with hijacked sendmail"
Reply: Xno Xutz: "Re: Help with hijacked sendmail"
Reply: David Ford: "Re: Help with hijacked sendmail"
Reply: Mogens Valentin: "Re: Help with hijacked sendmail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Dan Abend" <dan_abend@hotmail.com>
To: focus-linux@securityfocus.com
Subject: Help with hijacked sendmail
Date: Mon, 24 Sep 2001 10:45:31 -0400
Message-ID: <F47udzxxfYXFrwiZ9rW00003f1b@hotmail.com>

I noticed some odd behavior going on in my maillog file. I've checked my
sendmail configuration and have no idea how to get this behavior to stop. I
don't see anything out of the ordinary in any other log. For now, sendmail
is stopped. I don't even know what to try or where to examine next. Any
suggestions are appreciated. This is what I see in the log and there are a
lot of them. (Email addresses have been altered to protect the innocent)

Sep 6 21:09:35 server1 sendmail[22176]: VAA22176: from=nobody, size=1639,
class=0, pri=271639, nrcpts=9,
msgid=<200109070209.VAA22176@server1.mydomain.com>, relay=nobody@localhost
Sep 6 21:09:36 server1 sendmail[22178]: VAA22176:
to=someguy1@aol.com,someguy2@aol.com,someguy3@aol.com,someguy4@aol.com,someguy5@aol.com,someguy6@aol.com,someguy7@aol.com,someguy8@aol.com,someguy19@aol.com,
ctladdr=nobody (99/99), delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
relay=mailin-01.mx.aol.com. [152.163.224.26], stat=Sent (OK)

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

Previous message: Trevor Benson: "RE: iptables anti-nimda anyone?"
Next in thread: stephen@acgroup.ucsc.edu: "Re: Help with hijacked sendmail"
Reply: stephen@acgroup.ucsc.edu: "Re: Help with hijacked sendmail"
Reply: Rajeev Kumar: "Re: Help with hijacked sendmail"
Reply: info@perimeterdefence.com: "Re: Help with hijacked sendmail"
Reply: Moeller, Arno: "RE: Help with hijacked sendmail"
Reply: Anthony Baratta: "Re: Help with hijacked sendmail"
Reply: Xno Xutz: "Re: Help with hijacked sendmail"
Reply: David Ford: "Re: Help with hijacked sendmail"
Reply: Mogens Valentin: "Re: Help with hijacked sendmail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Help with hijacked sendmail
... >I noticed some odd behavior going on in my maillog file. ... >sendmail configuration and have no idea how to get this behavior to stop. ... You'll need to import some clean binaries from a CD or clean machine ...
(Focus-Linux)
RE: Help with hijacked sendmail
... Subject: Help with hijacked sendmail ... > I noticed some odd behavior going on in my maillog file. ... Please note that after patching formmail this way any webset using ...
(Focus-Linux)
Re: Help with hijacked sendmail
... Natural Sciences Division ... "Blow, blow, thou winter wind, ... > I noticed some odd behavior going on in my maillog file. ... > sendmail configuration and have no idea how to get this behavior to stop. ...
(Focus-Linux)
Re: Help with hijacked sendmail
... Subject: Help with hijacked sendmail ... default now deny open relay after version 8.9. ... > I noticed some odd behavior going on in my maillog file. ...
(Focus-Linux)
RE: sendmail configuration
... Subject: sendmail configuration ... Please let me know if I can use postfix in place of sendmail. ... CAUTION: This e-mail and any attachmentcontain ...
(RedHat)