Help with hijacked sendmail

• Previous message: Trevor Benson: "RE: iptables anti-nimda anyone?"
• Next in thread: stephen@acgroup.ucsc.edu: "Re: Help with hijacked sendmail"
• Reply: stephen@acgroup.ucsc.edu: "Re: Help with hijacked sendmail"
• Reply: Rajeev Kumar: "Re: Help with hijacked sendmail"
• Reply: info@perimeterdefence.com: "Re: Help with hijacked sendmail"
• Reply: Moeller, Arno: "RE: Help with hijacked sendmail"
• Reply: Anthony Baratta: "Re: Help with hijacked sendmail"
• Reply: Xno Xutz: "Re: Help with hijacked sendmail"
• Reply: David Ford: "Re: Help with hijacked sendmail"
• Reply: Mogens Valentin: "Re: Help with hijacked sendmail"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Dan Abend" <dan_abend@hotmail.com>
To: focus-linux@securityfocus.com
Subject: Help with hijacked sendmail
Date: Mon, 24 Sep 2001 10:45:31 -0400
Message-ID: <F47udzxxfYXFrwiZ9rW00003f1b@hotmail.com>

I noticed some odd behavior going on in my maillog file. I've checked my
sendmail configuration and have no idea how to get this behavior to stop. I
don't see anything out of the ordinary in any other log. For now, sendmail
is stopped. I don't even know what to try or where to examine next. Any
suggestions are appreciated. This is what I see in the log and there are a
lot of them. (Email addresses have been altered to protect the innocent)

Sep 6 21:09:35 server1 sendmail[22176]: VAA22176: from=nobody, size=1639,
class=0, pri=271639, nrcpts=9,
msgid=<200109070209.VAA22176@server1.mydomain.com>, relay=nobody@localhost
Sep 6 21:09:36 server1 sendmail[22178]: VAA22176:
to=someguy1@aol.com,someguy2@aol.com,someguy3@aol.com,someguy4@aol.com,someguy5@aol.com,someguy6@aol.com,someguy7@aol.com,someguy8@aol.com,someguy19@aol.com,
ctladdr=nobody (99/99), delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
relay=mailin-01.mx.aol.com. [152.163.224.26], stat=Sent (OK)

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

• Previous message: Trevor Benson: "RE: iptables anti-nimda anyone?"
• Next in thread: stephen@acgroup.ucsc.edu: "Re: Help with hijacked sendmail"
• Reply: stephen@acgroup.ucsc.edu: "Re: Help with hijacked sendmail"
• Reply: Rajeev Kumar: "Re: Help with hijacked sendmail"
• Reply: info@perimeterdefence.com: "Re: Help with hijacked sendmail"
• Reply: Moeller, Arno: "RE: Help with hijacked sendmail"
• Reply: Anthony Baratta: "Re: Help with hijacked sendmail"
• Reply: Xno Xutz: "Re: Help with hijacked sendmail"
• Reply: David Ford: "Re: Help with hijacked sendmail"
• Reply: Mogens Valentin: "Re: Help with hijacked sendmail"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Help with hijacked sendmail ... >I noticed some odd behavior going on in my maillog file. ... >sendmail configuration and have no idea how to get this behavior to stop. ... You'll need to import some clean binaries from a CD or clean machine ... (Focus-Linux) RE: Help with hijacked sendmail ... Subject: Help with hijacked sendmail ... > I noticed some odd behavior going on in my maillog file. ... Please note that after patching formmail this way any webset using ... (Focus-Linux) Re: Help with hijacked sendmail ... Natural Sciences Division ... "Blow, blow, thou winter wind, ... > I noticed some odd behavior going on in my maillog file. ... > sendmail configuration and have no idea how to get this behavior to stop. ... (Focus-Linux) Re: Help with hijacked sendmail ... Subject: Help with hijacked sendmail ... default now deny open relay after version 8.9. ... > I noticed some odd behavior going on in my maillog file. ... (Focus-Linux) Re: Upgrading To FC2 Question ... > so the firewall allows no connections from external computers. ... the default sendmail configuration could reject/bounce mail this way. ... (Fedora)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint