Re: Help with hijacked sendmail

From: stephen@acgroup.ucsc.edu
Date: 09/25/01


Date: Mon, 24 Sep 2001 19:19:59 -0700 (PDT)
From: <stephen@acgroup.ucsc.edu>
To: Dan Abend <dan_abend@hotmail.com>
Subject: Re: Help with hijacked sendmail
Message-ID: <Pine.GSO.4.31.0109241919420.4676-100000@cavecanem.ucsc.edu>


It looks like you are are an open relay...

Stephen Hauskins
Academic Computing Group
Natural Sciences Division

"Blow, blow, thou winter wind,
 Thou art not so unkind
 As man's ingratitude;"

On Mon, 24 Sep 2001, Dan Abend wrote:

> I noticed some odd behavior going on in my maillog file. I've checked my
> sendmail configuration and have no idea how to get this behavior to stop. I
> don't see anything out of the ordinary in any other log. For now, sendmail
> is stopped. I don't even know what to try or where to examine next. Any
> suggestions are appreciated. This is what I see in the log and there are a
> lot of them. (Email addresses have been altered to protect the innocent)
>
> Sep 6 21:09:35 server1 sendmail[22176]: VAA22176: from=nobody, size=1639,
> class=0, pri=271639, nrcpts=9,
> msgid=<200109070209.VAA22176@server1.mydomain.com>, relay=nobody@localhost
> Sep 6 21:09:36 server1 sendmail[22178]: VAA22176:
> to=someguy1@aol.com,someguy2@aol.com,someguy3@aol.com,someguy4@aol.com,someguy5@aol.com,someguy6@aol.com,someguy7@aol.com,someguy8@aol.com,someguy19@aol.com,
> ctladdr=nobody (99/99), delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
> relay=mailin-01.mx.aol.com. [152.163.224.26], stat=Sent (OK)
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>



Relevant Pages

  • Re: Help with hijacked sendmail
    ... >I noticed some odd behavior going on in my maillog file. ... >sendmail configuration and have no idea how to get this behavior to stop. ... You'll need to import some clean binaries from a CD or clean machine ...
    (Focus-Linux)
  • RE: Help with hijacked sendmail
    ... Subject: Help with hijacked sendmail ... > I noticed some odd behavior going on in my maillog file. ... Please note that after patching formmail this way any webset using ...
    (Focus-Linux)
  • Help with hijacked sendmail
    ... I noticed some odd behavior going on in my maillog file. ... sendmail configuration and have no idea how to get this behavior to stop. ...
    (Focus-Linux)
  • Re: Help with hijacked sendmail
    ... Subject: Help with hijacked sendmail ... default now deny open relay after version 8.9. ... > I noticed some odd behavior going on in my maillog file. ...
    (Focus-Linux)