LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-08-2012, 07:03 AM   #1
sanjibgupta
Member
 
Registered: Apr 2003
Location: Kolkata
Posts: 212

Rep: Reputation: 30
Mail problem


Hi
I have sendmail(sendmail-8.12.10-1) running on RHEL 3. Recently I in the mailq I have noticed Reciepts as <undisclosed> from <info@msn.com> trying to send mail to users outside the network.
I donot allow my machine to RELAY.
My port 25 telnet is closed so i cannot check if my machine is working as open relay.

Can I anyway know what address are there in <undisclosed> as i am not fully aware if any user is forwarding this mail and why is machine sending this mail and how can i stop such activities.

Sanjib Gupta
 
Old 11-08-2012, 09:36 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Quote:
sendmail(sendmail-8.12.10-1) running on RHEL 3.
STOP. RIGHT. THERE! This machine is SERIOUSLY OUT OF DATE!

Sendmail 8.12.10 was released 2003/09/17, making it almost a decade old!
RHEL3 was released between 2003-10-22 and 2007-06-15 depending on the patch level and all versions are running kernel revision 2.4

The fact that your logs are showing your mail system trying to send to undisclosed recipients, which to me says spamming a list of BCC recipients, via an obvious spoof from address is a strong indication that your system has been compromised in some fashion. Without performing an investigation you won't know how. Given that the machine is so severely out of date, I question whether a thorough investigation would be worth the effort. This is a decision you will have to make. More importantly, running a public facing server, especially an email server requires a responsible commitment and this machine has clearly been neglected. Even if you were to wipe the machine out, rebuild it using current software, you would still have to decide if you are willing to spend the effort to manage it responsibly.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
mail loops back to me (MX problem?) OR did not issue MAIL/EXPN/VRFY/ETRN skc Linux - Server 6 07-09-2011 10:18 PM
problem with Evoution mail working with ubunto linux system senting mail dan1369 Linux - Newbie 1 06-14-2009 12:55 PM
Mail relaying problem, cannout mail from outside network using outlook andrewfeberwee Linux - Newbie 4 03-30-2009 08:12 PM
problem receiving pop3 mail from postfix mail server GEN_Electric Linux - Software 2 02-14-2005 03:43 PM
Strange mail problem, no errors, and no mail quincy56 Linux - Networking 4 09-07-2004 01:21 AM


All times are GMT -5. The time now is 01:40 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration