LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 02-26-2010, 04:12 AM   #1
mail4vijay
Member
 
Registered: Oct 2009
Location: Delhi
Distribution: CentOS , RHEL
Posts: 214

Rep: Reputation: 33
Spammer breaks the Sendmail System


Hi,

I configured ( sendmail + Smarthost + pop-before-smtp settings + smtp auth settigns ), today i saw 18000 mail in mailq and somebody sending mail from my mailserver ,as i got reported by ISP for spaming. How someone broke the sendmail + pop-before-smtp settings. i usually access that system through webmin. Is webmin cause to hack password.

Or How someone break sendmail security without even choosing my own user / password spamper settings messages to smart hosts to yahoo / gmail with his own junk user name and password?

I stopped sendmail for the time being.
Any idea what i should look for and what i should go for its remediation?

Any help would be greatly appreicated.

Last edited by mail4vijay; 02-26-2010 at 04:14 AM.
 
Old 02-26-2010, 08:55 AM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,719
Blog Entries: 15

Rep: Reputation: 1602Reputation: 1602Reputation: 1602Reputation: 1602Reputation: 1602Reputation: 1602Reputation: 1602Reputation: 1602Reputation: 1602Reputation: 1602Reputation: 1602
Usually it means you've setup your sendmail as an open relay and they simply relayed through you.

I'd suggest you do a Google search for "securing sendmail". You'll see a lot of information out there including this link:
http://www.enterprisenetworkingplane...le.php/1382251
 
Old 02-26-2010, 10:24 AM   #3
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 21,453

Rep: Reputation: 5640Reputation: 5640Reputation: 5640Reputation: 5640Reputation: 5640Reputation: 5640Reputation: 5640Reputation: 5640Reputation: 5640Reputation: 5640Reputation: 5640
Quote:
Originally Posted by mail4vijay View Post
Hi,

I configured ( sendmail + Smarthost + pop-before-smtp settings + smtp auth settigns ), today i saw 18000 mail in mailq and somebody sending mail from my mailserver ,as i got reported by ISP for spaming. How someone broke the sendmail + pop-before-smtp settings. i usually access that system through webmin. Is webmin cause to hack password.

Or How someone break sendmail security without even choosing my own user / password spamper settings messages to smart hosts to yahoo / gmail with his own junk user name and password?

I stopped sendmail for the time being.
Any idea what i should look for and what i should go for its remediation?

Any help would be greatly appreicated.
Webmin is unsafe to start with, in my opinion. If you want a secure system, run as few open services on it as you can. Disable EVERYTHING that's not needed. On my mail servers, all I've got running is sendmail and SSH...you should be easily able to configure and maintain sendmail via a terminal window.

And as jlightner said, you've probably got an open relay running. Set up a good ACL, and turn off open relays.
 
Old 02-26-2010, 11:11 AM   #4
mail4vijay
Member
 
Registered: Oct 2009
Location: Delhi
Distribution: CentOS , RHEL
Posts: 214

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by TB0ne View Post
Webmin is unsafe to start with, in my opinion. If you want a secure system, run as few open services on it as you can. Disable EVERYTHING that's not needed. On my mail servers, all I've got running is sendmail and SSH...you should be easily able to configure and maintain sendmail via a terminal window.

And as jlightner said, you've probably got an open relay running. Set up a good ACL, and turn off open relays.
Thaks for all reply , i am checknig back my sendmail settings and hopefully would resolve this issue.

Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
lighttpd breaks after large system update (kind of solved) luk32 Linux - Networking 2 02-24-2010 11:40 AM
Sendmail Spammer Prevention zachlac Linux - Software 3 09-03-2009 12:55 PM
Sendmail wrapper to detected spammer (which domain is using PHP's mail function? stefaandk Programming 1 02-12-2007 12:13 AM
Partial System Breaks Down after upgrade to v10.1 Manuel-H Slackware 1 03-09-2005 05:32 PM
apt-get install then my system goes nuts and breaks! SonoranFun Linux - Software 1 12-27-2004 08:00 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 02:07 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration