ahhh my sendmail is sending spam?!?!

mrlucio79 · 04-12-2007, 09:44 AM

I am currently running Sendmail 8.13.7 on FC5 and totally blacklisted. I did a Netstat -a and got the following:

tcp 0 0 10.2.8.40:smtp ovalgenius.com:10047 TIME_WAIT
tcp 0 0 localhost.localdomain:smtp localhost.localdomain:42930 TIME_WAIT
tcp 0 0 10.2.8.40:smtp mx1.gc-bmg.com:51384 TIME_WAIT

Where do I start to fix this issue? All help is appreciated!

mrlucio79 · 04-12-2007, 09:46 AM

and more

tcp 0 0 10.2.8.40:smtp ipsec10.superactiveme:65209 SYN_RECV
tcp 0 0 10.2.8.40:smtp mx1.fuji-says.com:37985 TIME_WAIT
tcp 0 0 10.2.8.40:smtp mail4.cargill.com:35396 TIME_WAIT

mrlucio79 · 04-12-2007, 10:42 AM

a little bit more info. My sendmail server forwards email to a internal exchange server. Do you think it would work if I changed the outgoing smtp port on my sendmail to a different port number? or would this also affect my incoming?

Capt_Caveman · 04-12-2007, 08:38 PM

Do you have anything in the mail logs in /var/log/ ? Also post the output of "ps aux" run as root.

Zention · 04-13-2007, 05:06 PM

You have an open relay.

google for the solution.

You might want to consider changing to qmail or postfix, sendmail is notoriously hard to configure.

I think the guy who wrote it is paraphrased as saying, 'if he knew how hard it would have been to write it initially and how much time in maintenance he would need to spend he would never would have written it.'

Once you have stopped the open relay you can work on de-black listing yourself.

coolb · 04-14-2007, 02:49 PM

yes, you need to configure Sendmail correctly. Configure it so that it wont relay for all domains :P (though this might/will differ from your Sendmail needs)

Capt_Caveman · 04-14-2007, 07:52 PM

With the minimal info provided, I don't think anyone can say that the system is acting as an open relay and definitively rule out a compromise. Please post the relevant log data and netstat output so that we can rule that out and move on to investigating why it's relaying.