Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-02-2005, 11:15 AM   #1
Registered: Oct 2003
Posts: 64

Rep: Reputation: 15
Breach in Sendmail Security?


I just received an email from "A User"@{mydomain}.com with the subject "Re: {some subject}". There is no such user authorized (by me) to send email from my server. I'm also using spamassassin- and it must not be properly configured because there is still a host of unwanted messages comming in.

I thought that I covered the bases as far as sendmail security was concerned. Is there a checklist that I can go through to make sure that I am less vulnerable? I'm running sendmail-8.12.8-9.90 on RedHat 9.0 kernel 2.4.20-20.9.

Any help would be appreciated.


Last edited by bper; 08-02-2005 at 11:23 AM.
Old 08-02-2005, 05:48 PM   #2
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
The "From" field on the email could have been forged. Take a look at your maillogs for any outgoing messages from that user. Also, the log entry for that particular incoming message should also indicate whether it was sent locally or remotely.
Old 08-02-2005, 06:40 PM   #3
Pete M
Registered: Aug 2003
Location: UK
Distribution: Redhat 9 FC 3 SUSE 9.2 SUSE 9.3 Gentoo 2005.0 Debian Sid
Posts: 657

Rep: Reputation: 32

I'm not saying don't worry or check your security but it happens all the time on my sendmail server

What I have done is add entries to /etc/mail/virtusertable listing all genuine email addresses mapped to users like this

Code:    peter    john
Then the last entry is
Code:     error:nouser User unknown
If you want to do this remember to add entries for admin@mydomain, hostmaster etc because only entries in this table will be allowed everything else is rejected

You need to create virtusertable.db from virtusertable which on redhat is simply run make on the command line while you are in the /mail directory

You can also check your server here just add your domain name in the first box

Something else you may find of interest is SpamBouncer I find it very effective against spam and is very configurable



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Security Questions] Last Login, how good is this feature for security breach info? t3gah Linux - Security 2 06-14-2005 02:02 AM
Network Security Breach nbjayme Linux - Security 0 03-17-2004 07:49 PM
security breach: send mail to unknown address? graffitici Linux - Security 4 01-29-2004 06:27 PM
HTTP access_log: security breach? lhoff Linux - Security 3 02-16-2002 12:10 PM
Security breach? lhoff Linux - Security 5 02-15-2002 02:33 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:27 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration