LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Mail problem (https://www.linuxquestions.org/questions/linux-security-4/mail-problem-4175436239/)

sanjibgupta 11-08-2012 06:03 AM
Mail problem
 
Hi
I have sendmail(sendmail-8.12.10-1) running on RHEL 3. Recently I in the mailq I have noticed Reciepts as <undisclosed> from <info@msn.com> trying to send mail to users outside the network.
I donot allow my machine to RELAY.
My port 25 telnet is closed so i cannot check if my machine is working as open relay.

Can I anyway know what address are there in <undisclosed> as i am not fully aware if any user is forwarding this mail and why is machine sending this mail and how can i stop such activities.

Sanjib Gupta

Noway2 11-08-2012 08:36 AM
Quote:
sendmail(sendmail-8.12.10-1) running on RHEL 3.
STOP. RIGHT. THERE! This machine is SERIOUSLY OUT OF DATE!

Sendmail 8.12.10 was released 2003/09/17, making it almost a decade old!
RHEL3 was released between 2003-10-22 and 2007-06-15 depending on the patch level and all versions are running kernel revision 2.4

The fact that your logs are showing your mail system trying to send to undisclosed recipients, which to me says spamming a list of BCC recipients, via an obvious spoof from address is a strong indication that your system has been compromised in some fashion. Without performing an investigation you won't know how. Given that the machine is so severely out of date, I question whether a thorough investigation would be worth the effort. This is a decision you will have to make. More importantly, running a public facing server, especially an email server requires a responsible commitment and this machine has clearly been neglected. Even if you were to wipe the machine out, rebuild it using current software, you would still have to decide if you are willing to spend the effort to manage it responsibly.


All times are GMT -5. The time now is 04:47 PM.