LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-20-2006, 04:01 PM   #1
tgrist
LQ Newbie
 
Registered: Aug 2006
Posts: 3

Rep: Reputation: 0
Unhappy Sendmail - Spam Abuse


Linux server running sendmail without any open relay. No domains send mail out via the server at the moment. When I look at the maillog I can see a constant stream of messages being sent to yahoo accounts.

How can I determine what/who is initiating this use of sendmail?
 
Old 08-20-2006, 04:45 PM   #2
bigrigdriver
LQ Addict
 
Registered: Jul 2002
Location: East Centra Illinois, USA
Distribution: Debian stable
Posts: 5,908

Rep: Reputation: 356Reputation: 356Reputation: 356Reputation: 356
Sounds like someone is using your server as an SMPT relay. Versions of Sendmail before 8.9 allowed that be default. Since the release of 8.9, it has to be specifically allowed. You can find out more here:
http://www.redhat.com/docs/manuals/l...ping-spam.html
 
Old 08-20-2006, 04:56 PM   #3
tgrist
LQ Newbie
 
Registered: Aug 2006
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks for the reply but we are already running Sendmail version 8.11.6 so the relay should need to be explicit.

The maillog does not seem to give any indication of where the request to send the mail is originating from.
 
Old 08-20-2006, 06:18 PM   #4
bigrigdriver
LQ Addict
 
Registered: Jul 2002
Location: East Centra Illinois, USA
Distribution: Debian stable
Posts: 5,908

Rep: Reputation: 356Reputation: 356Reputation: 356Reputation: 356
Can you adjust the degree of logging to maillog? As in, make it more verbose, paranoid, etc.?
 
Old 08-22-2006, 09:58 AM   #5
tgrist
LQ Newbie
 
Registered: Aug 2006
Posts: 3

Original Poster
Rep: Reputation: 0
Fault traced to user with Spyware

I have now determined that a particular user has been infected with a trojan causing the sending out of the mail through their account. I have diabled them whilst they clean their system.

I had thought that if no domains were enabled for relaying that they could not relay through their own domains. This appears not to be the case although if trying to smtp this does get blocked
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
spam and sendmail Ammad Linux - Networking 1 12-14-2005 10:55 AM
Sendmail and spam filtering... jsheffie Linux - Networking 1 01-10-2005 04:14 PM
Spam and sendmail Jonpittam Linux - Software 2 09-30-2004 07:56 AM
Sendmail Spam MrJoshua Linux - Software 1 08-14-2003 11:54 AM
how to stop spam:sendmail nabil Linux - General 3 09-10-2002 07:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration