 |
 |
 |
 |
| Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits. |
21st May 2005, 10:13 PM
|
|
Registered User
|
|
Join Date: Mar 2005
Posts: 6
|
|
|
Sendmail spams
Hey all
The last couple of days i been having some problems with some spammer using my server to send out there spam, im not excatly sure how so thats why im asking you guys !
I recived a letter from my ISP about it, so i tought i look trough the log files, and i understand why i got the letter 
i have 2000 or 3000 lines in /var/log/maillog that looks like this:
Code:
May 21 02:57:07 0x50a46d69 sendmail[30824]: j4L0v6IB030824: from=nobody, size=2920, class=0, nrcpts=1, msgid=<200505210057.j4L0v6IB030824@0x50a46d69.arcnxx15.domain.com>, relay=nobody@localhost
May 21 02:57:07 0x50a46d69 sendmail[30825]: j4L0v7TU030825: from=<nobody@0x50a46d69.arcnxx15.domain.com>, size=3189, class=0, nrcpts=1, msgid=<200505210057.j4L0v6IB030824@0x50a46d69.arcnxx15.domain.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
May 21 02:57:07 0x50a46d69 sendmail[30824]: j4L0v6IB030824: to=poloblade@aol.com, ctladdr=nobody (99/99), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=32920, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (j4L0v7TU030825 Message accepted for delivery)
May 21 02:57:08 0x50a46d69 sendmail[30827]: j4L0v7TU030825: to=<poloblade@aol.com>, ctladdr=<nobody@0x50a46d69.arcnxx15.domain.com> (99/99), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=123189, relay=smtp.mail.dk. [195.41.46.251], dsn=2.0.0, stat=Sent (Ok: queued as AB218262803)
replaced my own real domain with "domain.dk" for security
I have a standard sendmail configuration, where the only thing changed is smart relay, so it uses my ISPīs smtp server
I checked the sendmail configuration and everyting is limited to localhost, so no outsiders should have access to the sendmail (?)
on my website i have some scripts like "contact me" and so on that use the php mail() function, could this be exploited to send out all this spam ?
Im really i need of some help on this, and maybe a solution.
Sorry for my bad english, but itīs not my native language
Regards
Martin
|
22nd May 2005, 07:29 AM
|
|
Registered User
|
|
Join Date: Mar 2004
Location: Minnesota, USA
Age: 27
Posts: 7,909
|
|
You may have an open relay (though why this works with sendmail is local only is beyond me). See here for more on them and this about how to close them.
|
27th May 2005, 09:31 PM
|
 |
Registered User
|
|
Join Date: Apr 2005
Posts: 176
|
|
Quote:
|
Originally Posted by Maller
Hey all
The last couple of days i been having some problems with some spammer using my server to send out there spam, im not excatly sure how so thats why im asking you guys !
I recived a letter from my ISP about it, so i tought i look trough the log files, and i understand why i got the letter
i have 2000 or 3000 lines in /var/log/maillog that looks like this:
Code:
May 21 02:57:07 0x50a46d69 sendmail[30824]: j4L0v6IB030824: from=nobody, size=2920, class=0, nrcpts=1, msgid=<200505210057.j4L0v6IB030824@0x50a46d69.arcnxx15.domain.com>, relay=nobody@localhost
May 21 02:57:07 0x50a46d69 sendmail[30825]: j4L0v7TU030825: from=<nobody@0x50a46d69.arcnxx15.domain.com>, size=3189, class=0, nrcpts=1, msgid=<200505210057.j4L0v6IB030824@0x50a46d69.arcnxx15.domain.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
May 21 02:57:07 0x50a46d69 sendmail[30824]: j4L0v6IB030824: to=poloblade@aol.com, ctladdr=nobody (99/99), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=32920, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (j4L0v7TU030825 Message accepted for delivery)
May 21 02:57:08 0x50a46d69 sendmail[30827]: j4L0v7TU030825: to=<poloblade@aol.com>, ctladdr=<nobody@0x50a46d69.arcnxx15.domain.com> (99/99), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=123189, relay=smtp.mail.dk. [195.41.46.251], dsn=2.0.0, stat=Sent (Ok: queued as AB218262803)
replaced my own real domain with "domain.dk" for security
I have a standard sendmail configuration, where the only thing changed is smart relay, so it uses my ISPīs smtp server
I checked the sendmail configuration and everyting is limited to localhost, so no outsiders should have access to the sendmail (?)
on my website i have some scripts like "contact me" and so on that use the php mail() function, could this be exploited to send out all this spam ?
Im really i need of some help on this, and maybe a solution.
Sorry for my bad english, but itīs not my native language |
As you can see in this document ( http://www.sendmail.org/m4/anti_spam.html) sendmail does not relay by default so it would be curious to see extracts of your config files.
Ensure you run the ordb.org mail relay check.
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Hybrid Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
Current GMT-time: 18:58 (Thursday, 23-05-2013)
|
|
 |
 |
 |
 |
|
|
