Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 21st May 2005, 10:13 PM
Maller Offline
Registered User
 
Join Date: Mar 2005
Posts: 6
Sendmail spams

Hey all
The last couple of days i been having some problems with some spammer using my server to send out there spam, im not excatly sure how so thats why im asking you guys !
I recived a letter from my ISP about it, so i tought i look trough the log files, and i understand why i got the letter
i have 2000 or 3000 lines in /var/log/maillog that looks like this:
Code:
May 21 02:57:07 0x50a46d69 sendmail[30824]: j4L0v6IB030824: from=nobody, size=2920, class=0, nrcpts=1, msgid=<200505210057.j4L0v6IB030824@0x50a46d69.arcnxx15.domain.com>, relay=nobody@localhost
May 21 02:57:07 0x50a46d69 sendmail[30825]: j4L0v7TU030825: from=<nobody@0x50a46d69.arcnxx15.domain.com>, size=3189, class=0, nrcpts=1, msgid=<200505210057.j4L0v6IB030824@0x50a46d69.arcnxx15.domain.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
May 21 02:57:07 0x50a46d69 sendmail[30824]: j4L0v6IB030824: to=poloblade@aol.com, ctladdr=nobody (99/99), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=32920, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (j4L0v7TU030825 Message accepted for delivery)
May 21 02:57:08 0x50a46d69 sendmail[30827]: j4L0v7TU030825: to=<poloblade@aol.com>, ctladdr=<nobody@0x50a46d69.arcnxx15.domain.com> (99/99), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=123189, relay=smtp.mail.dk. [195.41.46.251], dsn=2.0.0, stat=Sent (Ok: queued as AB218262803)


replaced my own real domain with "domain.dk" for security
I have a standard sendmail configuration, where the only thing changed is smart relay, so it uses my ISPīs smtp server

I checked the sendmail configuration and everyting is limited to localhost, so no outsiders should have access to the sendmail (?)
on my website i have some scripts like "contact me" and so on that use the php mail() function, could this be exploited to send out all this spam ?

Im really i need of some help on this, and maybe a solution.
Sorry for my bad english, but itīs not my native language

Regards
Martin
Reply With Quote
  #2  
Old 22nd May 2005, 07:29 AM
Jman Offline
Registered User
 
Join Date: Mar 2004
Location: Minnesota, USA
Age: 28
Posts: 7,909
You may have an open relay (though why this works with sendmail is local only is beyond me). See here for more on them and this about how to close them.
Reply With Quote
  #3  
Old 27th May 2005, 09:31 PM
bubudiu Offline
Registered User
 
Join Date: Apr 2005
Posts: 176
Quote:
Originally Posted by Maller
Hey all
The last couple of days i been having some problems with some spammer using my server to send out there spam, im not excatly sure how so thats why im asking you guys !
I recived a letter from my ISP about it, so i tought i look trough the log files, and i understand why i got the letter
i have 2000 or 3000 lines in /var/log/maillog that looks like this:
Code:
May 21 02:57:07 0x50a46d69 sendmail[30824]: j4L0v6IB030824: from=nobody, size=2920, class=0, nrcpts=1, msgid=<200505210057.j4L0v6IB030824@0x50a46d69.arcnxx15.domain.com>, relay=nobody@localhost
May 21 02:57:07 0x50a46d69 sendmail[30825]: j4L0v7TU030825: from=<nobody@0x50a46d69.arcnxx15.domain.com>, size=3189, class=0, nrcpts=1, msgid=<200505210057.j4L0v6IB030824@0x50a46d69.arcnxx15.domain.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
May 21 02:57:07 0x50a46d69 sendmail[30824]: j4L0v6IB030824: to=poloblade@aol.com, ctladdr=nobody (99/99), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=32920, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (j4L0v7TU030825 Message accepted for delivery)
May 21 02:57:08 0x50a46d69 sendmail[30827]: j4L0v7TU030825: to=<poloblade@aol.com>, ctladdr=<nobody@0x50a46d69.arcnxx15.domain.com> (99/99), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=123189, relay=smtp.mail.dk. [195.41.46.251], dsn=2.0.0, stat=Sent (Ok: queued as AB218262803)


replaced my own real domain with "domain.dk" for security
I have a standard sendmail configuration, where the only thing changed is smart relay, so it uses my ISPīs smtp server

I checked the sendmail configuration and everyting is limited to localhost, so no outsiders should have access to the sendmail (?)
on my website i have some scripts like "contact me" and so on that use the php mail() function, could this be exploited to send out all this spam ?

Im really i need of some help on this, and maybe a solution.
Sorry for my bad english, but itīs not my native language

As you can see in this document (http://www.sendmail.org/m4/anti_spam.html) sendmail does not relay by default so it would be curious to see extracts of your config files.

Ensure you run the ordb.org mail relay check.
__________________
RH9 -> FC3 -> FC6 (Jan 2007) Catch me Here

FC3 Firefox Start Page FC3 Firefox Start Page Download FC3 Hardening Guide FC3 Kernel Recompile Guide

Capt Bubudiu "Sheriff"
Reply With Quote
Reply

Tags
sendmail, spams

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sendmail not processing messages after reboot - possible sendmail bug theedge981 Using Fedora 2 11th January 2009 03:52 AM
Sendmail BCC drewsmith Servers & Networking 1 19th July 2007 02:17 PM


Current GMT-time: 12:42 (Saturday, 25-10-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletinŪ Copyright Đ2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Gandhidham Instagram Photos - Zhuangyuan Instagram Photos - Campos