I think I got it. Scalix is acting as a relay which makes sendmail listen to a different port. So, Scalix is listening on port 25 and then hands over the connection to Sendmail (which is listening on 127.0.0.1:xx). So in the logs, sendmail is saying that it is receiving mail from localhost. When I run purely sendmail (via the vanilla sendmail.cf) without Scalix, there is no more logs on connections from 127.0.0.1. Strange. But I will look into it further.
Thanks for the tips. On 11/15/06, christian <[EMAIL PROTECTED]> wrote:
On Wed, Nov 15, 2006 at 03:41:01PM +0800, Mhac Janapin wrote: > I was annoyed by a sudden influx of UCE to our MailServer (SuSE 10.1OSS, > Sendmail+Scalix 11 OE). After checking the logs, I was surprised to find out > that connections are coming from 127.0.0.1 (localhost) !? > > Could it be that our Mail Server is compromised? Any input welcome. if fetchmail is used to feed mail into sendmail, 'localhost' is the last host in the header chain, maybe? -- _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
-- Mhac Janapin PBTS SysAd ============= http://mulingsilang.blogspot.com ============= I'm an Open Source Enthusiast. c",) Mozilla Firefox 1 - getfirefox.com Mozilla Thunderbird 1 - mozilla.org OpenOffice.org =============
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
