Chris
On 7/19/06, Stephen Barner <[EMAIL PROTECTED]> wrote:
I've got a server that hosts a few websites and a PHP BBS. It uses
sendmail to handle a few light mail duties (though the spammers have found
it, so I have to delete a few dozen spam messages that come in every day).
I recently noticed some unusual activity on the server and checking
var/log/maillog, I find a bunch of messages of this type being produced (I
substituted mydomain for the real domain name of the local server):
Jul 19 07:16:43 www sendmail[3541]: k6JBGh3U003541:
<[EMAIL PROTECTED]>... User unknown
Jul 19 07:16:43 www sendmail[3541]: k6JBGh3U003541: from=<>, size=21287,
class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=imail.mlode.com
[208.12.100.136]
If I am reading this correctly, the server sent a message with no sender
listed to the nonexistant local user FaygjkFarris through imail.mlode.com.
I can't figure out the logic behind this, especially since all the
usernames are really odd and not likely to produce successful hits. I also
have no idea what is initiating the exchanges. It would seem that there
might be some kind of malware running on the local machine trying to send
these messages out, but I can't find anything unusual. Perhaps I am
reading the maillog incorrectly but for now I shut down sendmail until I
can resolve the problem. The sendmail version is 8.12.4.
Steve Barner
--
Chris
www.chrisadams.org
www.linuxchris.com
AOL and Yahoo IM - fan0of0as
MSN Messenger - [EMAIL PROTECTED]
