Sendmail is installed by default. Many services are dependant on it. Login as root and read the email on the box. Did you set roots email to be forwarded off the box? Did this box take the name of an old MX record? I still think it's cron though. Also run: netstat -pan And make sure nothing is watching port 25. If you have something on port 25 find out what and why. -----Original Message----- From: Billy Davis [mailto:bdavis@xxxxxxxxxxxx] Sent: Friday, December 05, 2003 1:05 PM To: redhat-list@xxxxxxxxxx Subject: Re: How to detect spammers? ----- Original Message ----- From: "Jason Staudenmayer" <jasons@xxxxxxxxxxxxxx> To: <redhat-list@xxxxxxxxxx> Sent: Friday, December 05, 2003 12:45 PM Subject: RE: How to detect spammers? > Firewall it and read up on hardening Linux. Get rid of ALL SERVICES NOT > NEEDED. Those emails you are seeing are more than likely the nightly cron > jobs. If you did nothing with sendmail after install it only listens locally > on 127.0.0.1 that is default. We did not change anything with sendmail after installation, and were surprised that it was installed. The time and dates on the entries in maillog coincide with the time and dates of groups of 'undeliverable mail' that was returned to a windows workstation on the same internal network. They all include our return address, but we never sent them. Thanks, Bdavis > > -----Original Message----- > From: Billy Davis [mailto:bdavis@xxxxxxxxxxxx] > Sent: Friday, December 05, 2003 11:46 AM > To: redhat-list@xxxxxxxxxx > Subject: Re: How to detect spammers? > > > > ----- Original Message ----- > From: "Jason Staudenmayer" <jasons@xxxxxxxxxxxxxx> > To: <redhat-list@xxxxxxxxxx> > Sent: Friday, December 05, 2003 10:34 AM > Subject: RE: How to detect spammers? > > > > Start by making sure your not a open relay. Then check your maillog for > > outside connections sending email outside of your domain (relaying). It > > would also help if we knew what MTA you have running. > > The maillog has entries that coincide with the suspected spam transmission > times. Also, the entries include 'mailer=relay' and 'relay=[127.0.0.1]'. > We > do not use the RH Server for mail at all, but I did notice that 'sendmail' > is > enabled, so I disabled it. What else do we need to do? > > Thanks, > Bdavis > > > > > > -----Original Message----- > > From: Billy Davis [mailto:bdavis@xxxxxxxxxxxx] > > Sent: Friday, December 05, 2003 10:22 AM > > To: redhat-list@xxxxxxxxxx > > Subject: How to detect spammers? > > > > > > We have reason to believe that someone on the Internet > > is using our RH9 Linux server to distribute spam. Are > > there any log files that we can check to verify this? > > How can we prevent it? > > > > Thanks, > > Bdavis > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
