First, it doesn't sound like it's coming from the RH box. By default, RH installs sendmail and only listens on localhost. This means it refused external connections. Also be default, it isn't setup to relay anything. Is this box on the public Internet at all? If not, then something would have to bounce mail locally off of it somehow. <<JAV>> ---------- Original Message ----------- From: "Billy Davis" <bdavis@xxxxxxxxxxxx> To: <redhat-list@xxxxxxxxxx> Sent: Fri, 5 Dec 2003 13:04:36 -0500 Subject: Re: How to detect spammers? > ----- Original Message ----- > From: "Jason Staudenmayer" <jasons@xxxxxxxxxxxxxx> > To: <redhat-list@xxxxxxxxxx> > Sent: Friday, December 05, 2003 12:45 PM > Subject: RE: How to detect spammers? > > > Firewall it and read up on hardening Linux. Get rid of ALL SERVICES NOT > > NEEDED. Those emails you are seeing are more than likely the nightly cron > > jobs. If you did nothing with sendmail after install it only listens > locally > > on 127.0.0.1 that is default. > > We did not change anything with sendmail after installation, and were > surprised > that it was installed. The time and dates on the entries in maillog > coincide with > the time and dates of groups of 'undeliverable mail' that was > returned to a windows workstation on the same internal network. > They all include our return address, but we never sent them. > > Thanks, > Bdavis > > > > > -----Original Message----- > > From: Billy Davis [mailto:bdavis@xxxxxxxxxxxx] > > Sent: Friday, December 05, 2003 11:46 AM > > To: redhat-list@xxxxxxxxxx > > Subject: Re: How to detect spammers? > > > > > > > > ----- Original Message ----- > > From: "Jason Staudenmayer" <jasons@xxxxxxxxxxxxxx> > > To: <redhat-list@xxxxxxxxxx> > > Sent: Friday, December 05, 2003 10:34 AM > > Subject: RE: How to detect spammers? > > > > > > > Start by making sure your not a open relay. Then check your maillog for > > > outside connections sending email outside of your domain (relaying). It > > > would also help if we knew what MTA you have running. > > > > The maillog has entries that coincide with the suspected spam transmission > > times. Also, the entries include 'mailer=relay' and 'relay=[127.0.0.1]'. > > We > > do not use the RH Server for mail at all, but I did notice that 'sendmail' > > is > > enabled, so I disabled it. What else do we need to do? > > > > Thanks, > > Bdavis > > > > > > > > > > -----Original Message----- > > > From: Billy Davis [mailto:bdavis@xxxxxxxxxxxx] > > > Sent: Friday, December 05, 2003 10:22 AM > > > To: redhat-list@xxxxxxxxxx > > > Subject: How to detect spammers? > > > > > > > > > We have reason to believe that someone on the Internet > > > is using our RH9 Linux server to distribute spam. Are > > > there any log files that we can check to verify this? > > > How can we prevent it? > > > > > > Thanks, > > > Bdavis > > > > > > > > > -- > > > redhat-list mailing list > > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > > > > -- > > > redhat-list mailing list > > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list ------- End of Original Message ------- -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
