On Tuesday 23 December 2003 20:43, Chris W. Parker wrote: > Hi gang. > > Yesterday and today I've received three strange emails. Two came > yesterday and supposedly came from "Dino"@server.domain.com > (server.domain.com of course being replaced by the actual fqdn). > Today's messages was "from" "Goddard Chuck"@server.domain.com. > > I'm using the default sendmail install plus one update (me thinks) > on RH8. According to "telnet localhost 25" I'm running sendmail > 8.12.8/8.12.5. > > The server.domain.com is actually an email gateway to our ms > exchange server. The sendmail server doesn't actually do any > sending of email except to receive email for our domain and forward > it to the exchange server. Except for the box being compromised or > exploited in some way how else could the email appear to have come > from @server.domain.com? Does it sound like the box is being > exploited? > > I can send the email headers to anyone that would like to see them. > > > Thanks, > Chris. You'll probably have to take a look at the full headers of the message(s) in question. They should be able to shed more light on the story. Regards, Mike Klinke -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
