[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Re: var/spool/mail/.forward: World writable directory
- Subject: [cobalt-users] Re: var/spool/mail/.forward: World writable directory
- From: flash22@xxxxxxx
- Date: Tue Apr 10 21:53:08 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
There was a message a while ago, but now i got one in the logs..;)
After a bit of poking around, i have come to the conclusion this
is a side effect of an odd spam forwarding hack involving
the autoresponder code...
forward /var/spool/mail/.forward: World writable directory
Seems to be a result of sendmail trying to deliver to user 'mail' which
has no home directory, this causing mail to try to look in the spool
directory, which is, in fact world writable to sendmail...
I am able to reproduce the error , tho not exactly the same results
the spam got...further elucidation welcome here...
gsh
---
Interesting logs from the spam....
--
[initial delivery]
sendmail[14437]: PAA14437: from=<chastj@xxxxxxxxxxxxx>,
size=1593, class=0, pri=31593, nrcpts=1,
msgid=<11.890408.431050@xxxxxxxxxxxxxxxxxx>,
relay=[206.46.170.141] <-- was open relay,now crispy toast
sendmail[14438]: PAA14437: to=(user fwd address)
mailer=esmtp, relay=mail00.dfw.mindspring.net. stat=Sent
sendmail[14438]: PAA14437: to=\intern,
[the autoresponder]
[hmm, nrcpts=1 but 2 addresses were delivered to]
[responder tried to deliver]
sendmail[14443]: PAA14441: to=chastj@xxxxxxxxxxxxx,
relay=mx06.earthlink.net. [207.217.120.130], stat=User unknown
[and tried to bounce back to 'mail@localhost']
admin sendmail[14443]: PAA14441: forward /var/spool/mail/.forwar
d.admin: World writable directory
admin sendmail[14443]: PAA14441: forward /var/spool/mail/.forwar
d: World writable directory
admin sendmail[14443]: PAA14441: PAA14443: DSN: User unknown
admin sendmail[14443]: PAA14443: to=mail, delay=00:00:00,
mailer=local, stat=Sent
---
what 'mail' got (trimmed)
-----
>From mail Tue Apr 10 15:49:16 2001
Return-Path: <MAILER-DAEMON>
Received: from localhost (localhost)
by admin. (8.9.3/8.9.3) with internal id PAA14443;
From: Mail Delivery Subsystem <MAILER-DAEMON@admin.>
To: mail@xxxxxxxxxxxxxxxxxx
...
--PAA14443.986932156/admin.mydomain.com
... while talking to mx06.earthlink.net.:
>>> RCPT To:<chastj@xxxxxxxxxxxxx>
<<< 550 chastj@xxxxxxxxxxxxxxxxxxxx unknown
--PAA14443.986932156/admin.mydomain.com
Return-Path: <mail>
Received: (from mail@localhost)
by admin.mydomain.com (8.9.3/8.9.3) id PAA14441;
Tue, 10 Apr 2001 15:49:14 -0400
Message-Id: <200104101949.PAA14441@xxxxxxxxxxxxxxxxxx>
From: intern@xxxxxxxxxxxxxxxxxxxxxxx
To: chastj@xxxxxxxxxxxxx
Precedence: junk
Subject: Automated Reply from <intern@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue Apr 10 15:49:13 2001
----
[note the inconsistant return paths, mail@localhost,mail@domain, why?]
What the auto responder got
----
>From chastj@xxxxxxxxxxxxx Tue Apr 10 15:49:12 2001
Return-Path: <chastj@xxxxxxxxxxxxx>
Received: from smtp9ve.mailsrvcs.net ([206.46.170.141])
by admin.mydomain.com (8.9.3/8.9.3) with ESMTP id PAA14437
for <intern@xxxxxxxxxxxxxxxxxxx>; Tue, 10 Apr 2001 15:49:05 -0400
From: chastj@xxxxxxxxxxxxx
Received: from intrand-mearth.net
(adsl-151-202-80-205.nyc.adsl.bellatlantic.net [151.202.80.205])
by smtp9ve.mailsrvcs.net (8.9.1/8.9.1) with SMTP id OAA14382
for <intern@xxxxxxxxxxxxxxxxxxx>; Tue,
10 Apr 2001 14:48:55 -0500 (CDT)
To: <intern@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 10 Apr 2001 12:14:31
Message-Id: <11.890408.431050@xxxxxxxxxxxxxxxxxx>
Subject: Dear Small Business Professional
COMPLETE CREDIT CARD PROCESSING SYSTEMS.
INTERNET - HOME BASED - MAIL ORDER - PHONE ORDER
[etc etc....spam]
--