[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Spammer sending from httpd on our RaQ3
- Subject: [cobalt-users] Spammer sending from httpd on our RaQ3
- From: "Paul Johnson" <pfj@xxxxxxxxxxx>
- Date: Wed Dec 12 08:32:02 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Someone is sending spam via one of our RaQs, they've apparently found a
way to send mail as if it were coming from the http daemon. Not sure
just how to disable this, particularly in a way that the GUI won't
re-enable next time we add an email account. Any ideas?
We've always kept the machine up to date with patches from Cobalt. No
indication of any hacks to the machine.
Here's a typical line in our maillog:
Dec 11 13:39:44 raq3-02 sendmail[4687]: NAA04687: from=httpd, size=1254,
class=0, pri=751254, nrcpts=25,
msgid=<200112111839.NAA04687@xxxxxxxxxxxxxxxxxxx>, relay=httpd@localhost
Dec 11 13:39:45 raq3-02 sendmail[4689]: NAA04687:
to=cheeks1304@xxxxxxx,acox971656@xxxxxxx,damsilndistress@xxxxxxx,damsipp
i@xxxxxxx,bhlc36@xxxxxxx,cahos128@xxxxxxx,corvmf@xxxxxxx,damsk8brdr@aol.
com,bhlcops@xxxxxxx,aves8322@xxxxxxx,corvmike@xxxxxxx,avesper7@xxxxxxx,d
ownmelt@xxxxxxx,damsk8rkid@xxxxxxx,downmeltd@xxxxxxx,cahos33@xxxxxxx,dam
sk92302@xxxxxxx,downmethod@xxxxxxx,avessillo@xxxxxxx,downmf@xxxxxxx,dams
k@xxxxxxx,cahosang@xxxxxxx,bookrb@xxxxxxx,bhlcsnl@xxxxxxx,avest9888@aol.
com, ctladdr=httpd (15/11), delay=00:00:01, xdelay=00:00:01,
mailer=esmtp, relay=mailin-01.mx.aol.com. [64.12.136.57], stat=Sent (OK)
Thanks in advance for all help and advice....
---------------------------------------
Paul Johnson
Millennia Logix, Inc. / promoBubble.com
paul@xxxxxxxxxxx
---------------------------------------
---------------------------------------
Paul Johnson
Millennia Logix, Inc. / promoBubble.com
paul@xxxxxxxxxxx
---------------------------------------