[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Email relaying from localhost?

Subject: [cobalt-users] Email relaying from localhost?
From: "Curtis Ross" <Curtis_Ross@xxxxxx>
Date: Mon Feb 18 12:19:00 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hello All,
I'm hoping someone can give me some ideas as to how this is happening.
On Friday all of a sudden I had what looks like a whole bunch of mail go
blasting through my server. The only reason (other than seeing it in the
log) was one bounced back and my catch-all grabbed it.
To me it looks like the mail is coming from my local host. I know who is
doing it, but I can't figure out how.
There is only 2 admins that have access to our servers. They are the
only ones with SSH. We do allow cgi & forms but I checked his site and
neither exist. We don't allow relaying or SMTP traffic other than
through the use of forms.
I know the user is using mail2web.com (168.144.108.64)to get his mail.
Am I just reading this wrong or is this guy blasting email through our
servers? None of the recipients are located on our servers.
The server in question is a RAQ4r with all the patches and updates
except for the OS-2 update.
Sorry for the big log snip.

Curtis



<Log Snip>
Feb 15 15:55:15 www sendmail[4272]: g1FMtEn04272: from=httpd, size=794,
class=0, nrcpts=1, msgid=<200202152255.g1FMtEn04272@xxxxxxxxxxxxxxxx>,
relay=httpd@localhost
Feb 15 15:55:15 www sendmail[4275]: g1FMtFd04275: from=httpd, size=797,
class=0, nrcpts=1, msgid=<200202152255.g1FMtFd04275@xxxxxxxxxxxxxxxx>,
relay=httpd@localhost
Feb 15 15:55:15 www sendmail[4274]: g1FMtEn04272:
to=someone@xxxxxxxxxxxxxx, ctladdr=httpd (15/11), delay=00:00:01,
xdelay=00:00:00, mailer=esmtp, pri=30794, relay=mail.somedomain.com.
[139.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (Received message gytbuaaa OK.)
Feb 15 15:55:15 www sendmail[4278]: g1FMtFk04278: from=httpd, size=792,
class=0, nrcpts=1, msgid=<200202152255.g1FMtFk04278@xxxxxxxxxxxxxxxx>,
relay=httpd@localhost
Feb 15 15:55:15 www sendmail[4277]: g1FMtFd04275:
to=someone@xxxxxxxxxxxxxx, ctladdr=httpd (15/11), delay=00:00:00,
xdelay=00:00:00, mailer=esmtp, pri=30797, relay=mail.somedomain.com.
[24.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (
<200202152255.g1FMtFd04275@xxxxxxxxxxxxxxxx> Queued mail for delivery)
Feb 15 15:55:20 www sendmail[4280]: g1FMtFk04278:
to=someone@xxxxxxxxxxxxxx, ctladdr=httpd (15/11), delay=00:00:05,
xdelay=00:00:05, mailer=esmtp, pri=30792, relay=smtp.somedomain.com.
[199.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (Message received:
20020215225523.XWGF16061.priv-edtnes11-hme0.somedomain.net@xxxxxxxxxxxxx
com)
Feb 15 15:55:25 www sendmail[4281]: g1FMtFA04281: from=httpd, size=787,
class=0, nrcpts=1, msgid=<200202152255.g1FMtFA04281@xxxxxxxxxxxxxxxx>,
relay=httpd@localhost
Feb 15 15:55:25 www sendmail[4284]: g1FMtPK04284: from=httpd, size=797,
class=0, nrcpts=1, msgid=<200202152255.g1FMtPK04284@xxxxxxxxxxxxxxxx>,
relay=httpd@localhost
Feb 15 15:55:26 www sendmail[4283]: g1FMtFA04281:
to=someone@xxxxxxxxxxxxxx, ctladdr=httpd (15/11), delay=00:00:11,
xdelay=00:00:01, mailer=esmtp, pri=30787, relay=dpmail13.somedomain.com.
[209.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (Message queued)
Feb 15 15:55:26 www sendmail[4286]: g1FMtPK04284:
to=someone@xxxxxxxxxxxxxx, ctladdr=httpd (15/11), delay=00:00:01,
xdelay=00:00:01, mailer=esmtp, pri=30797, relay=mailin1.somedomain.com.
[207.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (PAA24830 Message accepted for
delivery)
Feb 15 15:55:26 www sendmail[4287]: g1FMtPH04287: from=httpd, size=794,
class=0, nrcpts=1, msgid=<200202152255.g1FMtPH04287@xxxxxxxxxxxxxxxx>,
relay=httpd@localhost
Feb 15 15:55:26 www sendmail[4290]: g1FMtQ104290: from=httpd, size=796,
class=0, nrcpts=1, msgid=<200202152255.g1FMtQ104290@xxxxxxxxxxxxxxxx>,
relay=httpd@localhost
Feb 15 15:55:26 www sendmail[4293]: g1FMtQ204293: from=httpd, size=794,
class=0, nrcpts=1, msgid=<200202152255.g1FMtQ204293@xxxxxxxxxxxxxxxx>,
relay=httpd@localhost
Feb 15 15:55:26 www sendmail[4296]: g1FMtQM04296: from=httpd, size=798,
class=0, nrcpts=1, msgid=<200202152255.g1FMtQM04296@xxxxxxxxxxxxxxxx>,
relay=httpd@localhost
Feb 15 15:55:26 www sendmail[4299]: g1FMtQC04299: from=httpd, size=794,
class=0, nrcpts=1, msgid=<200202152255.g1FMtQC04299@xxxxxxxxxxxxxxxx>,
relay=httpd@localhost
Feb 15 15:55:26 www sendmail[4302]: g1FMtQN04302: from=httpd, size=796,
class=0, nrcpts=1, msgid=<200202152255.g1FMtQN04302@xxxxxxxxxxxxxxxx>,
relay=httpd@localhost
Feb 15 15:55:26 www sendmail[4305]: g1FMtQN04305: from=httpd, size=794,
class=0, nrcpts=1, msgid=<200202152255.g1FMtQN04305@xxxxxxxxxxxxxxxx>,
relay=httpd@localhost
Feb 15 15:55:26 www sendmail[4301]: g1FMtQC04299:
to=someone@xxxxxxxxxxxxxx, ctladdr=httpd (15/11), delay=00:00:00,
xdelay=00:00:00, mailer=esmtp, pri=30794, relay=mailin2.somedomain.com.
[207.228.64.39], dsn=2.0.0, stat=Sent (PAA28014 Message accepted for
delivery)
Feb 15 15:55:26 www sendmail[4308]: g1FMtQF04308: from=httpd, size=793,
class=0, nrcpts=1, msgid=<200202152255.g1FMtQF04308@xxxxxxxxxxxxxxxx>,
relay=httpd@localhost

<Log Snip End>

Follow-Ups:
- Re: [cobalt-users] Email relaying from localhost?
  - From: Gerald Waugh
- Re: [cobalt-users] Email relaying from localhost?
  - From: Utopia Research Dept

Prev by Date: [cobalt-users] Admin interface Broken
Next by Date: RE: [cobalt-users] secondary dns
Previous by thread: Re: [cobalt-users] Admin interface Broken
Next by thread: Re: [cobalt-users] Email relaying from localhost?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index