[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Email relaying from localhost?
- Subject: Re: [cobalt-users] Email relaying from localhost?
- From: "Utopia Research Dept" <research@xxxxxxxxxxxxx>
- Date: Mon Feb 18 14:26:22 2002
- Organization: Utopia Communications Ltd.
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Have you got an old version of sendmail (FormMail.pl) on your server ?
The latest version .... I think is 1.9 (I think)
Martin
Utopia
----- Original Message -----
From: "Curtis Ross" <Curtis_Ross@xxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Monday, February 18, 2002 8:00 PM
Subject: [cobalt-users] Email relaying from localhost?
> Hello All,
> I'm hoping someone can give me some ideas as to how this is happening.
> On Friday all of a sudden I had what looks like a whole bunch of mail go
> blasting through my server. The only reason (other than seeing it in the
> log) was one bounced back and my catch-all grabbed it.
> To me it looks like the mail is coming from my local host. I know who is
> doing it, but I can't figure out how.
> There is only 2 admins that have access to our servers. They are the
> only ones with SSH. We do allow cgi & forms but I checked his site and
> neither exist. We don't allow relaying or SMTP traffic other than
> through the use of forms.
> I know the user is using mail2web.com (168.144.108.64)to get his mail.
> Am I just reading this wrong or is this guy blasting email through our
> servers? None of the recipients are located on our servers.
> The server in question is a RAQ4r with all the patches and updates
> except for the OS-2 update.
> Sorry for the big log snip.
>
> Curtis
>
>
>
> <Log Snip>
> Feb 15 15:55:15 www sendmail[4272]: g1FMtEn04272: from=httpd, size=794,
> class=0, nrcpts=1, msgid=<200202152255.g1FMtEn04272@xxxxxxxxxxxxxxxx>,
> relay=httpd@localhost
> Feb 15 15:55:15 www sendmail[4275]: g1FMtFd04275: from=httpd, size=797,
> class=0, nrcpts=1, msgid=<200202152255.g1FMtFd04275@xxxxxxxxxxxxxxxx>,
> relay=httpd@localhost
> Feb 15 15:55:15 www sendmail[4274]: g1FMtEn04272:
> to=someone@xxxxxxxxxxxxxx, ctladdr=httpd (15/11), delay=00:00:01,
> xdelay=00:00:00, mailer=esmtp, pri=30794, relay=mail.somedomain.com.
> [139.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (Received message gytbuaaa OK.)
> Feb 15 15:55:15 www sendmail[4278]: g1FMtFk04278: from=httpd, size=792,
> class=0, nrcpts=1, msgid=<200202152255.g1FMtFk04278@xxxxxxxxxxxxxxxx>,
> relay=httpd@localhost
> Feb 15 15:55:15 www sendmail[4277]: g1FMtFd04275:
> to=someone@xxxxxxxxxxxxxx, ctladdr=httpd (15/11), delay=00:00:00,
> xdelay=00:00:00, mailer=esmtp, pri=30797, relay=mail.somedomain.com.
> [24.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (
> <200202152255.g1FMtFd04275@xxxxxxxxxxxxxxxx> Queued mail for delivery)
> Feb 15 15:55:20 www sendmail[4280]: g1FMtFk04278:
> to=someone@xxxxxxxxxxxxxx, ctladdr=httpd (15/11), delay=00:00:05,
> xdelay=00:00:05, mailer=esmtp, pri=30792, relay=smtp.somedomain.com.
> [199.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (Message received:
> 20020215225523.XWGF16061.priv-edtnes11-hme0.somedomain.net@xxxxxxxxxxxxx
> com)
> Feb 15 15:55:25 www sendmail[4281]: g1FMtFA04281: from=httpd, size=787,
> class=0, nrcpts=1, msgid=<200202152255.g1FMtFA04281@xxxxxxxxxxxxxxxx>,
> relay=httpd@localhost
> Feb 15 15:55:25 www sendmail[4284]: g1FMtPK04284: from=httpd, size=797,
> class=0, nrcpts=1, msgid=<200202152255.g1FMtPK04284@xxxxxxxxxxxxxxxx>,
> relay=httpd@localhost
> Feb 15 15:55:26 www sendmail[4283]: g1FMtFA04281:
> to=someone@xxxxxxxxxxxxxx, ctladdr=httpd (15/11), delay=00:00:11,
> xdelay=00:00:01, mailer=esmtp, pri=30787, relay=dpmail13.somedomain.com.
> [209.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (Message queued)
> Feb 15 15:55:26 www sendmail[4286]: g1FMtPK04284:
> to=someone@xxxxxxxxxxxxxx, ctladdr=httpd (15/11), delay=00:00:01,
> xdelay=00:00:01, mailer=esmtp, pri=30797, relay=mailin1.somedomain.com.
> [207.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (PAA24830 Message accepted for
> delivery)
> Feb 15 15:55:26 www sendmail[4287]: g1FMtPH04287: from=httpd, size=794,
> class=0, nrcpts=1, msgid=<200202152255.g1FMtPH04287@xxxxxxxxxxxxxxxx>,
> relay=httpd@localhost
> Feb 15 15:55:26 www sendmail[4290]: g1FMtQ104290: from=httpd, size=796,
> class=0, nrcpts=1, msgid=<200202152255.g1FMtQ104290@xxxxxxxxxxxxxxxx>,
> relay=httpd@localhost
> Feb 15 15:55:26 www sendmail[4293]: g1FMtQ204293: from=httpd, size=794,
> class=0, nrcpts=1, msgid=<200202152255.g1FMtQ204293@xxxxxxxxxxxxxxxx>,
> relay=httpd@localhost
> Feb 15 15:55:26 www sendmail[4296]: g1FMtQM04296: from=httpd, size=798,
> class=0, nrcpts=1, msgid=<200202152255.g1FMtQM04296@xxxxxxxxxxxxxxxx>,
> relay=httpd@localhost
> Feb 15 15:55:26 www sendmail[4299]: g1FMtQC04299: from=httpd, size=794,
> class=0, nrcpts=1, msgid=<200202152255.g1FMtQC04299@xxxxxxxxxxxxxxxx>,
> relay=httpd@localhost
> Feb 15 15:55:26 www sendmail[4302]: g1FMtQN04302: from=httpd, size=796,
> class=0, nrcpts=1, msgid=<200202152255.g1FMtQN04302@xxxxxxxxxxxxxxxx>,
> relay=httpd@localhost
> Feb 15 15:55:26 www sendmail[4305]: g1FMtQN04305: from=httpd, size=794,
> class=0, nrcpts=1, msgid=<200202152255.g1FMtQN04305@xxxxxxxxxxxxxxxx>,
> relay=httpd@localhost
> Feb 15 15:55:26 www sendmail[4301]: g1FMtQC04299:
> to=someone@xxxxxxxxxxxxxx, ctladdr=httpd (15/11), delay=00:00:00,
> xdelay=00:00:00, mailer=esmtp, pri=30794, relay=mailin2.somedomain.com.
> [207.228.64.39], dsn=2.0.0, stat=Sent (PAA28014 Message accepted for
> delivery)
> Feb 15 15:55:26 www sendmail[4308]: g1FMtQF04308: from=httpd, size=793,
> class=0, nrcpts=1, msgid=<200202152255.g1FMtQF04308@xxxxxxxxxxxxxxxx>,
> relay=httpd@localhost
>
> <Log Snip End>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>