[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] open relay appears closed on Qube3 but is still blocked by blacklists
- Subject: Re: [cobalt-users] open relay appears closed on Qube3 but is still blocked by blacklists
- From: "C Lathem" <clathem@xxxxxxxxxxxxx>
- Date: Tue Sep 24 07:47:13 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
----- Original Message -----
From: "A Larter" <>
To: <>
Sent: Tuesday, September 24, 2002 3:08 AM
Subject: RE: [cobalt-users] open relay appears closed on Qube3 but is still
blocked by blacklists
> Hi,
>
> > Port 3128 is squid, used for web caching. There is a known
> > exploit for
> > that version of squid. Turn off web caching and your problem
> > should go away.
>
> Thanks for the pointers. Squid is inactive now, but I'm still seeing
> sendmail connections in the ps list and netstat. eg:
>
> ps -ax
>
> 31967 ? S 0:00 sendmail: q1/g8N6ad003012 kito.icns.com.:
> user open
> 31968 ? S 0:00 sendmail: q2/g8M8scL26658 mail2.kali.com.cn.:
> user open
> 31970 ? S 0:00 sendmail: q4/g8LIUVL05555 www.renetcom.net.:
> user open
>
> netstat -a
>
> tcp 0 1 ckqube-eth1.client:4143 kito.icns.com:smtp
> SYN_SENT
> tcp 0 1 ckqube-eth1.client:4142 kito.icns.com:smtp
> SYN_SENT
>
> This is weird - I thought I'd deactivated sendmail according to the
> instructions in the archive, like I said, but I can't seem to kick these
> users off. When I kill the process, they just come right back again.
>
> Any ideas? I'd be really grateful. Thanks!
>
> ---
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
You may have a back door on the system. Better go over it carefully, or
best, rebuild it.
For the sendmail connections...
Try putting them in /etc/mail/access as "deny".