[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] SMTP problem / possible hack?

Subject: RE: [cobalt-users] SMTP problem / possible hack?
From: "Manny Tau" <mtau@xxxxxxx>
Date: Mon Dec 8 18:56:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

I can't speak about the Chkrootkit issues, but my 550's ISP implemented Port
25 filtering and didn't notify me. So after having this filter turned off on
the ISP's end, all worked well re: email relaying.

Manny

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Achieve IT
Sent: Monday, December 08, 2003 5:51 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] SMTP problem / possible hack?


Hello,
This morning I started to receive calls from clients, telling me that they
could not send email. On investigation I found out that users could not send
emails to anybody outside my Raq4 box, receiving a 'relaying denied error'.
I tested using Openwebmail, and this worked fine. I then rebooted the
server, and all seems O.K. for the moment.

However, a couple of other strange events have been happening recently.

(1) I am getting regular Chkrootkit warnings such as:
Checking `lkm'... You have     7 process hidden for readdir command
You have    10 process hidden for ps command
Warning: Possible LKM Trojan installed

This does not happen on every Chkrootkit check, which happens every 12 hrs.

(2) Also this morning I received this from the server

./md2.1ssl.gz: No such file or directory
./md4.1ssl.gz: No such file or directory
./md5.1ssl.gz: No such file or directory
./mdc2.1ssl.gz: No such file or directory
./ripemd160.1ssl.gz: No such file or directory
./sha.1ssl.gz: No such file or directory
./sha1.1ssl.gz: No such file or directory
./DES.7ssl.gz: No such file or directory
./Modes.7ssl.gz: No such file or directory
./of.7ssl.gz: No such file or directory

Perhaps I should mention that I installed the Spamassassin pkg from Nuonce
last week, and this seems to be working great. This is the only thing I have
changed, since these issues have started.....

Any ideas.......... have I been hacked???

_____________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

Follow-Ups:
- Re: [cobalt-users] SMTP problem / possible hack?
  - From: Franklin S. Werren

References:
- [cobalt-users] SMTP problem / possible hack?
  - From: Achieve IT

Prev by Date: [cobalt-users] Raq550: Check Root Kit results
Next by Date: Re: [cobalt-users] SMTP problem / possible hack?
Previous by thread: [cobalt-users] SMTP problem / possible hack?
Next by thread: Re: [cobalt-users] SMTP problem / possible hack?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index