[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] SMTP problem / possible hack?

Subject: Re: [cobalt-users] SMTP problem / possible hack?
From: "Franklin S. Werren" <fswerren@xxxxxxxxxxxx>
Date: Mon Dec 8 19:41:02 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

As a note Port 25 filtering just means you have to
relay through his mail server...
It is called Smart Relay on a Cobalt
It should not be a problem with a 550
If all ISP's did port 25 filtering It would reduce the
amount of spam coming from infected computers....

Franklin S. Werren  www.bagpipes.net   www.chautauqualake.net
www.franksradio.net http://stvef.chautauqualake.net
http://rtcw.chautauqualake.net




----- Original Message ----- 
From: "Manny Tau" <mtau@xxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Monday, December 08, 2003 9:54 PM
Subject: RE: [cobalt-users] SMTP problem / possible hack?


> I can't speak about the Chkrootkit issues, but my 550's ISP implemented
Port
> 25 filtering and didn't notify me. So after having this filter turned off
on
> the ISP's end, all worked well re: email relaying.
>
> Manny
>
> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Achieve IT
> Sent: Monday, December 08, 2003 5:51 AM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: [cobalt-users] SMTP problem / possible hack?
>
>
> Hello,
> This morning I started to receive calls from clients, telling me that they
> could not send email. On investigation I found out that users could not
send
> emails to anybody outside my Raq4 box, receiving a 'relaying denied
error'.
> I tested using Openwebmail, and this worked fine. I then rebooted the
> server, and all seems O.K. for the moment.
>
> However, a couple of other strange events have been happening recently.
>
> (1) I am getting regular Chkrootkit warnings such as:
> Checking `lkm'... You have     7 process hidden for readdir command
> You have    10 process hidden for ps command
> Warning: Possible LKM Trojan installed
>
> This does not happen on every Chkrootkit check, which happens every 12
hrs.
>
> (2) Also this morning I received this from the server
>
> ./md2.1ssl.gz: No such file or directory
> ./md4.1ssl.gz: No such file or directory
> ./md5.1ssl.gz: No such file or directory
> ./mdc2.1ssl.gz: No such file or directory
> ./ripemd160.1ssl.gz: No such file or directory
> ./sha.1ssl.gz: No such file or directory
> ./sha1.1ssl.gz: No such file or directory
> ./DES.7ssl.gz: No such file or directory
> ./Modes.7ssl.gz: No such file or directory
> ./of.7ssl.gz: No such file or directory
>
> Perhaps I should mention that I installed the Spamassassin pkg from Nuonce
> last week, and this seems to be working great. This is the only thing I
have
> changed, since these issues have started.....
>
> Any ideas.......... have I been hacked???
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>

Follow-Ups:
- [cobalt-users] port 25 & smart relay on 550
  - From: Manny Tau

References:
- RE: [cobalt-users] SMTP problem / possible hack?
  - From: Manny Tau

Prev by Date: RE: [cobalt-users] SMTP problem / possible hack?
Next by Date: [cobalt-users] port 25 & smart relay on 550
Previous by thread: RE: [cobalt-users] SMTP problem / possible hack?
Next by thread: [cobalt-users] port 25 & smart relay on 550

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index