[Asterisk-Users] Re: asterisk@home scary log
Bruno Hertz
brrhtz at yahoo.de
Thu Feb 10 09:53:02 MST 2005
On Thu, 2005-02-10 at 11:09 -0500, Jason Stewart wrote:
> There's a chance that you may have been hacked, but the logs you post
> look more like your mailserver is an open relay.
You sure? I run postfix myself and am not proficient in analyzing
sendmail logs, but looking at those lines
Feb 9 20:30:07 asterisk1 sendmail[10088]: j1A1U7mf010088:
from=<root at asterisk1.local>, size=329, class=0, nrcpts=1,
msgid=<200502100130.j1A1U7Q1010071 at asterisk1.local>, proto=ESMTP,
daemon=MTA, relay=asterisk1.local [127.0.0.1]
Feb 9 20:30:07 asterisk1 sendmail[10071]: j1A1U7Q1010071:
to=paym3now at gmail.com, ctladdr=root (0/0), delay=00:00:00,
xdelay=00:00:00, mailer=relay, pri=30049, relay=[127.0.0.1]
[127.0.0.1], dsn=2.0.0, stat=Sent (j1A1U7mf010088 Message accepted for
delivery)
I find the relay (accepting host) is 127.0.0.1. So, even if ignoring
the envelope 'from', there seems to be no doubt which host this mail was
sent from.
Regards, Bruno.
More information about the asterisk-users
mailing list