[Asterisk-Users] Re: asterisk@home scary log
Jean-Louis curty
jlcurty at gmail.com
Thu Feb 10 09:13:22 MST 2005
hummm if that's the case I might not be the only one!
I only installed the asterisk at home iso (based on centos distro )and
did not change a little comma of the configuration of sendmail,
MTA is configured by default already by asterisk at home...
jl
On Thu, 10 Feb 2005 11:09:29 -0500, Jason Stewart <jstewart at rtl.org> wrote:
> On 10/02/05 15:10 +0100, Jean-Louis curty wrote:
> > so I stopped asterisk, type mail and got a strange mail saying that
> > user xxxx at yahoo.com could not be reached and body was like if it was
> > the result of commands ifconfig etc
> >
> > unfortunally I don't have the message anymore but I went to the log
> >
> > Feb 9 20:30:17 asterisk1 sendmail[10093]: j1A1U7mf010088:
> > to=<paym3now at gmail.com>, ctladdr=<root at asterisk1.local> (0/0),
> > delay=00:00:10, xdelay=00:00:10, mailer=esmtp, pri=30329,
> > relay=gsmtp171.google.com. [64.233.171.27], dsn=2.0.0, stat=Sent (OK
> > 1107998984)
> >
> >
> > the thing is i did not send any message to paym3now at gmail.com nor to
> > somebody at yahoo,
> >
> >
> > anybody got the same ? what can I do ??
>
> There's a chance that you may have been hacked, but the logs you post
> look more like your mailserver is an open relay. What OS/Distro are
> you using, what version, and do you have the latest patches applied?
> What services are you running?
>
> Look for strange entries with uid 0 in your passwd file. Also check
> for root kits with a rootkit checker (chkrootkit.org).
>
> If everything pans out security-wise then the only problem is that you
> MTA is configured to be an open relay. If that's the case, then you
> need to fix it right away before you get on umpteen million blackhole
> lists.
>
> Consult the docs and/or community for the MTA that you're using to fix
> that.
>
> Jason
>
More information about the asterisk-users
mailing list