[Asterisk-Users] Re: asterisk@home scary log

Julio Arruda jarruda-asterisk at jarruda.com
Thu Feb 10 09:36:36 MST 2005


One good step is to 'test' your public IPs against any mistake/hole like 
this.
I've used http://www.ordb.org in the past for this purpose, others for 
sure are available.
I would assume is a valuable feedback to provide to the folks from 
asterisk at home, to have a more "conservative" configuration in their 
default install.

Jean-Louis curty wrote:
> hummm if that's the case I might not be the only one!
> 
> I only installed the asterisk at home iso (based on centos distro )and
> did not change a little comma of the configuration of sendmail,
> MTA is configured by default already by asterisk at home...
 >
> On Thu, 10 Feb 2005 11:09:29 -0500, Jason Stewart <jstewart at rtl.org> wrote:
> 
>>On 10/02/05 15:10 +0100, Jean-Louis curty wrote:
>>
>>>so I stopped asterisk, type mail and got a strange mail saying that
>>>user xxxx at yahoo.com could not be reached and body was like if it was
>>>the result of commands ifconfig etc
>>>
>>>unfortunally I don't have the message anymore but I went to the log
>>>
>>>Feb  9 20:30:17 asterisk1 sendmail[10093]: j1A1U7mf010088:
>>>to=<paym3now at gmail.com>, ctladdr=<root at asterisk1.local> (0/0),
>>>delay=00:00:10, xdelay=00:00:10, mailer=esmtp, pri=30329,
>>>relay=gsmtp171.google.com. [64.233.171.27], dsn=2.0.0, stat=Sent (OK
>>>1107998984)
>>>
>>>
>>>the thing is i did not send any message to paym3now at gmail.com nor to
>>>somebody at yahoo,
>>>
>>>
>>>anybody got the same ? what can I do ??
>>
>>There's a chance that you may have been hacked, but the logs you post
>>look more like your mailserver is an open relay. What OS/Distro are
>>you using, what version, and do you have the latest patches applied?
>>What services are you running?
>>
>>Look for strange entries with uid 0 in your passwd file. Also check
>>for root kits with a rootkit checker (chkrootkit.org).
>>
>>If everything pans out security-wise then the only problem is that you
>>MTA is configured to be an open relay. If that's the case, then you
>>need to fix it right away before you get on umpteen million blackhole
>>lists.
>>
>>Consult the docs and/or community for the MTA that you're using to fix
>>that.
>>



More information about the asterisk-users mailing list