[Asterisk-Users] Re: asterisk@home scary log {Scanned}
David Shaw
asterisk at ke6upi.com
Thu Feb 10 10:51:48 MST 2005
Cat your maillog. Grep out the msg ID.
cat /var/log/maillog | grep j1A1U7Q1010071
j1A1U7Q1010071 is the paym3now at gmail.com
j1A1U7mf010088 is email from root to???
Have you checked root's email??
Your might want to edit
/etc/aliases and forward root: username at domain.com
Also check sendmail deamon ports.
cat /etc/mail/sendmail.cf | grep DaemonPortOptions
This mains only 127.0.0.1 can relay.
O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA
Good luck, David
On Thu, 2005-02-10 at 17:53 +0100, Bruno Hertz wrote:
> On Thu, 2005-02-10 at 11:09 -0500, Jason Stewart wrote:
>
> > There's a chance that you may have been hacked, but the logs you post
> > look more like your mailserver is an open relay.
>
> You sure? I run postfix myself and am not proficient in analyzing
> sendmail logs, but looking at those lines
>
> Feb 9 20:30:07 asterisk1 sendmail[10088]: j1A1U7mf010088:
> from=<root at asterisk1.local>, size=329, class=0, nrcpts=1,
> msgid=<200502100130.j1A1U7Q1010071 at asterisk1.local>, proto=ESMTP,
> daemon=MTA, relay=asterisk1.local [127.0.0.1]
> Feb 9 20:30:07 asterisk1 sendmail[10071]: j1A1U7Q1010071:
> to=paym3now at gmail.com, ctladdr=root (0/0), delay=00:00:00,
> xdelay=00:00:00, mailer=relay, pri=30049, relay=[127.0.0.1]
> [127.0.0.1], dsn=2.0.0, stat=Sent (j1A1U7mf010088 Message accepted for
> delivery)
>
>
> I find the relay (accepting host) is 127.0.0.1. So, even if ignoring
> the envelope 'from', there seems to be no doubt which host this mail was
> sent from.
>
> Regards, Bruno.
>
>
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
--
David Shaw <asterisk at ke6upi.com>
More information about the asterisk-users
mailing list