[Asterisk-Users] Re: asterisk@home scary log {Scanned}

Asterisk at Home asteriskathome at yahoo.com
Fri Feb 11 09:00:41 MST 2005


Asterisk at Home uses the CentOS default sendmail config
that does not forward mail.

--- David Shaw <asterisk at ke6upi.com> wrote:

> Cat your maillog. Grep out the msg ID.
> 
> cat /var/log/maillog | grep j1A1U7Q1010071
> 
> 
> j1A1U7Q1010071 is the paym3now at gmail.com
> 
> j1A1U7mf010088 is email from root to???
> 
> Have you checked root's email??
> 
> Your might want to edit 
> /etc/aliases and forward root: username at domain.com
> 
> Also check sendmail deamon ports.
> cat /etc/mail/sendmail.cf | grep DaemonPortOptions
> 
> This mains only 127.0.0.1 can relay.
> O DaemonPortOptions=Port=smtp,Addr=127.0.0.1,
> Name=MTA
> 
> Good luck, David
> 
> 
> 
> 
> On Thu, 2005-02-10 at 17:53 +0100, Bruno Hertz
> wrote:
> > On Thu, 2005-02-10 at 11:09 -0500, Jason Stewart
> wrote:
> > 
> > > There's a chance that you may have been hacked,
> but the logs you post
> > > look more like your mailserver is an open relay.
> > 
> > You sure? I run postfix myself and am not
> proficient in analyzing
> > sendmail logs, but looking at those lines
> > 
> > Feb  9 20:30:07 asterisk1 sendmail[10088]:
> j1A1U7mf010088:
> > from=<root at asterisk1.local>, size=329, class=0,
> nrcpts=1,
> >
> msgid=<200502100130.j1A1U7Q1010071 at asterisk1.local>,
> proto=ESMTP,
> > daemon=MTA, relay=asterisk1.local [127.0.0.1]
> > Feb  9 20:30:07 asterisk1 sendmail[10071]:
> j1A1U7Q1010071:
> > to=paym3now at gmail.com, ctladdr=root (0/0),
> delay=00:00:00,
> > xdelay=00:00:00, mailer=relay, pri=30049,
> relay=[127.0.0.1]
> > [127.0.0.1], dsn=2.0.0, stat=Sent (j1A1U7mf010088
> Message accepted for
> > delivery)
> > 
> > 
> > I find the relay (accepting host) is 127.0.0.1.
> So, even if ignoring
> > the envelope 'from', there seems to be no doubt
> which host this mail was
> > sent from.
> > 
> > Regards, Bruno.
> > 
> > 
> > 
> > _______________________________________________
> > Asterisk-Users mailing list
> > Asterisk-Users at lists.digium.com
> >
>
http://lists.digium.com/mailman/listinfo/asterisk-users
> > To UNSUBSCRIBE or update options visit:
> >   
>
http://lists.digium.com/mailman/listinfo/asterisk-users
> > 
> -- 
> David Shaw <asterisk at ke6upi.com>
> 
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
>
http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>   
>
http://lists.digium.com/mailman/listinfo/asterisk-users
> 



		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Helps protect you from nasty viruses. 
http://promotions.yahoo.com/new_mail



More information about the asterisk-users mailing list