[TriLUG] system inexcplicity sending spam
Matt Pusateri
mpusateri at wickedtrails.com
Sun Dec 2 14:30:32 EST 2007
Blackburn, Marvin wrote:
> We have a server that does not allow incoming smtp traffic into it from the
> outside. We have a sendmail running on a RHEL 3 update 7 with the latest
> sendmail available through redhat.
> In addition, sendmail is configured only to accept email from the local
> host: 127.0.0.1. Late friday, the system started sending spam via sendmail.
> The only connections from outside that are allowed are through http and
> https (ports 80 and 443). We cannot determine what is generating the email.
> We can see it being sent, but cant determine the process thats responsiblle.
>
> Any help would be appreciated in finding what might be causing it. This
> server is a webserver.
>
>
>
> _____________________________________
> "He's no failure. He's not dead yet."
> William Lloyd George
>
Sounds like someone is using your web server to send the spam. Do you
have any web apps running on your webserver that send an email? If so
they might be using that script to inject their own messages into your
sendmail? Is your webserver setup to send it's email via sendmail ?
Are there any bad permissions on your web server?
Matt P.
More information about the TriLUG
mailing list