From owner-freebsd-questions@FreeBSD.ORG Tue Apr 14 05:28:52 2015 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F0CD9A31 for ; Tue, 14 Apr 2015 05:28:51 +0000 (UTC) Received: from mail-pa0-f47.google.com (mail-pa0-f47.google.com [209.85.220.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C597A316 for ; Tue, 14 Apr 2015 05:28:51 +0000 (UTC) Received: by pabsx10 with SMTP id sx10so126237190pab.3 for ; Mon, 13 Apr 2015 22:28:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=A7Km6FO4/0MyFsE+kCe1NJX58N0cTWGZrXmqmtYKn5k=; b=H1mE0nYJr3Ro2UBNDWB9RE3wQpjKCUUxVfkM3oLG7wnOqywPN/hwQkXiccKkGP/qtH FBybRhT3Qk6pCosMq1FD5XoffFslDlCs2LMnWmVyZWAgYT/PGPaodv6l/axZHeJTxV8r q7Z/POfzMvVSaamwvJEuJr/knAa6iD2xis1kCw+Du9HE5ESEb/53Lyxx1vk+iJAaPU8u tk6kKP+lD9yUwaEwWlO47cJJZRGde7xrSqV7p4ojwIuHynXeCULF4lFe6y3u+ynPzpJU XYKnUrPuFgG2LojwfJweCVQWWECSE51FMiFDUdojmIre2ZhLB0+TTKuM0FSXspGH5FNq gyvg== X-Gm-Message-State: ALoCoQmz1gOoAME5YGRJOmq+Ejb3jE+7wrA0zoEE/gG9WvpUOfuiAVMPxbK8pDkjuhxubsWbzLKl MIME-Version: 1.0 X-Received: by 10.70.129.202 with SMTP id ny10mr32718487pdb.107.1428989324880; Mon, 13 Apr 2015 22:28:44 -0700 (PDT) Received: by 10.66.121.234 with HTTP; Mon, 13 Apr 2015 22:28:44 -0700 (PDT) In-Reply-To: <20150414045323.GA12656@skytracker.ca> References: <20150414045323.GA12656@skytracker.ca> Date: Tue, 14 Apr 2015 01:28:44 -0400 Message-ID: Subject: Re: finding a spammer relaying through sendmail From: Alejandro Imass To: David Banning Cc: "questions@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Apr 2015 05:28:52 -0000 I had a similar problem and discovered it was an old version of OSCommerce. Maybe you have some similar application that is vulnerable to spam robot injection. In the OSC case aforementioned it somehow allowed to install spam robots through a weakness in the image upload code. On Tuesday, April 14, 2015, David Banning < david+dated+1429419205.67aac2@skytracker.ca> wrote: > I have around 40 email users on my system, and one seems have had their > login info stolen. Is there a way to determine which user is being given > authorization to relay through sendmail? I have increased sendmail logging > to 15 but the sender is flagged only as an email address, one unknwon to > me. > > Any pointers would be helpful. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org " >