From owner-freebsd-stable  Fri Sep 27 20:56:59 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1124437B401
	for <freebsd-stable@freebsd.org>; Fri, 27 Sep 2002 20:56:58 -0700 (PDT)
Received: from web21402.mail.yahoo.com (web21402.mail.yahoo.com [216.136.232.72])
	by mx1.FreeBSD.org (Postfix) with SMTP id BFC9D43E77
	for <freebsd-stable@freebsd.org>; Fri, 27 Sep 2002 20:56:57 -0700 (PDT)
	(envelope-from provencial1@yahoo.com)
Message-ID: <20020928035657.21042.qmail@web21402.mail.yahoo.com>
Received: from [64.123.92.189] by web21402.mail.yahoo.com via HTTP; Fri, 27 Sep 2002 20:56:57 PDT
Date: Fri, 27 Sep 2002 20:56:57 -0700 (PDT)
From: Heywood Jblome <provencial1@yahoo.com>
Subject: Possible trojan since upgrade
To: freebsd-stable@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Since I upgraded to a recent Stable CVSUP, I've seen
this kind of message about once a day in the
/var/log/maillog file.  I suspect a trojan as the
"root" user did not send email at this time, there is
no matching entry indicating that the mail was sent,
queued, or so forth.  The system seems to slow after
this entry shows in the logs.

Don't know for sure whether this came from a CVSUP or
somewhere else... there are only two users on the
system.

Can anyone point me where to look to eliminate
whatever is causing this email connection?

-----------------
from /var/log/maillog


assume host zzzzzz.com

-----------This is the entry in question--------
Sep 27 13:44:40 medusa sm-mta[1742]: g8RIiXgt001742:
from=<root@zzzzzz.com>, size=0, class=0, nrcpts=1,
proto=ESMTP, daemon=MTA, relay=[202.80.192.29]
-------------Next entry-------------
Sep 27 13:46:59 medusa sm-mta[1746]:
ruleset=check_relay, arg1=host101-38.pool21
758.interbusiness.it, arg2=217.58.38.101,
relay=host101-38.pool21758.interbusiness.it
[217.58.38.101], reject=550 5.7.1 Mail Rejected - see
http://relays.osirusoft.com


__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message