From owner-freebsd-stable Fri Sep 27 20:56:59 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1124437B401 for ; Fri, 27 Sep 2002 20:56:58 -0700 (PDT) Received: from web21402.mail.yahoo.com (web21402.mail.yahoo.com [216.136.232.72]) by mx1.FreeBSD.org (Postfix) with SMTP id BFC9D43E77 for ; Fri, 27 Sep 2002 20:56:57 -0700 (PDT) (envelope-from provencial1@yahoo.com) Message-ID: <20020928035657.21042.qmail@web21402.mail.yahoo.com> Received: from [64.123.92.189] by web21402.mail.yahoo.com via HTTP; Fri, 27 Sep 2002 20:56:57 PDT Date: Fri, 27 Sep 2002 20:56:57 -0700 (PDT) From: Heywood Jblome Subject: Possible trojan since upgrade To: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Since I upgraded to a recent Stable CVSUP, I've seen this kind of message about once a day in the /var/log/maillog file. I suspect a trojan as the "root" user did not send email at this time, there is no matching entry indicating that the mail was sent, queued, or so forth. The system seems to slow after this entry shows in the logs. Don't know for sure whether this came from a CVSUP or somewhere else... there are only two users on the system. Can anyone point me where to look to eliminate whatever is causing this email connection? ----------------- from /var/log/maillog assume host zzzzzz.com -----------This is the entry in question-------- Sep 27 13:44:40 medusa sm-mta[1742]: g8RIiXgt001742: from=, size=0, class=0, nrcpts=1, proto=ESMTP, daemon=MTA, relay=[202.80.192.29] -------------Next entry------------- Sep 27 13:46:59 medusa sm-mta[1746]: ruleset=check_relay, arg1=host101-38.pool21 758.interbusiness.it, arg2=217.58.38.101, relay=host101-38.pool21758.interbusiness.it [217.58.38.101], reject=550 5.7.1 Mail Rejected - see http://relays.osirusoft.com __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message