From owner-freebsd-questions@FreeBSD.ORG Fri May 27 04:44:59 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2C8CE106564A for ; Fri, 27 May 2011 04:44:58 +0000 (UTC) (envelope-from jbiquez@intranet.com.mx) Received: from intranet.com.mx (intranet.com.mx [200.33.246.7]) by mx1.freebsd.org (Postfix) with ESMTP id C003C8FC12 for ; Fri, 27 May 2011 04:44:58 +0000 (UTC) Received: from PC2.intranet.com.mx (189.241.20.244) by intranet.com.mx with ESMTP (EIMS X 3.3.9) for ; Thu, 26 May 2011 23:46:10 -0500 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Thu, 26 May 2011 23:44:45 -0500 To: freebsd-questions@freebsd.org From: Jorge Biquez In-Reply-To: <4DDF282A.8030005@radel.com> References: <3389310281-258946398@intranet.com.mx> <4DDF2366.4010100@esiee.fr> <3389314668-258946399@intranet.com.mx> <4DDF282A.8030005@radel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Message-ID: <3389316370-258946403@intranet.com.mx> Subject: Re: Disable or limit email in root? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 May 2011 04:44:59 -0000 At 11:27 p.m. 26/05/2011, Jon Radel wrote: >On 5/27/11 12:16 AM, Jorge Biquez wrote: >> >>Hello. >> >>I am trying to find if sendmail was the problem or what... thing is not >>that root receive email but that root was used to send email to a list >>of address... > >And what does it say in the logs? We'll help you interpret them if >you wish, but right now I've heard nothing but speculation and I've >heard nothing to distinguish between: > >1) Somebody sent e-mail with root@.... as the return address, or > >2) Somebody generated e-mail with a process running as root, or > >3) both. > >Your sendmail log should tell you where sendmail thinks the e-mail >came from and where it thinks it sent it. > >Or you could start by telling us HOW you detected this problem. > >--Jon Radel >jon@radel.com Hello 1) Somebody sent e-mail with root@.... as the return address, or - They send it from the machine, a big queue has to be deleted before processing. >2) Somebody generated e-mail with a process running as root, or Yes, I guess that happened, the emailes where in the queue waiting to be sent... thing is the server has only 4 account for email users... all strong passwords.... using the last -10 command showed only the last 10 times I logged in. No new users were created apparently. I changed passwords and restricted that only my user can have ssh login and my user can the su to root. root can not login using ssh... I tested again at this moment.... Jorge Biquez