Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 26 May 2011 23:44:45 -0500
From:      Jorge Biquez <jbiquez@intranet.com.mx>
To:        freebsd-questions@freebsd.org
Subject:   Re: Disable or limit email in root?
Message-ID:  <3389316370-258946403@intranet.com.mx>
In-Reply-To: <4DDF282A.8030005@radel.com>
References:  <3389310281-258946398@intranet.com.mx> <4DDF2366.4010100@esiee.fr> <3389314668-258946399@intranet.com.mx> <4DDF282A.8030005@radel.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
At 11:27 p.m. 26/05/2011, Jon Radel wrote:

>On 5/27/11 12:16 AM, Jorge Biquez wrote:
>>
>>Hello.
>>
>>I am trying to find if sendmail was the problem or what... thing is not
>>that root receive email but that root was used to send email to a list
>>of address...
>
>And what does it say in the logs?  We'll help you interpret them if 
>you wish, but right now I've heard nothing but speculation and I've 
>heard nothing to distinguish between:
>
>1)  Somebody sent e-mail with root@.... as the return address, or
>
>2)  Somebody generated e-mail with a process running as root, or
>
>3)  both.
>
>Your sendmail log should tell you where sendmail thinks the e-mail 
>came from and where it thinks it sent it.
>
>Or you could start by telling us HOW you detected this problem.
>
>--Jon Radel
>jon@radel.com

Hello

1)  Somebody sent e-mail with root@.... as the return address, or
     - They send it from the machine, a big queue has to be deleted 
before processing.

>2)  Somebody generated e-mail with a process running as root, or

   Yes, I guess that happened, the emailes where in the queue waiting 
to be sent... thing is the server has only 4 account for email 
users... all strong passwords.... using the last -10 command showed 
only the last 10 times I logged in. No new users were created apparently.

I changed passwords and restricted that only my user can have ssh 
login and my user can the su to root.
root can not login using ssh... I tested again at this moment....

Jorge Biquez

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3389316370-258946403>