From owner-freebsd-questions@FreeBSD.ORG Fri May 27 04:52:20 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 85D9B1065670 for ; Fri, 27 May 2011 04:52:20 +0000 (UTC) (envelope-from jbiquez@intranet.com.mx) Received: from intranet.com.mx (intranet.com.mx [200.33.246.7]) by mx1.freebsd.org (Postfix) with ESMTP id 34B2D8FC15 for ; Fri, 27 May 2011 04:52:20 +0000 (UTC) Received: from PC2.intranet.com.mx (189.241.20.244) by intranet.com.mx with ESMTP (EIMS X 3.3.9) for ; Thu, 26 May 2011 23:53:31 -0500 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Thu, 26 May 2011 23:52:05 -0500 To: freebsd-questions@freebsd.org From: Jorge Biquez Mime-Version: 1.0 Message-ID: <3389316812-258946404@intranet.com.mx> Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Disable or limit email in root? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 May 2011 04:52:20 -0000 At 11:25 p.m. 26/05/2011, you wrote: >On Fri, May 27, 2011 at 12:16 AM, Jorge Biquez > wrote: > > I am trying to find if sendmail was the problem or what... thing > is not that > > root receive email but that root was used to send email to a list of > > address... > >Was the root account on the box actually used, or did someone spoof >email coming from root on the box? Did you receive a spam report >about email coming from the IP address of the box? Do you have the >header of the email/s in question? Is sendmail running locally, or is >it running SMTP on an open port? Yes the user root was actually used. I noticed becasue since the machine is too small (an old pentium III) the mail queue grows too much and the service for nomal email was very slow. When I logged to the server the mail queue was big and all the emailes were sent by the root user. I have not received, yet, spam reports but I sure will do, I guess a least some thousand of emailes were sent. Sendmail is running on port 587 and 25 At the end a small part of the log (all the entries the same), when I logged in and disabled bind (I thought that could help to stop the emailes. I killed sendmail processes but the system was too slow and there were too many snedmail process running that it took a while to stop them all. ------------ May 26 18:22:42 krusty sendmail[36370]: p4P5EjU0070745: to=, delay=1+18:06:12, xdelay=00:00:00, mailer=esmtp, pri=1290845, relay=l.mx.mail.yahoo.com., dsn=4.0.0, stat=Deferred: Name server: l.mx.mail.yahoo.com.: host name lookup failure May 26 18:22:42 krusty sendmail[69923]: p4PK75tT069923: to=, delay=00:00:04, xdelay=00:00:00, mailer=esmtp, pri=32151, relay=l.mx.mail.yahoo.com., dsn=4.0.0, stat=Deferred: Name server: l.mx.mail.yahoo.com.: host name lookup failure May 26 18:22:43 krusty sendmail[58754]: p4P7Y2SC035537: to=, delay=1+15:18:04, xdelay=00:00:00, mailer=esmtp, pri=1380845, relay=mx.vmx.terra.com., dsn=4.0.0, stat=Deferred: Name server: mx.vmx.terra.com.: host name lookup failure May 26 18:22:43 krusty sendmail[67814]: p4P6wdj8025797: to=, delay=1+16:18:24, xdelay=00:00:00, mailer=esmtp, pri=1650845, relay=mx.terra.com.br., dsn=4.0.0, stat=Deferred: Name server: mx.terra.com.br.: host name lookup failure May 26 18:22:43 krusty sendmail[25300]: p4P7R0qe033668: to=, delay=1+15:19:29, xdelay=00:00:00, mailer=esmtp, pri=930845, relay=mx.vmx.terra.com., dsn=4.0.0, stat=Deferred: Name server: mx.vmx.terra.com.: host name lookup failure May 26 18:22:43 krusty sendmail[63747]: p4P9v9sg074187: to=, delay=1+13:13:37, xdelay=00:00:00, mailer=esmtp, pri=1560845, relay=h.mx.mail.yahoo.com., dsn=4.0.0, stat=Deferred: Name server: h.mx.mail.yahoo.com.: host name lookup failure May 26 18:22:43 krusty sendmail[17900]: p4P9MGns065419: to=, delay=1+13:57:01, xdelay=00:00:00, mailer=esmtp, pri=210846, relay=mx.vmx.terra.com., dsn=4.0.0, stat=Deferred: Name server: mx.vmx.terra.com.: host name lookup failure May 26 18:22:46 krusty sendmail[41317]: p4P8BXIs045878: to=, delay=1+14:38:56, xdelay=00:00:00, mailer=esmtp, pri=1470845, relay=b.mx.mail.yahoo.com., dsn=4.0.0, stat=Deferred: Name server: b.mx.mail.yahoo.com.: host name lookup failure May 26 18:22:47 krusty sendmail[4586]: p4P3wNVF036046: to=, delay=1+19:23:15, xdelay=00:00:00, mailer=esmtp, pri=570846, relay=e.mx.mail.yahoo.com., dsn=4.0.0, stat=Deferred: Name server: e.mx.mail.yahoo.com.: host name lookup failure May 26 18:22:47 krusty sendmail[87746]: p4P6vbd5025549: to=, delay=1+16:07:29, xdelay=00:00:00, mailer=esmtp, pri=390846, relay=j.mx.mail.yahoo.com., dsn=4.0.0, stat=Deferred: Name server: j.mx.mail.yahoo.com.: host name lookup failure May 26 18:22:47 krusty sendmail[41819]: p4P9YOFb068525: to=, delay=1+13:45:19, xdelay=00:00:00, mailer=esmtp, pri=1650845, relay=k.mx.mail.yahoo.com., dsn=4.0.0, stat=Deferred: Name server: k.mx.mail.yahoo.com.: host name lookup failure May 26 18:22:47 krusty sendmail[66017]: p4PJ75P2066017: to=, delay=00:00:05, xdelay=00:00:00, mailer=esmtp, pri=32151, ------------