Date: Fri, 22 Feb 2002 15:39:40 -0500 From: "Brent" <brentb@loa.com> To: "Remington L." <madriax@garlic.com>, <freebsd-questions@FreeBSD.org> Subject: Re: Very unusual behavior Message-ID: <019c01c1bbe1$0d614a00$37b4a8c0@pretorian> References: <000a01c1bbde$e2b74540$82038bd8@admin>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0199_01C1BBB7.24715160 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable means someone tried useing your sendmail to "relay" thru this is used = alot by spammers...sendmail has bigtime exploits in the way of "open = relays" esspcially in older versions. try postfix brent ----- Original Message -----=20 From: Remington L.=20 To: freebsd-questions@FreeBSD.org=20 Sent: Friday, February 22, 2002 3:24 PM Subject: Very unusual behavior Last night I did a fresh install of FBSD 4.4. I got on the net and = began CVSuping 4.5. during this I noticed an unusual sendmail = error(thingy): Feb 22 01:55:22 sendmail[948]: g1M9tMj00948: = from=3D<smtp2001soho@yahoo.com>,=20 size=3D0, class=3D0, nrcpts=3D0, proto=3DSMTP, daemon=3DMTA, = relay=3D[217.226.84.195] Feb 22 12:14:40 sendmail[159]: starting daemon (8.11.6): = SMTP+queueing@00:30:00 =20 Why the hell does this mean? Why did it do this? And how do I fix it? ------=_NextPart_000_0199_01C1BBB7.24715160 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML xmlns=3D"http://www.w3.org/TR/REC-html40" xmlns:o =3D=20 "urn:schemas-microsoft-com:office:office" xmlns:w =3D=20 "urn:schemas-microsoft-com:office:word" xmlns:st1 =3D=20 "urn:schemas-microsoft-com:office:smarttags"><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3DWord.Document name=3DProgId> <META content=3D"MSHTML 5.50.4807.2300" name=3DGENERATOR> <META content=3D"Microsoft Word 10" name=3DOriginator><LINK=20 href=3D"cid:filelist.xml@01C1BB9B.D0C08F10" = rel=3DFile-List><o:SmartTagType=20 name=3D"time"=20 namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTagT= ype><!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:DoNotRelyOnCSS/> </o:OfficeDocumentSettings> </xml><![endif]--><!--[if gte mso 9]><xml> <w:WordDocument> <w:SpellingState>Clean</w:SpellingState> <w:GrammarState>Clean</w:GrammarState> <w:DocumentKind>DocumentEmail</w:DocumentKind> <w:EnvelopeVis/> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> </w:Compatibility> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if !mso]> <STYLE>st1\:* { BEHAVIOR: url(#default#ieooui) } </STYLE> <![endif]--> <STYLE> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} span.EmailStyle17 {mso-style-type:personal-compose; mso-style-noshow:yes; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Arial; mso-ascii-font-family:Arial; mso-hansi-font-family:Arial; mso-bidi-font-family:Arial; color:windowtext;} span.SpellE {mso-style-name:""; mso-spl-e:yes;} span.GramE {mso-style-name:""; mso-gram-e:yes;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </STYLE> <!--[if gte mso 10]> <style> /* Style Definitions */=20 table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman";} </style> <![endif]--></HEAD> <BODY lang=3DEN-US style=3D"tab-interval: .5in" vLink=3Dpurple = link=3Dblue=20 bgColor=3D#ffffff> <DIV> <DIV><FONT face=3DArial size=3D2>means someone tried useing your = sendmail to "relay"=20 thru this is used alot by spammers...sendmail has bigtime exploits in = the way of=20 "open relays"</FONT></DIV> <DIV><FONT face=3DArial size=3D2>esspcially in older = versions.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>try postfix</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>brent</FONT></DIV></DIV> <BLOCKQUOTE dir=3Dltr=20 style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; = BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"> <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV> <DIV=20 style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: = black"><B>From:</B>=20 <A title=3Dmadriax@garlic.com = href=3D"mailto:madriax@garlic.com">Remington L.</A>=20 </DIV> <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A=20 title=3Dfreebsd-questions@FreeBSD.org=20 = href=3D"mailto:freebsd-questions@FreeBSD.org">freebsd-questions@FreeBSD.o= rg</A>=20 </DIV> <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Friday, February 22, 2002 = 3:24=20 PM</DIV> <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> Very unusual = behavior</DIV> <DIV><BR></DIV> <DIV class=3DSection1> <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Last night I did a fresh = install=20 of FBSD 4.4. I got on the net and began <SPAN = class=3DSpellE>CVSuping</SPAN>=20 4.5. <SPAN class=3DGramE>during</SPAN> this I noticed an unusual <SPAN = class=3DSpellE>sendmail</SPAN> = error(thingy):<o:p></o:p></SPAN></FONT></P> <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Feb 22 = </SPAN></FONT><st1:time=20 Minute=3D"55" Hour=3D"13"><SPAN class=3DGramE><FONT face=3DArial = size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">01:55:22</SPAN></FONT></SPAN></st1:time><SPAN=20 class=3DGramE><FONT face=3DArial size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"><SPAN=20 style=3D"mso-spacerun: yes"> </SPAN><SPAN=20 class=3DSpellE>sendmail</SPAN></SPAN></FONT></SPAN><FONT face=3DArial = size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">[948]: g1M9tMj00948: = from=3D<<A=20 href=3D"mailto:smtp2001soho@yahoo.com">smtp2001soho@yahoo.com</A>>, = <o:p></o:p></SPAN></FONT></P> <P class=3DMsoNormal><SPAN class=3DGramE><FONT face=3DArial = size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">size=3D</SPAN></FONT></SPAN><FONT=20 face=3DArial size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">0,=20 class=3D0, <SPAN class=3DSpellE>nrcpts</SPAN>=3D0, proto=3DSMTP, = daemon=3DMTA,=20 relay=3D[217.226.84.195]<o:p></o:p></SPAN></FONT></P> <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Feb 22 = </SPAN></FONT><st1:time=20 Minute=3D"14" Hour=3D"12"><SPAN class=3DGramE><FONT face=3DArial = size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">12:14:40</SPAN></FONT></SPAN></st1:time><SPAN=20 class=3DGramE><FONT face=3DArial size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"><SPAN=20 style=3D"mso-spacerun: yes"> </SPAN><SPAN=20 class=3DSpellE>sendmail</SPAN></SPAN></FONT></SPAN><FONT face=3DArial = size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">[159]: starting daemon = (8.11.6):=20 SMTP+queueing@00:30:00<o:p></o:p></SPAN></FONT></P> <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial"><o:p> </o:p></SPAN></FONT></P> <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Why the hell does this = mean? Why=20 did it do this? And how do I fix=20 it?<o:p></o:p></SPAN></FONT></P></DIV></BLOCKQUOTE></BODY></HTML> ------=_NextPart_000_0199_01C1BBB7.24715160-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?019c01c1bbe1$0d614a00$37b4a8c0>