Date: Thu, 04 May 2000 23:30:12 -0400 From: Jim Durham <durham@w2xo.pgh.pa.us> To: freebsd-security@freebsd.org Subject: I got spammed from my localhost.. Message-ID: <39124044.EAB72303@w2xo.pgh.pa.us>
next in thread | raw e-mail | index | archive | help
I discovered when I went to read my e-mail this evening a bunch of mail from my Mailer-Daemon for non-existant addresses and such for mail that I did not send. I found that someone has been relaying through my sendmail all day long. He is appearing as "localhost" which is an allowable address to relay in my access database for sendmail. Anybody know any place to start looking for a trojan horse or something of that sort in my system? The security runs don't report any new setuid root files. The daily run output indicates that a system in korea was warned many times of insufficient disk space. I would assume my /var/spool/mqueue filled up and that system is the perpetrator? Any ideas appreciated... -- Jim Durham To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39124044.EAB72303>