Re: [cobalt-security] sendmail questions...?

[Theodore Jones <theoj@xxxxxxxxxxxxx>]

Michael,

Yes, but recently we did have our ISP fix something via the serial port.. so
it looks like they just havn't disconnected it yet.  No need to worry on that
front then...

I guess I'm paranoid about mail right now because I have a
"swatch_service_body_defcon_2" message in my email status indicator (via the
GUI), and perodic messages from Active Monitor to the effect that :

>>>>>>>
The SMTP (mail) server appears to be down.  The mail server may shut itself
down temporarily under extreme load, so you should also check the CPU load
on the server.  If the load does not appear to be the problem, try turning
mail service off and then on within the Cobalt server Control Panel to see if

this corrects the problem.  If not, try rebooting the server itself.  If this

still does not correct the problem, contact Cobalt Technical Support.
>>>>>>>


Email seems to be working fine however, so I suspect malicious activities....
through sendmail..?  Anybody have a clue?

~ Theo



Michael Zimmermann wrote:

> From: WebFusion System Administrator <graeme.f@xxxxxxxxxxxxxxx>
>
> Thanks Graeme for the clarifications.
>
> About the ttyS0 connection, which shows as
>
> > > > 641 ttyS0    S      0:00 /sbin/mgetty -s 115200 -r -b ttyS0
>
> you wrote:
>
> > Not UUCP - it's the default serial console login setup, listening for
> > people attaching a console or console emulator to the serial port -
> > ttyS0. It's a very useful way to debug and repair broken RAQs when you
> > can't get into them - like if they've been trashed by a cracker, or not
> > patched to fix the 'Large groups -> FTP slowdown' bug.
>
> But the question remains, who is using this port, am I right?
>
> Michael
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security