RE: SV: [cobalt-security] - too many sendmail processes

["njd 76" <njd76@xxxxxxxxxxx>]

Something is going on...The list goes on and on I would say there are about 
50 sendmail processes. Here is my setup

Maximum Message Size (MB) [5]
Smart Relay Host Name [BLANK]
Relay for the following Hosts/Domains [IPs,Domain names on BOX]
Host/Domain Aliases [all www.domain.com on BOX]
Reject the following Users/Hosts/Domains [Blank]
POP Before SMTP Relaying [ON]
Relay Window (minutes) [15]


When i run ps aux the processes with send mail all look like this.
root      3013  0.0  1.3  2896 1772 ?        S    10:22   0:00 sendmail: 
q2/f8SE

Anymore ideas...

Malcolm- You said I can look in the outgoing mail to see what it is, where 
is the directory?



> From: "Malcolm Wild" <cobaltsec@xxxxxxxxxxx>
> Reply-To: cobalt-security@xxxxxxxxxxxxxxx
> To: <cobalt-security@xxxxxxxxxxxxxxx>
> Subject: RE: SV: [cobalt-security] - too many sendmail processes
> Date: Tue, 25 Sep 2001 17:10:06 +0100
>
> type
> ps aux
> this will show what started the process e.g. script, program, etc
> it'll give you an indication of what is using sendmail
> I'd also suggest having a look in the outgoing mail to see what it contains
>
>
> if you don't like it kill it
> kill PID#
>
> that'll give you some pointers for more info on howtos just post back
>
> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of njd 76
> Sent: 25 September 2001 16:14
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: Re: SV: [cobalt-security] - too many sendmail processes
>
>
>
> I am fairly new to the security world but i installed chkrootkit on one of
> my cobalts and have found it to be a great way to keep on top of the log
> files. My problem however is after I installed it I noticed when I ran top
> the following was in the list: (not sure if chkrootkit has anything to do
> with this)
>
> 1911 root     0   0  1660 1660  1388 S       0  0.0  1.2   0:00 sendmail
> 1912 root     0   0  1768 1768  1336 S       0  0.0  1.3   0:00 sendmail
> 2000 root     0   0  1660 1660  1384 S       0  0.0  1.2   0:00 sendmail
> 2001 root     0   0  1820 1820  1344 S       0  0.0  1.4   0:00 sendmail
> 2108 root     0   0  1660 1660  1388 S       0  0.0  1.2   0:00 sendmail
> 2111 root     0   0  1768 1768  1336 S       0  0.0  1.3   0:00 sendmail
> 2174 root     0   0  1660 1660  1388 S       0  0.0  1.2   0:00 sendmail
> 2175 root     0   0  1776 1776  1340 S       0  0.0  1.3   0:00 sendmail
> 2224 root     0   0  1660 1660  1384 S       0  0.0  1.2   0:00 sendmail
> 2225 root     0   0  1820 1820  1344 S       0  0.0  1.4   0:00 sendmail
> 2246 root     0   0  1660 1660  1388 S       0  0.0  1.2   0:00 sendmail
> 2248 root     0   0  1776 1776  1340 S       0  0.0  1.3   0:00 sendmail
> etc....
>
> Any idea on what is causing this or what is going on? Is there a way to 
> kill
> these or is it ok to have them running? I have about 15 sites on this
> server.
>
> Hope you guys can help.
>
> Cheers,
> Nick Damoulakis
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp