[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: SV: [cobalt-security] - too many sendmail processes
- Subject: RE: SV: [cobalt-security] - too many sendmail processes
- From: "malcolm wild" <cobaltsec@xxxxxxxxxxx>
- Date: Fri, 28 Sep 2001 18:16:37 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
to see the basic header details look in /var/log/maillog
If you want to see the full contents of any network traffic you can us
tcpdump
that writes ALL the tcp/ip traffic to a log file. Its worth reading up on
the functions of tcpdump before using it (obvious!)
but if you don't switch it off it make a very big log file!
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of njd 76
Sent: 28 September 2001 16:04
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: RE: SV: [cobalt-security] - too many sendmail processes
Something is going on...The list goes on and on I would say there are about
50 sendmail processes. Here is my setup
Maximum Message Size (MB) [5]
Smart Relay Host Name [BLANK]
Relay for the following Hosts/Domains [IPs,Domain names on BOX]
Host/Domain Aliases [all www.domain.com on BOX]
Reject the following Users/Hosts/Domains [Blank]
POP Before SMTP Relaying [ON]
Relay Window (minutes) [15]
When i run ps aux the processes with send mail all look like this.
root 3013 0.0 1.3 2896 1772 ? S 10:22 0:00 sendmail:
q2/f8SE
Anymore ideas...
Malcolm- You said I can look in the outgoing mail to see what it is, where
is the directory?
>From: "Malcolm Wild" <cobaltsec@xxxxxxxxxxx>
>Reply-To: cobalt-security@xxxxxxxxxxxxxxx
>To: <cobalt-security@xxxxxxxxxxxxxxx>
>Subject: RE: SV: [cobalt-security] - too many sendmail processes
>Date: Tue, 25 Sep 2001 17:10:06 +0100
>
>type
>ps aux
>this will show what started the process e.g. script, program, etc
>it'll give you an indication of what is using sendmail
>I'd also suggest having a look in the outgoing mail to see what it contains
>
>
>if you don't like it kill it
>kill PID#
>
>that'll give you some pointers for more info on howtos just post back
>
>-----Original Message-----
>From: cobalt-security-admin@xxxxxxxxxxxxxxx
>[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of njd 76
>Sent: 25 September 2001 16:14
>To: cobalt-security@xxxxxxxxxxxxxxx
>Subject: Re: SV: [cobalt-security] - too many sendmail processes
>
>
>
>I am fairly new to the security world but i installed chkrootkit on one of
>my cobalts and have found it to be a great way to keep on top of the log
>files. My problem however is after I installed it I noticed when I ran top
>the following was in the list: (not sure if chkrootkit has anything to do
>with this)
>
>1911 root 0 0 1660 1660 1388 S 0 0.0 1.2 0:00 sendmail
>1912 root 0 0 1768 1768 1336 S 0 0.0 1.3 0:00 sendmail
>2000 root 0 0 1660 1660 1384 S 0 0.0 1.2 0:00 sendmail
>2001 root 0 0 1820 1820 1344 S 0 0.0 1.4 0:00 sendmail
>2108 root 0 0 1660 1660 1388 S 0 0.0 1.2 0:00 sendmail
>2111 root 0 0 1768 1768 1336 S 0 0.0 1.3 0:00 sendmail
>2174 root 0 0 1660 1660 1388 S 0 0.0 1.2 0:00 sendmail
>2175 root 0 0 1776 1776 1340 S 0 0.0 1.3 0:00 sendmail
>2224 root 0 0 1660 1660 1384 S 0 0.0 1.2 0:00 sendmail
>2225 root 0 0 1820 1820 1344 S 0 0.0 1.4 0:00 sendmail
>2246 root 0 0 1660 1660 1388 S 0 0.0 1.2 0:00 sendmail
>2248 root 0 0 1776 1776 1340 S 0 0.0 1.3 0:00 sendmail
>etc....
>
>Any idea on what is causing this or what is going on? Is there a way to
>kill
>these or is it ok to have them running? I have about 15 sites on this
>server.
>
>Hope you guys can help.
>
>Cheers,
>Nick Damoulakis
>
>
>_______________________________________________
>cobalt-security mailing list
>cobalt-security@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>
>_________________________________________________________________
>Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>_______________________________________________
>cobalt-security mailing list
>cobalt-security@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>
>_______________________________________________
>cobalt-security mailing list
>cobalt-security@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-security
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security