[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] sendmail

Subject: RE: [cobalt-security] sendmail
From: "Andy Brown" <andy.brown@xxxxxxxxxxxxx>
Date: Thu, 29 Aug 2002 08:51:28 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

<snip>
> On a raq 3 when I type PS AUX at the command prompt I see all 
> kinds of 
> sendmail connections with
> 'user open'
> 
> EX:
> 
> sendmail: MAA24039 mailer3.ashly894.com.: user open
> sendmail: FAA12243 mx.eroticmailcenter.com.: user open
</snip>

These are connections to other servers either because your machine is sending to them, or your machine is receiving mail from them.

Check whats in the mail queue with the command:
mailq

And check for vulnerable formmail.cgi scripts, and also whether your machine is an open relay, as it could be your machine being used for mass mail-outs.

Regards,

Andy
andy@xxxxxxxxxx
http://www.raqpak.com/ <-- Raq/Qube unofficial PKGs and support advice

Prev by Date: [cobalt-security] Unwonted mail redirecting
Next by Date: [cobalt-security] Unwonted mail forwarding
Previous by thread: Re: [cobalt-security] Security Issues with Openwebmail
Next by thread: [cobalt-security] Unwonted mail forwarding

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index