---------- Forwarded message ---------- Date: Thu, 14 May 1998 22:39:55 -0700 (PDT) From: RedHat List <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: HELP! debugging/detecting SPAM Hi everyone, I'm helping setup sendmail for a friend and have stumbled onto something strange. I set up sendmail to prevent relay, and verified it doesnt accept relaying. However there are messages going out which are mysterious and I simply don't know how it's being done and from where. Look at the maillog: May 15 02:28:01 condor sendmail[15351]: CAA15351: <[EMAIL PROTECTED]>... User unknown May 15 02:28:02 condor sendmail[15351]: CAA15351: from=<>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=news.w-4.de [194.75.29.10] May 15 02:28:26 condor sendmail[15354]: CAA15354: <[EMAIL PROTECTED]>... User unknown May 15 02:28:27 condor sendmail[15355]: CAA15355: <[EMAIL PROTECTED]>... User unknown May 15 02:28:27 condor sendmail[15354]: CAA15354: from=<>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=news.w-4.de [194.75.29.10] May 15 02:28:28 condor sendmail[15355]: CAA15355: from=<>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=news.w-4.de [194.75.29.10] May 15 02:29:29 condor sendmail[15362]: CAA15362: <[EMAIL PROTECTED]>... User unknown May 15 02:29:30 condor sendmail[15362]: CAA15362: from=<>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=news.w-4.de [194.75.29.10] May 15 02:29:31 condor sendmail[15363]: CAA15363: <[EMAIL PROTECTED]>... User unknown May 15 02:29:32 condor sendmail[15363]: CAA15363: from=<>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=news.w-4.de [194.75.29.10] What's the meaning of the "from=<>", where is it going, and how is it being done? Here's the ps auwx: # ps auwx |grep sendmail root 13671 0.0 1.3 1316 828 ? S 02:15 0:00 sendmail: server waldo.ivcc.edu [192.217.40.9] cmd read root 15487 0.2 1.3 1316 828 ? S 02:55 0:00 sendmail: server saturno.spacenet.com.br [200.255.100.1] cmd read root 15494 1.0 1.3 1316 828 ? S 02:55 0:00 sendmail: server news.w-4.de [194.75.29.10] child wait root 15495 2.0 1.3 1316 828 ? S 02:55 0:00 sendmail: server news.w-4.de [194.75.29.10] child wait root 15496 0.0 1.3 1324 844 ? S 02:55 0:00 sendmail: server news.w-4.de [194.75.29.10] cmd read root 15497 0.0 1.3 1324 844 ? S 02:55 0:00 sendmail: server news.w-4.de [194.75.29.10] cmd read root 15499 0.0 0.5 968 340 p2 S 02:55 0:00 grep sendmail root 24981 0.2 1.1 1308 720 ? S 20:58 1:01 sendmail: accepting connections on port 25 and also pstree -lua # pstree -lua|grep sendmail | |-grep sendmail |-sendmail | |-sendmail | |-sendmail | |-sendmail | | `-sendmail | |-sendmail | |-sendmail | |-sendmail | |-sendmail | | `-sendmail | |-sendmail | `-sendmail | `-sendmail Why is it that there are nested sendmail processes?? thanks Ricardo -- PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES! http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
