I've recently found maillog entries like the following on one of our SMTP
servers running sendmail-8.9.3. The messages look like standard garden
variety SPAM.
------------------------------
Dec 10 07:10:26 ns1 sendmail[21241]: HAA21234: forward /var/spool/mail/.forward.ns1:
Group writable directory
Dec 10 07:46:59 ns1 sendmail[22804]: HAA22799: forward /tmp/.forward.ns1: World
writable directory
------------------------------
The messages involved seem to be sent to some real users as well as "users"
like "adm", "mail", etc.
Is this some kind of attack or other skulduggery? There are no
".forward.ns1" files in /tmp or /var/spool/mail nor any other .forward
files on this mail server.
Can somebody give me a clue what's going on here? I understand the message
about .forward files in group/world writable directories, but what I DON'T
understand is why sendmail thinks there are .forward files. :-(
Please respond to "[EMAIL PROTECTED]" as well as to list or my normal
return address. I'm off from work for the rest of the year, using up
vacation days, and I don't have a good interface for reading mail directed
to me at work.
pete peterson
GenRad, Inc.
7 Technology Park Drive
Westford, MA 01886-0033
[EMAIL PROTECTED] or [EMAIL PROTECTED]
+1-978-589-7478 (GenRad); +1-978-256-5829 (Home: Chelmsford, MA)
+1-978-589-2088 (Closest FAX); +1-978-589-7007 (Main GenRad FAX)
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
