Seems like you have a vulnerable CGI-Script (FormMail ?) on your server (and run apache daemons as user nobody) ? Thomas
-----Ursprüngliche Nachricht----- Von: Ruben Navarro Huedo [mailto:eb5esx@eb5esx.ampr.org] Gesendet: Freitag, 13. September 2002 01:30 An: suse-security@suse.com Betreff: [suse-security] Problem with SPAM.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Have a look at this:
Sep 12 23:02:58 linux sendmail[29953]: g8CN2vbM029953: from=nobody, size=829, class=0, nrcpts=1, msgid=<200209122302.g8CN2vbM029953@linux.ea5rke.ampr.org>, relay=nobody@localhost Sep 12 23:02:58 linux sendmail[29954]: g8CN2wBF029954: from=
, size=995, class=0, nrcpts=1, msgid=<200209122302.g8CN2vbM029953@linux.ea5rke.ampr.org>, proto=ESMTP, daemon=MTA, relay=IDENT:nobody@linux.ea5rke.ampr.org [127.0.0.1] Sep 12 23:02:58 linux sendmail[29953]: g8CN2vbM029953: to=CHIPAELDEVERDAD@HOTMAIL.COM, ctladdr=nobody (99/99), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30274, relay=localhost [127.0.0.1], dsn=2.0.0, stat=Sent (g8CN2wBF029954 Message accepted for delivery) Sep 12 23:03:02 linux sendmail[29957]: g8CN2wBF029954: to= , ctladdr= (99/99), delay=00:00:04, xdelay=00:00:04, mailer=esmtp, pri=30440, relay=mx16.hotmail.com. [65.54.254.140], dsn=2.0.0, stat=Sent ( <200209122302.g8CN2vbM029953@linux.ea5rke.ampr.org> Queued mail for delivery) We don't know how, but are doing SPAM with our server using nobody account . we are using SASL + Sendmail 8.12.5 All is running 100% except that problem... SASL autetification is running ok. Nobody can do relay without autentification.
Please...could you help us?
A lot of thank's.
- -- You can find my public key here: http://pgp.rediris.es:11371/pks/lookup?op=get&search=0x03B7CCDF Linux Registered User 68452 (Nov/97) Ruben Navarro Huedo http://www.palotes.com eb5esx@eb5esx.ampr.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org
iD8DBQE9gSOL0S5G8AO3zN8RAidvAJwPhF9IaCqgSoEudIXVw7MOw898CQCgrpwd PpI4HIotVFjqOhT8FRzcIMY= =TjgU -----END PGP SIGNATURE-----
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (1)
-
Thomas Lamy