Re: [suse-security] Problem with SPAM.

12 Sep 2002


      Seems like you have a vulnerable CGI-Script (FormMail ?) on your server (and
run apache daemons as user nobody) ?

Thomas
...
-----Ursprüngliche Nachricht-----
Von: Ruben Navarro Huedo [mailto:eb5esx@eb5esx.ampr.org]
Gesendet: Freitag, 13. September 2002 01:30
An: suse-security@suse.com
Betreff: [suse-security] Problem with SPAM.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Have a look at this:
Sep 12 23:02:58 linux sendmail[29953]: g8CN2vbM029953: 
from=nobody, size=829, 
class=0, nrcpts=1, 
msgid=<200209122302.g8CN2vbM029953@linux.ea5rke.ampr.org>, 
relay=nobody@localhost
Sep 12 23:02:58 linux sendmail[29954]: g8CN2wBF029954: 
from=, size=995, class=0, nrcpts=1, 
msgid=<200209122302.g8CN2vbM029953@linux.ea5rke.ampr.org>, 
proto=ESMTP, 
daemon=MTA, relay=IDENT:nobody@linux.ea5rke.ampr.org [127.0.0.1]
Sep 12 23:02:58 linux sendmail[29953]: g8CN2vbM029953: 
to=CHIPAELDEVERDAD@HOTMAIL.COM, ctladdr=nobody (99/99), 
delay=00:00:01, 
xdelay=00:00:00, mailer=relay, pri=30274, relay=localhost 
[127.0.0.1], 
dsn=2.0.0, stat=Sent (g8CN2wBF029954 Message accepted for delivery)
Sep 12 23:03:02 linux sendmail[29957]: g8CN2wBF029954: 
to=, 
ctladdr= 
(99/99), delay=00:00:04, xdelay=00:00:04, mailer=esmtp, pri=30440, 
relay=mx16.hotmail.com. [65.54.254.140], dsn=2.0.0, stat=Sent ( 
<200209122302.g8CN2vbM029953@linux.ea5rke.ampr.org> Queued 
mail for delivery)
We don't know how, but are doing SPAM with our server using 
nobody account .
we are using SASL + Sendmail 8.12.5
All is running 100% except that problem...
SASL autetification is running ok.
Nobody can do relay without autentification.
Please...could you help us?
A lot of thank's.
- -- 
You can find my public key here:  
http://pgp.rediris.es:11371/pks/lookup?op=get&search=0x03B7CCDF
Linux Registered User 68452 (Nov/97)
Ruben Navarro Huedo
http://www.palotes.com
eb5esx@eb5esx.ampr.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9gSOL0S5G8AO3zN8RAidvAJwPhF9IaCqgSoEudIXVw7MOw898CQCgrpwd
PpI4HIotVFjqOhT8FRzcIMY=
=TjgU
-----END PGP SIGNATURE-----
-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@suse.com
Security-related bug reports go to security@suse.de, not here

Thomas Lamy

tags

participants (1)