Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Security problem with sendmail?
- From: Laurie Brown <laurie@xxxxxxxxxxxx>
- Date: Mon, 26 Nov 2001 09:40:57 +0000
- Message-id: <3C020E29.3090200@xxxxxxxxxxxx>
Hi all,
The log-checking script on one of the machines I look after has picked this up [edited to avoid giving too much away]:
---- cut here ----
Nov 26 07:31:39 mymachine sendmail[16970]: HAA16970: from=<nobody@xxxxxxxxxxxxxx>, size=1860, class=0, pri=31860, nrcpts=1, msgid=<E168GFQ-0000vz-00@xxxxxxxxxxxxxx>, proto=ESMTP, relay=[66.78.13.34]
[where mymachine is the machine name]
Nov 26 07:31:39 mymachine sendmail[16971]: HAA16970: forward /dir/acct/.//.forward: Permission denied
[where /dir is a directory and /acct is an account]
Nov 26 07:31:39 mymachine sendmail[16971]: HAA16970: to=<info@xxxxxxxxxxx>, delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Sent
[where adomain is a domain on the machine]
---- cut here ----
The mail to info@xxxxxxxxxxx was some search engine spam. The /dir/acct directory is the home directory of a non-root account, set up that way (home=/dir/./acct) for chroot wuftpd. Should I be worried about this, and if so, what can I do about it?
I'm running SuSE 6.4 with sendmail-8.9.3-105 (AFAIK, the most recent SuSE rpm I can run without upgrading the machine).
Cheers, Laurie.
--
---------------------------------------------------------------------
Laurie Brown
laurie@xxxxxxxxxxxx
PGP key at http://pgpkeys.mit.edu:11371
---------------------------------------------------------------------
The log-checking script on one of the machines I look after has picked this up [edited to avoid giving too much away]:
---- cut here ----
Nov 26 07:31:39 mymachine sendmail[16970]: HAA16970: from=<nobody@xxxxxxxxxxxxxx>, size=1860, class=0, pri=31860, nrcpts=1, msgid=<E168GFQ-0000vz-00@xxxxxxxxxxxxxx>, proto=ESMTP, relay=[66.78.13.34]
[where mymachine is the machine name]
Nov 26 07:31:39 mymachine sendmail[16971]: HAA16970: forward /dir/acct/.//.forward: Permission denied
[where /dir is a directory and /acct is an account]
Nov 26 07:31:39 mymachine sendmail[16971]: HAA16970: to=<info@xxxxxxxxxxx>, delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Sent
[where adomain is a domain on the machine]
---- cut here ----
The mail to info@xxxxxxxxxxx was some search engine spam. The /dir/acct directory is the home directory of a non-root account, set up that way (home=/dir/./acct) for chroot wuftpd. Should I be worried about this, and if so, what can I do about it?
I'm running SuSE 6.4 with sendmail-8.9.3-105 (AFAIK, the most recent SuSE rpm I can run without upgrading the machine).
Cheers, Laurie.
--
---------------------------------------------------------------------
Laurie Brown
laurie@xxxxxxxxxxxx
PGP key at http://pgpkeys.mit.edu:11371
---------------------------------------------------------------------
| < Previous | Next > |