Hi, I hate to follow up my own postings, but in this case I'd like to add this: I missed the wwwrun@localhost part, so ofc you seem to have a webserver running. formmail and friends seem to be indeed the first thing to check for. Regards, Erwin At 12:12 06.08.2002 +0200, Erwin Zierler wrote:
Hi,
this is not what Bob meant, check your cgi-bin directory and see if there is a formmail.pl or something similar.
Do you have a webserver running at all? If not then I guess you can forget the whole formmail issue.
Regards, Erwin
At 12:14 06.08.2002 +0200, rutger wrote:
hello, no we're using sendmail. rutger
---------- Von: "Bob Sprenger"
Datum: Tue, 6 Aug 2002 11:38:26 +0200 An: "rutger" Betreff: AW: [suse-security] sendmail spam Are you using formmail ?
That is was in our case.
Bob Sprenger.
-----Ursprüngliche Nachricht----- Von: rutger [mailto:rutger@screendesign-net.de] Gesendet: Dienstag, 6. August 2002 11:48 An: suse-security@suse.com Betreff: [suse-security] sendmail spam
hello list, someone is using our server to send spams.
the log:
Aug 5 18:33:33 tms sendmail[618]: g75GXVd00616: to=bennyb911@aol.com,bennybad@aol.com, ctladdr=wwwrun (30/65534), delay=00:00:02, xdelay=00:00:01, mailer=esmtp, pri=151214, relay=mailin-04.mx.aol.com. [64.12.137.152], dsn=2.0.0, stat=Sent (OK)
the received entry in the returned mail:
Received: (from wwwrun@localhost) by tms.screendesign-net.de (8.11.2/8.11.2/SuSE Linux 8.11.1-0.5) id g75EvBW32281;
any ideas what to do??
thanx, rutger
kontakt: | tel.: 06341/9821252 r.frechen | email: r.frechen@gmx.de multimediadesign & | programmierung | ·--/\--· alfred-nobel-platz 1 | / \ 76829 landau | \ / germany | ·--\/--· email: r.frechen@gmx.de ___________________________________________________________
"We go where WE want." bye bill
Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91