Logs and how to read them
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Wed Apr 21 22:06:32 UTC 2004
Am Mi, den 21.04.2004 schrieb Mike Rambour um 23:14:
> I had already done the grep that was suggested, those 2 lines only show
> up once in the maillog (there are others that only show up once also) Does
> this mean that the relay was successful ? I sure hope not. And yes the
> internal machines are mostly Windows and I did check for viruses and worms.
What tells you that these two independent maillog entries were relay
attempts? They are incomplete, at least incomplete pasted. If you want
to inverstigate you must search the maillog for the queue ID and not the
sendmail PID: so search for "MAA01067" and "MAA01214" and not
"sendmail[1067]" or "sendmail[1214]". But I am very doubtful that both
entries brings you closer to find out about the SPAM coming from your
mailhost.
As advised by Peter you better ask your ISP for details of the SPAM
report.
Are you running Apache on the mailserver too? If yes you might have a
misusable formmail on it through which foreign people can send SPAM.
> One thing I did notice after reading this reply is yes, I can set up a
> external SMTP on a Windows machine and go through my firewall and connect
> to it, but the internal machines are all using my SMPT server, there are
> only 8 internal machines so it was easy to check. I dont think that is how
> the SPAM got out, I trust these users. I will go browse the web some more
> on viruses and worms to make sure that my tools can catch them, i am using
> the latest anti-virus and adaware and stinger.
It does not matter how the internal machines are configured using your
own Sendmail as relay host. All modern worms are coming with their own
STMP engine, being absolutely independent from other MTAs.
> I will probably switch to Postfix several people have said it would
> easier also.
A myth.
> mike
Again, ask your ISP for details about the SPAM report. Check your
Sendmail setup (sendmail.mc and access) - if you like, then send your
setup files - and run agains open relay checkers like:
http://spamlinks.openrbl.org/tools-relay.htm
http://www.abuse.net/relay.html
http://www.ordb.org/submit/
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2179.nptl
Sirendipity 23:55:15 up 3 days, 6:41, load average: 0.26, 0.20, 0.16
[ Γνωθι σ'αυτον - gnothi seauton ]
my life is a planetarium - and you are the stars
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040422/b0d65ff5/attachment-0001.sig>
More information about the fedora-list
mailing list