OOT Sendmail: Suspicious emails in mqueue

nilesh vaghela nileshj.vaghela at gmail.com
Fri Sep 1 14:38:03 UTC 2006 

you can have some idea from /var/log/maillog, that from where all the mails
are comming.

Additionally you may check the headers.

Try to remove you server from local lan, remove the connection or desable
the local lan connection for the testing purpose that whether the mails are
from the local lan or from internet.

Then disable the internet for a while and connect only the local lan and see
what hpn.

May help you.

On 9/1/06, Oluwagbenga Shobowale <gshobowale at nextworksltd.com> wrote:
>
> I think you should remove the localhost relay lines....
> I don't use greetpause...hence I guess that is why you have
> localhost...however localhost.localdomain comes by default and should
> not be there..I think you should ask for support from the makers or you
> adjust the setting on greetpause till you can eliminate some of your
> issue..but you might also block legitimate users...
>
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Budi Febrianto
> Sent: Friday, September 01, 2006 9:41 AM
> To: General Red Hat Linux discussion list
> Subject: Re[2]: OOT Sendmail: Suspicious emails in mqueue
>
>
> Hello Oluwagbenga,
>
>
> Friday, September 1, 2006, 3:21:44 PM, you wrote:
>
> OS> If you see suspicious mails on your server and you are not sure
> OS> where they are coming from it. It might be your server is being used
>
> OS> for spamming. Hence your server might be allowing relaying...and
> OS> there is the possibility your server has been compromised... What is
>
> OS> the configuration of your /etc/mail/access file.. And other
> OS> information about sendmail... Best regards
>
> OS> Gbenga
>
> My access file
> # by default we allow relaying from localhost...
> localhost.localdomain           RELAY
> localhost                       RELAY
> 127.0.0.1                       RELAY
> 172.16.5.7                      RELAY
> 172.16.5.20                     RELAY
> 172.16.5.12                     RELAY
> 172.16.5.14                     RELAY
> 172.16.5.15                     RELAY
> #we enabled greetpause in sendmail.mc to prevent more spam
> #to disabled checking for internal mail put in the GreetPause entry
> GreetPause:localhost            0
> GreetPause:127.0.0.1            0
> GreetPause:172.16.5.7           0
> GreetPause:172.16.5.20          0
> GreetPause:l72.16.5.12          0
> GreetPause:172.16.5.14          0
> GreetPause:172.16.5.15          0
> #start of the list of rejected emails of mydomain.com
> ...
> #end of the list of rejected emails of mydomain.com
> mydomain.com                   RELAY
>
>
> all email to mydomain.com will be forwarded to our lotus domino server.
>
> --
> Best regards,
> Budi Febrianto mailto:bfebrian at gmx.net
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



-- 
Nilesh Vaghela
ElectroMech
Redhat Channel Partner and Training Partner
74, Nalanda Complex, Satellite Rd, Ahmedabad
25, The Emperor, Fatehgunj, Baroda.
www.electromech.info

More information about the redhat-list mailing list