sendmail hacked

redhat at r71.nl redhat at r71.nl
Mon May 25 09:47:37 UTC 2009


Hi, 

A few days ago my Fedora10 Linux server had a problem. CPU was 100% and I could not log in via SSH or on the console anymore to find the cause. Had to reboot. 

The server is used as a mail relay server. After the reboot it seemed that sendmail was not working correctly. It did not accept connections anymore on port 25. 

The i found that the sendmail.cf file had changed. It looks like that this file has been generated on the 23rd of may. And it was not me who generated it! 

It looks like this is a hack. Has anybody got an idea about how to confirm this? How did they do this? And about how to prevent this? 

Cheers, 
Roderick 



More information about the redhat-list mailing list