Logs and how to read them
Peter Boy
pboy at barkhof.uni-bremen.de
Wed Apr 21 22:20:33 UTC 2004
Am Mi, den 21.04.2004 schrieb Mike Rambour um 23:14:
> I had already done the grep that was suggested, those 2 lines only show
> up once in the maillog (there are others that only show up once also) Does
> this mean that the relay was successful ? I sure hope not.
I'm not shure (because I made the switch from sendmail to postfix a long
time ago and may not remember the details correctly), but I don't think
it indicates a successful relay. You have to find to corresponding
entries, one for inbound, one outbound. Either it indicates an incoming
mail (but again, you should find a second entry how it has been
processed) or an outgoing from a local user (but again a second entry
...). Maybe, someone has compromised your machine or at least your
sendmail.
But, instead of trying to harden your sendmail you should spend the time
to switch to another MTA. I decided for postfix, but e.g. exim may be a
good choice, too (it has excellent documentation).
> One thing I did notice after reading this reply is yes, I can set up a
> external SMTP on a Windows machine and go through my firewall and connect
> to it, but the internal machines are all using my SMPT server, there are
> only 8 internal machines so it was easy to check. I dont think that is how
> the SPAM got out, I trust these users.
There are a lot newer viruses around which have their own SMTP
functionality! They don't use your email program's configuration or SMTP
function. They have their own and it is sufficient if the firewall lets
pass SMTP communication. You should immediately reconfigure the firewall
to block port 25.
if you have complains about a lot of spam, the window machines combined
with the open firewall port are the most likely source.
Peter
More information about the fedora-list
mailing list