OOT Sendmail: Suspicious emails in mqueue

Oluwagbenga Shobowale gshobowale at nextworksltd.com
Fri Sep 1 08:21:44 UTC 2006 

If you see suspicious mails on your server and you are not sure where
they are coming from it. It might be your server is being used for
spamming. Hence your server might be allowing relaying...and there is
the possibility your server has been compromised...
What is the configuration of your /etc/mail/access file.. And other
information about sendmail...
Best regards

Gbenga

-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Budi Febrianto
Sent: Friday, September 01, 2006 3:27 AM
To: redhat-list at redhat.com
Subject: OOT Sendmail: Suspicious emails in mqueue


Hello redhat-list,
  This morning I saw many suspicious emails in one of my sendmail
  server.
  I'm not sure where these emails coming from, because it says from
  localhost.
  This is a virus?
  
  This is one of them.

  >>>>>
  V8
  T1157070533
  K1157076972
  N8
  P745773
  I3/3/729316
  MDeferred: Connection timed out with mx3.ntt.net.id.
  Frs
  $_localhost
  $r
  $slocalhost
  ${daemon_flags}
  ${if_addr}172.16.5.22
  SMAILER-DAEMON
  MDeferred: Connection timed out with mx3.ntt.net.id.
  rRFC822; abc at example.com
  RPF:<abc at example.com>
  H?P?Return-Path: <<81>g>
  H??Received: from localhost (localhost)
  by nospam.mydomain.com (8.13.1/8.13.1) id k810SfPX032754;
  Fri, 1 Sep 2006 07:28:53 +0700
  H??Date: Fri, 1 Sep 2006 07:28:53 +0700
  H??From: Mail Delivery Subsystem <MAILER-DAEMON>
  H??Full-Name: Mail Delivery Subsystem
  H??Message-Id: <200609010028.k810SfPX032754 at nospam.mydomain.com>
  H??To: <abc at example.com>
  H??MIME-Version: 1.0
  H??Content-Type: multipart/report; report-type=delivery-status;
  boundary="k810SfPX032754.1157070533/nospam.mydomain.com"
  H??Subject: Returned mail: see transcript for details
  H??Auto-Submitted: auto-generated (failure)
  H??X-mydomain-MailScanner-Information: Please contact the ISP for more
information
  H??X-mydomain-MailScanner: Found to be clean
  H??X-mydomain-MailScanner-SpamCheck: not spam (whitelisted),
  SpamAssassin (score=0.141, required 4, autolearn=disabled,
  BAYES_50 0.00, FROM_NO_LOWER 0.14, NO_RELAYS -0.00)
  H??X-mydomain-MailScanner-From: mailer-daemon

  >>>>>

-- 
Best regards,
 Budi Febrianto mailto:bfebrian at gmx.net


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list