Am Do, den 22.04.2004 schrieb Mike Rambour um 00:32: > I am not sure there were relay attempts, they were not incompletely > pasted they were complete and there are NO other lines in /var/log/maillog > to correspond to them. Most items in maillog have 2 lines for each PID, > but I have maybe a dozen that only have one line, I posted only 2 examples > of those. It is because those are different that I am concerned they are > relayed, they may not be. As I mentioned, I am a newbie thrown into this Ok, I did not mean that you did past incomplete but that the pasted lines where no complete mail processing maillog entries. And as said before, you better scan for the messag queue ID and not a sendmail PID. If you like you could send me by private mail a bigger part of maillog - let's say from over 1 or 2 hours, dependent on how much mail is transfered in that period - and i'll investigate suspicious entries. > > by my boss due to a departing system manager. When I picked this > responsibility up (with protest), I found that we were running a un-updated > Fedora, it took 2 days to get updated. I am now enjoying this process of > searching and looking for answers. This is FUN a lot more than what I was > doing for this company. 2 days for updating? Then you certainly did not setup mirror usage :( > >As advised by Peter you better ask your ISP for details of the SPAM > >report. > > I have asked but not received these yet. Ok, insist on a data based report. > >Are you running Apache on the mailserver too? If yes you might have a > >misusable formmail on it through which foreign people can send SPAM. > > There is Apache running but no formail or like that, only one form sends > mail through a PERL program and its sends mail to me only and writes a log > file. Sounds safe. I did say it only because formmails are a very common way foreign mail and web server are misused for SPAMing. Be also sure the Apache is not misconfigured as an open proxy for outside connects. Saying that, you should see that in maillog. If the maillog entries you initially pasted were really just single line entries then there must have been timeouts when the sending MTA connected, at least the first one. The second maillog entry even tells about a mail size of 0 bytes. So there was not any DATA transfered. You can forget such entries. That are harmless connects, sending no data. > >http://spamlinks.openrbl.org/tools-relay.htm > > didnt know about the spamlinks one, ran the other 2 > > Thanks for the help > mike Alexander -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2179.nptl Sirendipity 00:37:30 up 3 days, 7:23, load average: 0.30, 0.23, 0.21 [ ÎÎÏÎÎ Ï'ÎÏÏÎÎ - gnothi seauton ] my life is a planetarium - and you are the stars
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
