RE: OOT Sendmail: Suspicious emails in mqueue

If you see suspicious mails on your server and you are not sure where
they are coming from it. It might be your server is being used for
spamming. Hence your server might be allowing relaying...and there is
the possibility your server has been compromised...
What is the configuration of your /etc/mail/access file.. And other
information about sendmail...
Best regards

Gbenga

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Budi Febrianto
Sent: Friday, September 01, 2006 3:27 AM
To: redhat-list@xxxxxxxxxx
Subject: OOT Sendmail: Suspicious emails in mqueue


Hello redhat-list,
This morning I saw many suspicious emails in one of my sendmail
server.
I'm not sure where these emails coming from, because it says from
localhost.
This is a virus?

This is one of them.

>>>>>
V8
T1157070533
K1157076972
N8
P745773
I3/3/729316
MDeferred: Connection timed out with mx3.ntt.net.id.
Frs
$_localhost
$r
$slocalhost
${daemon_flags}
${if_addr}172.16.5.22
SMAILER-DAEMON
MDeferred: Connection timed out with mx3.ntt.net.id.
rRFC822; abc@xxxxxxxxxxx
RPF:<abc@xxxxxxxxxxx>
H?P?Return-Path: <<81>g>
H??Received: from localhost (localhost)
by nospam.mydomain.com (8.13.1/8.13.1) id k810SfPX032754;
Fri, 1 Sep 2006 07:28:53 +0700
H??Date: Fri, 1 Sep 2006 07:28:53 +0700
H??From: Mail Delivery Subsystem <MAILER-DAEMON>
H??Full-Name: Mail Delivery Subsystem
H??Message-Id: <200609010028.k810SfPX032754@xxxxxxxxxxxxxxxxxxx>
H??To: <abc@xxxxxxxxxxx>
H??MIME-Version: 1.0
H??Content-Type: multipart/report; report-type=delivery-status;
boundary="k810SfPX032754.1157070533/nospam.mydomain.com"
H??Subject: Returned mail: see transcript for details
H??Auto-Submitted: auto-generated (failure)
H??X-mydomain-MailScanner-Information: Please contact the ISP for more
information
H??X-mydomain-MailScanner: Found to be clean
H??X-mydomain-MailScanner-SpamCheck: not spam (whitelisted),
SpamAssassin (score=0.141, required 4, autolearn=disabled,
BAYES_50 0.00, FROM_NO_LOWER 0.14, NO_RELAYS -0.00)
H??X-mydomain-MailScanner-From: mailer-daemon

>>>>>

--
Best regards,
Budi Febrianto mailto:bfebrian@xxxxxxx


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Relevant Pages

  • Re: sending mail from localhost to yahoo, gmail, hotmail, etc
    ... desktop computer (localhost) but be able to send email to anyone on ... most likely need to locate php/sasl to use from your server. ... JDS Computer Training Corp. ... However the images don't show up. ...
    (comp.lang.php)
  • Re: sending mail from localhost to yahoo, gmail, hotmail, etc
    ... desktop computer (localhost) but be able to send email to anyone on ... most likely need to locate php/sasl to use from your server. ... JDS Computer Training Corp. ... However the images don't show up. ...
    (comp.lang.php)
  • Re: sending mail from localhost to yahoo, gmail, hotmail, etc
    ... desktop computer (localhost) but be able to send email to anyone on ... most likely need to locate php/sasl to use from your server. ... I have been researching on the internet and ... JDS Computer Training Corp. ...
    (comp.lang.php)
  • Re: (was Re: setting FQDN in /etc/hosts)
    ... There should be a space before the word localhost, ... the hostname command will tell you what ... 503 Leafnode must have a unique fully-qualified domain name. ... ## This is the NNTP server leafnode fetches its news from. ...
    (news.software.readers)
  • RE: Unable to open the Web project
    ... What frustrates me is my test - pointing it to my server - doesn't work ... because it ALWAYS looks to localhost no matter what I try. ... will be working on these web services so to require a central server is not ... Create your virtual directory before getting latest version. ...
    (microsoft.public.dotnet.general)