Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I think my Sendmail has been Hacked!

Status
Not open for further replies.

benbeneke

IS-IT--Management
Dec 5, 2002
46
AU
Hi All,

I have a remote office I help to look after in Papua New Guinea. Their ISP has informed them that their bandwidth useage has jumped from 212Mb to 12.5Gb. A fairly sure sign of open relay I think.

I have followed a lot of the suggestions on this forum for securing sendmail but I still dont seem to have locked it down completely.

The maillog shows a few of these entries:

May 28 12:00:05 mail sendmail[29306]: NOQUEUE: [61.144.49.121] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

What does this mean? Is this a spammer by-passing my rules and still using our server to relay or is it nothing to worry about?

Would appreciate any help or advice

BTW: Machine is Redhat 6.2 with sendmail-8.11.6-1.62.3 from redhats site.

Ben
 
have you looked into the m4 configuration files, have you created the /etc/mail/access.db file? with the access_db feature turned on?
 
Check your sendmail.mc for
FEATURE(`relay_entire_domain')
This will allow relaying for every system in class M.
If class M is wrong, then the system may open up relaying for other hosts in that domain.
consider
mydomain.org relay (this is what you expect)
but
hijacked.mydomain.org will also relay (not good).

There is no God, only 10001010
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top