Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SCO 5.0.5 running sendmail, looks to be an open relay, how do stop it?

Status
Not open for further replies.
arliehedges

arliehedges

MIS
Nov 21, 2002
10
US
I could really use some help from anyone out there. I've got a box runing SCO 5.0.5 with sendmail running. Judging by what i've found in syslog i think someone has found this machine and either compromised it or it was never locked down to begin with. Anyways, /root is filling up almost daily since its small and in syslog i've found the following:
(this is just a clip, if we need more i can post it)
ep 9 14:07:52 vhg2149 sendmail[29297]: OAA29297: collect: unexpected close on
onnection from [211.187.135.127], sender=<hqfbb2i7@yahoo.co.kr>: Error 0
ep 9 14:48:43 vhg2149 sendmail[28083]: NAA28083: SYSERR(root): collect: I/O e
or on connection from [211.187.135.127], from=<oxrjga67jcdwdvj@yahoo.co.kr>: C
nection reset by [211.187.135.127]
ep 9 15:04:47 vhg2149 sendmail[2593]: PAA02593: SYSERR(root): collect: I/O er
r on connection from [211.187.135.127], from=<hqfbb2i7@yahoo.co.kr>: Connectio
reset by [211.187.135.127]
ep 9 16:02:27 vhg2149 sendmail[5800]: QAA05800: collect: unexpected close on
nnection from [211.187.135.127], sender=<oxrjga67jcdwdvj@yahoo.co.kr>: Error 0
ep 9 16:33:38 vhg2149 sendmail[3795]: PAA03795: SYSERR(root): collect: I/O er
r on connection from [211.187.135.127], from=<oxrjga67jcdwdvj@yahoo.co.kr>: Co
ection reset by [211.187.135.127]
ep 9 16:45:19 vhg2149 sendmail[8134]: QAA08134: collect: unexpected close on
nnection from [211.187.135.127], sender=<oxrjga67jcdwdvj@yahoo.co.kr>: Error 0
ep 9 16:50:09 vhg2149 sendmail[8369]: QAA08369: collect: unexpected close on
nnection from [211.187.135.127], sender=<oxrjga67jcdwdvj@yahoo.co.kr>: Error 0
ep 9 17:14:24 vhg2149 sendmail[9787]: RAA09787: collect: unexpected close on
nnection from [211.187.135.127], sender=<hqfbb2i7@yahoo.co.kr>: Error 0
ep 9 17:19:24 vhg2149 telnetd[9038]: can't find user in protected password d
abase
I need to figure out how to disable the open relay, and ultimately disable sendmail completely( dont want to if i dont have to ). somebody help!
Thanks in advance
[thumbsup]
 
Sort by date Sort by votes
you could block the senders domain with the following in

/usr/lib/mail/access :

yahoo.co.kr REJECT


then regenerate the databases and restart sendmail. this file could also be used to lock down the system to only ACCEPT from certain addresses, depends on your needs.
 
Upvote 0 Downvote
Thanks, but the client doesnt use sendmail at all (must have gotten stuck with it through a default install) so I would rather just turn it off completely. I dont want a service using up processor time and filling disk space for no reason.

 
Upvote 0 Downvote
rm /etc/rc2.d/P86sendmail

will remove the link that is used on system startup
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ziggy6
  • Locked
  • Question
Trying to Install Openssl 1.1.1. on SCO 5.0.7
Replies
0
Views
590
ziggy6
ziggy6
ziggy6
  • Locked
  • Question
Help using awk or some kind of Tool in Unix to Read a file, cut fields and write to a file
Replies
2
Views
682
mikrom
mikrom
mduddytel
  • Locked
  • Question
Unix Root inbox - how to clear
Replies
0
Views
542
mduddytel
mduddytel
mduddytel
  • Locked
  • Question
SCO Unix Smart-host problem (?)
Replies
0
Views
522
mduddytel
mduddytel
Bluejay07
  • Locked
  • Question
SCO password change text location
Replies
0
Views
482
Bluejay07
Bluejay07

Part and Inventory Search

Sponsor

Back
Top