Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sendmail hacked - need to reinstall

Status
Not open for further replies.
LChalupa

LChalupa

Programmer
Jul 15, 2003
3
US
My site has been hacked. I need to blow away fedora and reinstall. I have a handful of user accounts. I want to migrate their email history to the new install. I don't understand enough about email documents to know what data I need to backup and then move. I'm really only concerned about the email messages. The default configuration file etc for sendmail will work fine for me. So about the email messages....as long as a user's email messages that I want to save are re-installed in the right folder on the new system, will they be accessible to that user as if they were actually received on the new site?
If you can point me to further information that would be great.
Thanks

Lee
 
Sort by date Sort by votes
Everything for sendmail's configs should be in /etc/mail. Back up that directory. The mail messages are kept in /var/spool/mail. You will see files in that directory with all your user's names. If you use imap which stores mail on the server, each user who uses imap will also have a folder for this check those as well. I find it hard to beleave that a you were hacked unless you have a wide open system. Can you tell me what leads you to believe you were hacked. It could be that you have an open port somewhere.

 
Upvote 0 Downvote
Let me clarify the situation. Somehow some way the intruders got access to root user. I started receiving returned emails that were blocked by other ISPs because they believed spam was coming from my site that unknown to me, it was. I found an app. that tomcat was running that the intruder had setup to run.
I think I have the user access under control now. I'm worried about open ports and whatever else could be now on my site.
 
Upvote 0 Downvote
Any ports you are not using should be blocked, especially ftp and telnet/ssh. You may want to read up on securing a linux server. Google is a good place to start. Getting back to sendmail, you may want to use smtpauth or other form of authentication to prevent your server from becoming an open relay. If spammers find out they can relay through your server, you can find yourself on the black list real fast. If that happens, nobody will accept mail from your server. An open relay is a very serious matter.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mikheil
  • Locked
  • Question
SMF Forum - sendmail not working
Replies
0
Views
3K
Mikheil
Mikheil
kitaman
  • Locked
  • Question
sendmail -bv
Replies
0
Views
2K
kitaman
kitaman
gwak1193
  • Locked
  • Question
sendmail smarthost
Replies
0
Views
2K
gwak1193
gwak1193
cndgk
  • Locked
  • Question
What might cause local-originated (submit.cf?) mail not to show up in syslog,but incoming mail does?
Replies
0
Views
3K
cndgk
cndgk
lolodirezo
  • Locked
  • Question
detect unused sendmail mailboxes in order to delete these boxes
Replies
0
Views
2K
lolodirezo
lolodirezo

Part and Inventory Search

Sponsor

Back
Top