I've been getting them to but a different message. Mine are originating from Korea, kornet.net
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Marcel Sent: Sunday, February 05, 2006 1:53 PM To: centos@centos.org Subject: [CentOS] Relaying of spam
Hi, sorry if this isn't the right place to post, but I'm having some trouble figuring out a spamming issue. If anyone here can help, that'd be amazing.
I'm running Brian's CentOS/BlueQuartz CD, version 3.5 from Nuonce.net. Everything seemed to be running fine for several days until this morning, when I received a zillion "returned mail" notices from the mailer daemon. Within it, it said it was unable to complete sending to the following users for various reasons and blah blah blah. That's fine, but I never initiated the email.
In my logs, entries like the following shows up ('portal' is the name of the box obviously):
Feb 5 12:11:45 portal sendmail[17135]: k15EXFZf015093: SMTP outgoing connect on portal.xxxxxxx.com Feb 5 12:12:51 portal sendmail[17135]: k15EXFZf015093: makeconnection (mobilemail.caii-dc.com. [209.135.227.253]) failed: Connection timed out with mobilemail.caii-dc.com. Feb 5 12:12:51 portal sendmail[17135]: k15EXFZf015093: to=aldara@caii-dc.com, ctladdr=username@portal.xxxxxxxxxxxxxxxxxxxx.com (502/100), delay=03:39:35, xdelay=00:01:06, mailer=esmtp, pri=3188891, relay=mobilemail.caii-dc.com. [209.135.227.253], dsn=4.0.0, stat=Deferred: Connection timed out with mobilemail.caii-dc.com.
Irregardless of the errors, I can't figure out why/where the outbound email is being generated. There are many entries in the log like this, and I assume alot of it, is going through. The user never initiated it. It has to be the server itself?
Plus, it's using the full name of the server which is portal.domainname.com in the email address. It seems to only use ONE user's name though. AND it's ONLY using 1 user's name from a list of several.
The user account gets some spam every now and then with the following header info, then these returned emails. These emails are from the local server using an account that doesn't exist:
=============================== Subject: The hottest issue we've seen this year From: ThePickOfTheYear2696@domainname.com Date: Sun, 5 Feb 2006 08:52:47 -0600 To: ThePickOfTheYear2696@portal.domainname.com ===============================
Since the "pickoftheyear" account doesn't exist....
Is there any suggestions from the group? I'm a newb at running a mail server, just trying to figure out what's going on. The site in question did have a couple formmail scripts that I deleted.
I am interested in running chkrootkit but is there a specific package required for CentOS/BQ? Or just download and compile?
Thanks.
M
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos