Am So, den 05.02.2006 schrieb Marcel um 19:53:
I'm running Brian's CentOS/BlueQuartz CD, version 3.5 from Nuonce.net. Everything seemed to be running fine for several days until this morning, when I received a zillion "returned mail" notices from the mailer daemon. Within it, it said it was unable to complete sending to the following users for various reasons and blah blah blah. That's fine, but I never initiated the email.
In my logs, entries like the following shows up ('portal' is the name of the box obviously):
Feb 5 12:11:45 portal sendmail[17135]: k15EXFZf015093: SMTP outgoing connect on portal.xxxxxxx.com Feb 5 12:12:51 portal sendmail[17135]: k15EXFZf015093: makeconnection (mobilemail.caii-dc.com. [209.135.227.253]) failed: Connection timed out with mobilemail.caii-dc.com. Feb 5 12:12:51 portal sendmail[17135]: k15EXFZf015093: to=aldara@caii-dc.com, ctladdr=username@portal.xxxxxxxxxxxxxxxxxxxx.com (502/100), delay=03:39:35, xdelay=00:01:06, mailer=esmtp, pri=3188891, relay=mobilemail.caii-dc.com. [209.135.227.253], dsn=4.0.0, stat=Deferred: Connection timed out with mobilemail.caii-dc.com.
Irregardless of the errors, I can't figure out why/where the outbound email is being generated. There are many entries in the log like this, and I assume alot of it, is going through. The user never initiated it. It has to be the server itself?
Plus, it's using the full name of the server which is portal.domainname.com in the email address. It seems to only use ONE user's name though. AND it's ONLY using 1 user's name from a list of several.
Your log snipplet only shows the second half of the show. I guess there is running some kind of insecure web form forum software, so connections are initiated locally. Check the content of your user UID 502. He runs malicious software.
Alexander