I've been getting them to but a different message. Mine are originating from Korea, kornet.net > -----Original Message----- > From: centos-bounces at centos.org > [mailto:centos-bounces at centos.org] On Behalf Of Marcel > Sent: Sunday, February 05, 2006 1:53 PM > To: centos at centos.org > Subject: [CentOS] Relaying of spam > > Hi, sorry if this isn't the right place to post, but I'm > having some trouble figuring out a spamming issue. If anyone > here can help, that'd be amazing. > > I'm running Brian's CentOS/BlueQuartz CD, version 3.5 from > Nuonce.net. > Everything seemed to be running fine for several days until > this morning, when I received a zillion "returned mail" > notices from the mailer daemon. Within it, it said it was > unable to complete sending to the following users for various > reasons and blah blah blah. That's fine, but I never > initiated the email. > > In my logs, entries like the following shows up ('portal' is > the name of the box obviously): > > Feb 5 12:11:45 portal sendmail[17135]: k15EXFZf015093: SMTP > outgoing connect on portal.xxxxxxx.com Feb 5 12:12:51 portal > sendmail[17135]: k15EXFZf015093: makeconnection > (mobilemail.caii-dc.com. [209.135.227.253]) failed: > Connection timed out with mobilemail.caii-dc.com. > Feb 5 12:12:51 portal sendmail[17135]: k15EXFZf015093: > to=<aldara at caii-dc.com>, > ctladdr=<username at portal.xxxxxxxxxxxxxxxxxxxx.com> (502/100), > delay=03:39:35, xdelay=00:01:06, mailer=esmtp, pri=3188891, > relay=mobilemail.caii-dc.com. [209.135.227.253], dsn=4.0.0, > stat=Deferred: Connection timed out with mobilemail.caii-dc.com. > > Irregardless of the errors, I can't figure out why/where the > outbound email is being generated. There are many entries in > the log like this, and I assume alot of it, is going through. > The user never initiated it. > It has to be the server itself? > > Plus, it's using the full name of the server which is > portal.domainname.com in the email address. It seems to only > use ONE user's name though. AND it's ONLY using 1 user's name > from a list of several. > > The user account gets some spam every now and then with the > following header info, then these returned emails. These > emails are from the local server using an account that doesn't exist: > > =============================== > Subject: > The hottest issue we've seen this year > From: > ThePickOfTheYear2696 at domainname.com > Date: > Sun, 5 Feb 2006 08:52:47 -0600 > To: > ThePickOfTheYear2696 at portal.domainname.com > =============================== > > Since the "pickoftheyear" account doesn't exist.... > > Is there any suggestions from the group? I'm a newb at > running a mail server, just trying to figure out what's going > on. The site in question did have a couple formmail scripts > that I deleted. > > I am interested in running chkrootkit but is there a > specific package required for CentOS/BQ? Or just download and compile? > > Thanks. > > M > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >