>
> majordomo-owner. Your logwatch entry shows this happened twice in what
> I assume to be a 24 hour period. You might want to check your majordomo
> Log file and your sendmail log to verify. Using the steps I suggested
> previously, you will get rid of the errors in the logwatch report, but
> that does not give you the warm fuzzy feeling that everything is really
> OK.
So here's what my majordomo log looks like:
Feb 13 07:53:23 narsil.nbtanet.org majordomo[3945] {morton@dcemail.com} help
Feb 13 07:53:54 narsil.nbtanet.org majordomo[3956] {shawnm@surfy.net} help
Feb 16 17:13:45 narsil.nbtanet.org majordomo[32078] {"PayPal?
Inc."<service@payp
al.com>} help
Feb 16 22:29:47 narsil.nbtanet.org majordomo[10179]
{"accounting@nbtanet.org" <a
ccounting@nbtanet.org>} help
Feb 17 15:30:21 narsil.nbtanet.org majordomo[11363]
{"accounting@nbtanet.org" <a
ccounting@nbtanet.org>} help
Feb 17 15:33:03 narsil.nbtanet.org majordomo[11403]
{"accounting@nbta.net" <acco
unting@nbta.net>} help
log.1 (END)
Does that mean someone is exploiting a majordomo vulnerability? Because
to me this looks like somethings are getting sent via majordomo.
Likewise I found this entry in my most recent maillog:
Feb 24 10:29:18 narsil sendmail[2918]: k1OFTCE02917:
to="|/usr/lib/majordomo/wrapper majordomo", ctladdr=<majordomo@nb
tanet.org> (8/0), delay=00:00:04, xdelay=00:00:00, mailer=prog,
pri=65731, dsn=2.0.0, stat=Sent
I'm not a sendmail guru and am therefore unsure how to interepret the
maillog entry. But it looks like a message was sent to
"majordomo@nbtanet.org"
Or this:
Feb 24 10:29:53 narsil sendmail[2934]: k1OFTrt02934:
from=Majordomo-Owner@narsil.nbtanet.org, size=18620, class=0, nrc
pts=1, msgid=<200602241529.k1OFTrt02934@narsil.nbtanet.org>,
relay=majordomo@localhost
The one above looks like a message was sent somwhere from
Majordomo-Owner@. Am I getting abused by someone?
Bob
Follow-Ups:
References:
|
|
