Date: Fri, 27 Sep 2002 20:56:57 -0700 (PDT) From: Heywood Jblome <provencial1@yahoo.com> To: freebsd-stable@freebsd.org Subject: Possible trojan since upgrade Message-ID: <20020928035657.21042.qmail@web21402.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Since I upgraded to a recent Stable CVSUP, I've seen this kind of message about once a day in the /var/log/maillog file. I suspect a trojan as the "root" user did not send email at this time, there is no matching entry indicating that the mail was sent, queued, or so forth. The system seems to slow after this entry shows in the logs. Don't know for sure whether this came from a CVSUP or somewhere else... there are only two users on the system. Can anyone point me where to look to eliminate whatever is causing this email connection? ----------------- from /var/log/maillog assume host zzzzzz.com -----------This is the entry in question-------- Sep 27 13:44:40 medusa sm-mta[1742]: g8RIiXgt001742: from=<root@zzzzzz.com>, size=0, class=0, nrcpts=1, proto=ESMTP, daemon=MTA, relay=[202.80.192.29] -------------Next entry------------- Sep 27 13:46:59 medusa sm-mta[1746]: ruleset=check_relay, arg1=host101-38.pool21 758.interbusiness.it, arg2=217.58.38.101, relay=host101-38.pool21758.interbusiness.it [217.58.38.101], reject=550 5.7.1 Mail Rejected - see http://relays.osirusoft.com __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020928035657.21042.qmail>