Gentoo Archives: gentoo-security

From: William Yang <wyang@××××.net>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Strange occurrence of sendmail and disk I/O in background....
Date: Tue, 26 Feb 2008 12:45:39
Message-Id: 47C409BF.9090909@gcfn.net
In Reply to: [gentoo-security] Strange occurrence of sendmail and disk I/O in background.... by "Christopher P. Kern"
Christopher P. Kern wrote:
> Can anyone tell me what service/application would start sendmail?
Cron would. And your message makes it sounds like cron/vixie-cron/anacron/etc may have been involved. If you have a crontab entry that doesn't control output (stderr and stdout), you could have a large file of output that's been queued by cron. That could explain the disk activity and an outbound SMTP connection. Why it's sending mail to that specific address is another story. It sounds like you're using sendmail, but /usr/sbin/sendmail could be any of several mailer packages. You need to look at how the mail program is configured. While it's possible that someone else now owns your box (and you should be prepared to deal with that), it's also possible--based solely on what I've read in your message--that this is a simple misconfiguration. Before you go re-imaging the system, you probably want to analyze what's going on fully... rebuilding, in my experience, isn't a great strategy for fixing configuration problems. -Bill -- William Yang wyang@××××.net -- gentoo-security@l.g.o mailing list