Gentoo Archives: gentoo-security

From: William Yang <wyang@××××.net>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Strange occurrence of sendmail and disk I/O in background....
Date: Tue, 26 Feb 2008 12:45:39
Message-Id: 47C409BF.9090909@gcfn.net
In Reply to: [gentoo-security] Strange occurrence of sendmail and disk I/O in background.... by "Christopher P. Kern"
1 Christopher P. Kern wrote:
2 > Can anyone tell me what service/application would start sendmail?
3
4 Cron would. And your message makes it sounds like
5 cron/vixie-cron/anacron/etc may have been involved.
6
7 If you have a crontab entry that doesn't control output (stderr and
8 stdout), you could have a large file of output that's been queued by cron.
9 That could explain the disk activity and an outbound SMTP connection.
10
11 Why it's sending mail to that specific address is another story. It sounds
12 like you're using sendmail, but /usr/sbin/sendmail could be any of several
13 mailer packages. You need to look at how the mail program is configured.
14
15 While it's possible that someone else now owns your box (and you should be
16 prepared to deal with that), it's also possible--based solely on what I've
17 read in your message--that this is a simple misconfiguration. Before you
18 go re-imaging the system, you probably want to analyze what's going on
19 fully... rebuilding, in my experience, isn't a great strategy for fixing
20 configuration problems.
21
22 -Bill
23 --
24 William Yang
25 wyang@××××.net
26 --
27 gentoo-security@l.g.o mailing list