1 |
Christopher P. Kern wrote: |
2 |
> Can anyone tell me what service/application would start sendmail? |
3 |
|
4 |
Cron would. And your message makes it sounds like |
5 |
cron/vixie-cron/anacron/etc may have been involved. |
6 |
|
7 |
If you have a crontab entry that doesn't control output (stderr and |
8 |
stdout), you could have a large file of output that's been queued by cron. |
9 |
That could explain the disk activity and an outbound SMTP connection. |
10 |
|
11 |
Why it's sending mail to that specific address is another story. It sounds |
12 |
like you're using sendmail, but /usr/sbin/sendmail could be any of several |
13 |
mailer packages. You need to look at how the mail program is configured. |
14 |
|
15 |
While it's possible that someone else now owns your box (and you should be |
16 |
prepared to deal with that), it's also possible--based solely on what I've |
17 |
read in your message--that this is a simple misconfiguration. Before you |
18 |
go re-imaging the system, you probably want to analyze what's going on |
19 |
fully... rebuilding, in my experience, isn't a great strategy for fixing |
20 |
configuration problems. |
21 |
|
22 |
-Bill |
23 |
-- |
24 |
William Yang |
25 |
wyang@××××.net |
26 |
-- |
27 |
gentoo-security@l.g.o mailing list |