| 1 |
Can anyone tell me what service/application would start sendmail? |
| 2 |
|
| 3 |
I discovered my Gentoo computer recently very active with I/O on the |
| 4 |
harddrive and receive/transmit activity on an invocation of gkrellm. In |
| 5 |
researching the activity, I found that I had an smtp connection to a |
| 6 |
computer in Toronto, Canada. The connection was on port 43121 and looked |
| 7 |
like so: |
| 8 |
|
| 9 |
bash$ netstat -t -u |
| 10 |
Active Internet connections (w/o servers) |
| 11 |
Proto Recv-Q Send-Q Local Address Foreign Address State |
| 12 |
tcp 0 1 [myIP]:43121 [theirIP]:smtp ESTABLISHED |
| 13 |
... Other usual stuff .... |
| 14 |
|
| 15 |
Running a check to see what may be running in the process tables: |
| 16 |
|
| 17 |
bash$ ps -efl |
| 18 |
|
| 19 |
showed this process here: |
| 20 |
/usr/sbin/sendmail -FCronDaemon -odi -oem -oi -t |
| 21 |
|
| 22 |
I could not find the cause for this application invocation. Nothing |
| 23 |
in the rc-update, crontab, nor services suggests that sendmail ought to |
| 24 |
be running. |
| 25 |
|
| 26 |
When I killed the PID for this sendmail process, all disk I/O |
| 27 |
immediately stopped. The site for the IP address which had a connection |
| 28 |
to my computer was never one to which I had ever visited. I know of no |
| 29 |
reason I would ever go to it. |
| 30 |
|
| 31 |
I found vulnerabilities associated with a lower version of sendmail |
| 32 |
but none with the version I've installed right now. |
| 33 |
|
| 34 |
Any suggestions, ideas, or explanations are welcomed. |
| 35 |
|
| 36 |
Thanks in advance, |
| 37 |
|
| 38 |
|
| 39 |
Kern. |
Archives