1 |
Can anyone tell me what service/application would start sendmail? |
2 |
|
3 |
I discovered my Gentoo computer recently very active with I/O on the |
4 |
harddrive and receive/transmit activity on an invocation of gkrellm. In |
5 |
researching the activity, I found that I had an smtp connection to a |
6 |
computer in Toronto, Canada. The connection was on port 43121 and looked |
7 |
like so: |
8 |
|
9 |
bash$ netstat -t -u |
10 |
Active Internet connections (w/o servers) |
11 |
Proto Recv-Q Send-Q Local Address Foreign Address State |
12 |
tcp 0 1 [myIP]:43121 [theirIP]:smtp ESTABLISHED |
13 |
... Other usual stuff .... |
14 |
|
15 |
Running a check to see what may be running in the process tables: |
16 |
|
17 |
bash$ ps -efl |
18 |
|
19 |
showed this process here: |
20 |
/usr/sbin/sendmail -FCronDaemon -odi -oem -oi -t |
21 |
|
22 |
I could not find the cause for this application invocation. Nothing |
23 |
in the rc-update, crontab, nor services suggests that sendmail ought to |
24 |
be running. |
25 |
|
26 |
When I killed the PID for this sendmail process, all disk I/O |
27 |
immediately stopped. The site for the IP address which had a connection |
28 |
to my computer was never one to which I had ever visited. I know of no |
29 |
reason I would ever go to it. |
30 |
|
31 |
I found vulnerabilities associated with a lower version of sendmail |
32 |
but none with the version I've installed right now. |
33 |
|
34 |
Any suggestions, ideas, or explanations are welcomed. |
35 |
|
36 |
Thanks in advance, |
37 |
|
38 |
|
39 |
Kern. |