[NTLUG:Discuss] Sendmail acting goofy
Bug Hunter
bughuntr at one.ctelcom.net
Fri Jan 14 15:22:19 CST 2000
rewt is a clue that someone got in and compromised your system.
re-install the entire system. You may have to check any other software
you use on a regular basis.
On Fri, 14 Jan 2000, Kelly Scroggins wrote:
> Hello, oh wise listers,
>
> I know of a company that runs semdmail as their email server. It is
> their only mail server to communicate to the world.
>
> During a cursory check of the system a couple of user IDs where noted
> that didn't seem to belong. They were uf0, uf, Rewt, and test. The
> admin deleted the accounts.
>
> After the accounts were deleted, sendmail would not deliver mail to the
> pop clients. They received and error telling them (paraphrasing) it
> can't get (a) lock and to try again or use imap. And imap worked.
>
> The user account (test) was restored and assigned it's original group
> and user IDs of 520. Now the sendmail works fine.
>
> Does anyone know what the heck is going on? Could the system have been
> compromised? Or could it be some weirdness with sendmail or something?
>
> Thanks for all thoughts,
>
> Kelly
>
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list