[NTLUG:Discuss] Sendmail acting goofy
Kelly Scroggins
kelly at cliffhanger.com
Sun Jan 16 23:59:03 CST 2000
Thanks,
Guess I just didn't want to face the facts. But hearing it from someone
else kind of forces me to. I'll relay the message.
Thanks again,
Kelly
Bug Hunter wrote:
>
> rewt is a clue that someone got in and compromised your system.
>
> re-install the entire system. You may have to check any other software
> you use on a regular basis.
>
> On Fri, 14 Jan 2000, Kelly Scroggins wrote:
>
> > Hello, oh wise listers,
> >
> > I know of a company that runs semdmail as their email server. It is
> > their only mail server to communicate to the world.
> >
> > During a cursory check of the system a couple of user IDs where noted
> > that didn't seem to belong. They were uf0, uf, Rewt, and test. The
> > admin deleted the accounts.
> >
> > After the accounts were deleted, sendmail would not deliver mail to the
> > pop clients. They received and error telling them (paraphrasing) it
> > can't get (a) lock and to try again or use imap. And imap worked.
> >
> > The user account (test) was restored and assigned it's original group
> > and user IDs of 520. Now the sendmail works fine.
> >
> > Does anyone know what the heck is going on? Could the system have been
> > compromised? Or could it be some weirdness with sendmail or something?
> >
> > Thanks for all thoughts,
> >
> > Kelly
> >
> > _______________________________________________
> > http://ntlug.org/mailman/listinfo/discuss
> >
>
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list