Disable or limit email in root?
Jorge Biquez
jbiquez at intranet.com.mx
Fri May 27 04:44:59 UTC 2011
At 11:27 p.m. 26/05/2011, Jon Radel wrote:
>On 5/27/11 12:16 AM, Jorge Biquez wrote:
>>
>>Hello.
>>
>>I am trying to find if sendmail was the problem or what... thing is not
>>that root receive email but that root was used to send email to a list
>>of address...
>
>And what does it say in the logs? We'll help you interpret them if
>you wish, but right now I've heard nothing but speculation and I've
>heard nothing to distinguish between:
>
>1) Somebody sent e-mail with root at .... as the return address, or
>
>2) Somebody generated e-mail with a process running as root, or
>
>3) both.
>
>Your sendmail log should tell you where sendmail thinks the e-mail
>came from and where it thinks it sent it.
>
>Or you could start by telling us HOW you detected this problem.
>
>--Jon Radel
>jon at radel.com
Hello
1) Somebody sent e-mail with root at .... as the return address, or
- They send it from the machine, a big queue has to be deleted
before processing.
>2) Somebody generated e-mail with a process running as root, or
Yes, I guess that happened, the emailes where in the queue waiting
to be sent... thing is the server has only 4 account for email
users... all strong passwords.... using the last -10 command showed
only the last 10 times I logged in. No new users were created apparently.
I changed passwords and restricted that only my user can have ssh
login and my user can the su to root.
root can not login using ssh... I tested again at this moment....
Jorge Biquez
More information about the freebsd-questions
mailing list