Where mail came from...(Hacker?)

Where mail came from...(Hacker?)

Post by Paul 'Shag' Walmsl » Thu, 01 Dec 1994 04:17:37



: Hi all,

: Please help me figure out what happened here!!

: Upon reboot of an Indigo R4000 running IRIX 5.2,
: sendmail reported (via the syslog) that root
: sent outgoing mail.  Here's the output from /var/adm/SYSLOG:

: Nov 23 16:18:01 5B:mymachine sendmail: starting
: Nov 23 16:18:03 6C:mymachine sendmail[247]: AA00247: from=root, size=287,
: class=0, received from local

: This seems extremely suspicious to me, as if someone hacked a startup
: script to send themselves mail whenever my machine reboots.  Or maybe
: past experiences have made me paranoid...  so is that a normal message?

Try checking root's mailbox to see if there are any messages that were
delivered at that time.  (root often sends mail to itself - output from a
cron job is delivered via sendmail to the user that it is running under)  

Also, if you're concerned about sendmail security, I would recommend
either installing the latest sendmail that SGI has up on ftp.sgi.com in
/sgi/IRIX5.0/sendmail or grabbing a copy of sendmail 8.6.9 from
ftp.cs.berkeley.edu and installing that.  (We did the latter.  Although
it was time-consuming, we're happy with it; not to mention, I hear
that SGI is releasing sendmail 8.6.9 with IRIX 5.3)

--


  "The only difference between myself and a madman is that I am not mad."
       - Salvador Dali

 
 
 

1. Z-Mail (AKA Media Mail) - How to play sound files on mail receipt?

This seems to be one place to ask this question:

How do I have Z-mail (Media Mail) play a sound file when new mail comes in?  
I still run the old SGI mailbox program to give me that functionallity.
While I'm asking, I'd really like to be able to play different sound files
based on who the mail message came from (I saw this once on a SUN).

Thanks in advance,
-Mark
--

======================================================================
  Mark Mettauer             StorageTek                   303-673-5053

  "you can learn something everyday, if you keep your ears open and
  your mouth shut."                                  - Uncle Irvine

2. Memory Leak while using RASDIAL

3. hackers

4. rewrite "From:" Header

5. Hacker attack--some questions

6. PC com3 and com4

7. Q: Howto get hacker's identity?

8. Datamation & Year 2000

9. Russian Hacker on the loose..

10. Hackers Sites

11. SGI should fire their Linux hackers...

12. Informix not coming up with tape drive connected on sgi

13. SPARC Ultra 1 not coming up!!