[vox-tech] Scary cron-deamon message

Richard Crawford rscrawford at mossroot.com
Wed Apr 20 08:56:04 PDT 2005


On Wednesday 20 April 2005 07:19, Daniel A. Lorca-Martinez wrote:

> I might be completely in the dark here, but it sounds like you might
> be the victim of a spammer a) using your machine to send garbage out
> or b) using a @stonegoose bogus return address.  I think the former
> is likely though.  Do you require authentication for SMTP from your
> server?  If not, then some spammer found your server and is using it
> to spam.  If this is the case, I'd shut that hole quickly, before you
> start getting on the anti-spam server lists.

I don't even allow SMTP from my machine.  I use POP3 and IMAP on that machine 
to check my e-mail, and Sendmail so that Squirrelmail can send messages out.  
I'm pretty sure I've locked down Sendmail so that no outside machines can 
hook up to it, and the only ports allowed to that machine through my firewall 
are 22, 80, and 110.  So I'm reasonably sure my machine isn't sending out 
spam.  More likely someone's been sending out spam with the stonegoose.com 
domain (I've seen plenty of them with my mossroot.com domain, which annoys 
the hell out of me).

Is there more that I should be doing?


> Is that the complete message?

I'm afraid so.  Nothing comparable in any of my system logs, and they all 
appear normal as well.  Chkrootkit found nothing either.

-- 
Richard S. Crawford
http://www.mossroot.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://ns1.livepenguin.com/pipermail/vox-tech/attachments/20050420/70c7628e/attachment.bin


More information about the vox-tech mailing list