Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 207
  • Last Modified:

Sendmail Authentication Log

I have a RedHat 9 server with about 200 users using pop3 and smtp. Sendmail requires authentication to send through (naturally). But I beleive that someone might have guessed one of my users password and is using my server to send mail. Log files show a very high number of messages being sent from Asian IPs and we do not do any business with Asian networks.

Essentially, I need to figure out what user this culprit is authenticating as. Can this info be added to the sendmail log? Or can I sniff this traffic somehow?

Help me stop this spammer! Thank you in advance!
0
colinbartlett
Asked:
colinbartlett
1 Solution
 
jlevieCommented:
> Sendmail requires authentication to send through (naturally).

Only if you've specifically configured Sendmail to do SMTP auth and the access map or a sendmail.mc definition doesn't allow the sending IP relay permission.

Do you have lines in /var/log/maillog similar to:

...mta[9098]: AUTH=server, relay=wilowisp.domain.tld [111.222.333.444], authid=jim, mech=PLAIN,...

If Sendmail is requiring AUTH to relay you'll have messages like that being logged, and obviously you'll be able to tell who is logging in and sending the message that follows in the maillog. The absence of any lines like that imply that SMTP AUTH isn't configured or that an entry in the access map or a sendmail.mc definition is overriding the SMTP AUTH requirement. Also don't discount the possibility that the mail is being sent from the server itself.

And the last possibility is that your server is unintentionally operating as a promiscous relay. There are web sites you can use to test for this. Or, if you'll post the server's host name I can test it for you.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now