0

I have a problem with sendmail.

All of the sudden it started sending emails that its not supposed to send (obviaou spam messages about viagra, porn etc.). I checked some tools that supposedly check if server is an open relay and they say its not, but here is the excerpt of mail.log

Jul  6 18:13:23 onejob sendmail[30792]: t66IDN9E030792: Authentication-Warning: onejob.com: www-data set sender to mari_gill@onejob.com using -f
Jul  6 18:13:23 onejob sendmail[30792]: t66IDN9E030792: from=mari_gill@onejob.com, size=480, class=0, nrcpts=1, msgid=<201507061813.t66IDN9E030792@onejob.com>, relay=www-data@localhost
Jul  6 18:13:23 onejob sm-mta[30780]: STARTTLS=client, relay=mailin-01.mx.aol.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Jul  6 18:13:23 onejob sm-mta[30793]: t66IDN56030793: from=<mari_gill@onejob.com>, size=790, class=0, nrcpts=1, msgid=<201507061813.t66IDN9E030792@onejob.com>, proto=ESMTP, daemon=MTA-v4, relay=localhost [127.0.0.1]
Jul  6 18:13:23 onejob sendmail[30792]: t66IDN9E030792: to=twistedkush24@aim.com, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30480, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (t66IDN56030793 Message accepted for delivery)

How do I figure out what causes sendmail to send all those emails?

RandomWhiteTrash
  • 269
  • 1
  • 3
  • 16

1 Answers1

4

I don't use sendmail but relay=www-data@localhost would seem to indicate that a web application was compromised and that your web server is being used to send the spam.

Anthony Geoghegan
  • 2,800
  • 1
  • 23
  • 34
  • 1
    That would be my guess as well. Find and fix the offending web application and your spam problems will disappear. – voretaq7 Jul 07 '15 at 19:18