Hi Yah, Just checking logs and these entries have me a bit confused... (xxxxx being one of our servers)
Oct 25 09:47:45 ns sendmail[8881]: JAA08881: from=httpd, size=188, class=0, pri=30188, nrcpts=1, msgid=<[EMAIL PROTECTED]>, relay=httpd@localhost Oct 25 09:47:48 ns sendmail[8883]: JAA08881: [EMAIL PROTECTED], ctladdr=httpd (15/11), delay=00:00:03, xdelay=00:00:03, mailer=esmtp, relay=mail.iinet.net.au. [203.0.178.192], stat=Sent (ok 1004024864 qp 25390) Oct 25 09:49:36 ns sendmail[8976]: JAA08976: from=httpd, size=198, class=0, pri=30198, nrcpts=1, msgid=<[EMAIL PROTECTED]>, relay=httpd@localhost Oct 25 09:49:39 ns sendmail[8978]: JAA08976: [EMAIL PROTECTED], ctladdr=httpd (15/11), delay=00:00:03, xdelay=00:00:03, mailer=esmtp, relay=mail.iinet.net.au. [203.0.178.192], stat=Sent (ok 1004024979 qp 25071) Oct 25 09:49:40 ns sendmail[8979]: JAA08979: from=httpd, size=198, class=0, pri=30198, nrcpts=1, msgid=<[EMAIL PROTECTED]>, relay=httpd@localhost Oct 25 09:49:42 ns sendmail[8981]: JAA08979: [EMAIL PROTECTED], ctladdr=httpd (15/11), delay=00:00:02, xdelay=00:00:02, mailer=esmtp, relay=mail.iinet.net.au. [203.0.178.192], stat=Sent (ok 1004024976 qp 2339) Oct 25 09:49:49 ns sendmail[8982]: JAA08982: from=httpd, size=198, class=0, pri=30198, nrcpts=1, msgid=<[EMAIL PROTECTED]>, relay=httpd@localhost Oct 25 09:49:51 ns sendmail[8984]: JAA08982: [EMAIL PROTECTED], ctladdr=httpd (15/11), delay=00:00:02, xdelay=00:00:02, mailer=esmtp, relay=mail.iinet.net.au. [203.0.178.192], stat=Sent (ok 1004024992 qp 4179) It's obviously been sent through the server "from=httpd" and been relayed via httpd@localhost. Now if this was spam going out how can I tell who's sending or what site it's originating from? Is this mail being sent via an online form maybe?? Many thanks in advance Chae _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
