[expert] chkrootkit and mailing results to root

Tue, 11 Nov 2003 14:28:55 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As I was sitting here staring at "tail -f /var/log/syslog" I saw my chkrootkit 
anacronjob fly by.  At the end of the check, I noticed an email sent to 
[EMAIL PROTECTED]   An outtake from my syslog post chkrootkit: 

Nov 11 16:11:57 lapdog : nothing deleted
Nov 11 16:11:57 lapdog postfix/pickup[1765]: C2E4E6F0B: uid=0 from=<root>
Nov 11 16:11:57 lapdog postfix/cleanup[9784]: C2E4E6F0B: 
message-id=<[EMAIL PROTECTED]>
Nov 11 16:11:57 lapdog postfix/nqmgr[1766]: C2E4E6F0B: from=<[EMAIL PROTECTED]>, 
size=119979, nrcpt=1 (queue active)
Nov 11 16:12:08 lapdog postfix/smtp[9788]: C2E4E6F0B: to=<[EMAIL PROTECTED]>, 
orig_to=<root>, relay=mx1.mail.yahoo.com[64.157.4.78], delay=11, status=sent 
(250 ok Tue Nov 11 13:12:08 2003:  ql 0, qr 12748104)
Nov 11 16:12:11 lapdog anacron[1891]: Job `cron.daily' terminated (mailing 
output)
Nov 11 16:12:11 lapdog postfix/pickup[1765]: 812B86F07: uid=0 from=<root>
Nov 11 16:12:11 lapdog postfix/cleanup[9784]: 812B86F07: 
message-id=<[EMAIL PROTECTED]>
Nov 11 16:12:11 lapdog anacron[1891]: Normal exit (1 jobs run)
Nov 11 16:12:11 lapdog postfix/nqmgr[1766]: 812B86F07: from=<[EMAIL PROTECTED]>, 
size=576, nrcpt=1 (queue active)
Nov 11 16:12:17 lapdog postfix/smtp[9788]: 812B86F07: to=<[EMAIL PROTECTED]>, 
orig_to=<root>, relay=mx2.mail.yahoo.com[64.157.4.78], delay=6, status=sent 
(250 ok Tue Nov 11 13:12:16 2003:  ql 0, qr 9269918)

Sending email to [EMAIL PROTECTED] will fail and go to nobody.  What is actually 
sending this message and where do I find the config file so I can correct it 
to send messages to [EMAIL PROTECTED] or [EMAIL PROTECTED]

Is it postfix itself?  In order to avoid having the mandrake list bounce all 
my mails back at me, I had to setup my local postfix to set "myorigin = 
yahoo.com".  If I set it to be my actual localdomain (ravenhome.net) I will 
lose the ability to post to the expert list.  Is this [EMAIL PROTECTED] 
originating from postfix via this "myorigin" setting?    

praedor

praedor

- -- 
"Our ship is in the hands of pilots who are steering directly under full sail 
for a rock.  The whole crew may see this course to violate our liberties in 
full view if they look the right way."
- --Samuel Adams, 1771
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/sVNWaKr9sJYeTxgRAsbcAJ9y7jRIOLuT55Cgd7NyGQ4nHGD2cACeOF9u
IUf61oQzXmo7ci928Zogh7M=
=QcMj
-----END PGP SIGNATURE-----


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Reply via email to