Google Answers Logo
View Question
 
Q: Logging of sendmail authenticated user. ( No Answer,   1 Comment )
Question  
Subject: Logging of sendmail authenticated user.
Category: Computers > Internet
Asked by: kineticweb-ga
List Price: $20.00
Posted: 08 Sep 2004 18:21 PDT
Expires: 08 Oct 2004 18:21 PDT
Question ID: 398644
I think I have a spammer who is using my RedHat 9 server with sendmail
to send junk. I require authentication to send email through my server
(naturally). But it appears from the headers of messages in the queue
that someone found out an account name and password and is using that
to successfully authenticate.

How can I find out WHICH user? I can't for the life of me figure out a
way to determine this from the maillog file. Is there a way I can add
this info? Or maybe sniff the packets?
Answer  
There is no answer at this time.

Comments  
Subject: Re: Logging of sendmail authenticated user.
From: mckidd-ga on 17 Jan 2005 14:21 PST
 
Provided you have smtp-auth installed and working correctly, you
should first change the log level in your sendmail configuration. 
This can be done one of two ways:  via the sendmail.mc file, or the
sendmail.cf file.

Sendmail.mc file approach:

Add the following definition to /etc/mail/sendmail.mc

define(`confLOG_LEVEL', `14')dnl

Rebuild /etc/mail/sendmail.cf

m4 sendmail.mc > sendmail.cf

Sendmail.cf file approach:

Change the following definition in /etc/mail/sendmail.cf

O LogLevel=14

After you have changed the logging level, restart the sendmail daemon.
 Syslog will now log any successful authentications to
/var/log/maillog.  Of interest to you are the following fields in each
authentication log entry:

authid= and relay=

authid will display the login that was used for the authentication,
and relay will display the remote IP address that was added as the
temporary relay.  If you don't recognize the relay, then it is most
likely the spammer entry.

Hope this helps.

Michael Kidd

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  


Google Home - Answers FAQ - Terms of Service - Privacy Policy