Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Activity Tracing - Using sendmail.
Top Forums UNIX for Dummies Questions & Answers Activity Tracing - Using sendmail. Post 302422793 by abvh on Wednesday 19th of May 2010 11:55:55 AM
Old 05-19-2010
Error Activity Tracing - Using sendmail.
Code:
uname -a output
Linux server.domain.com 2.6.9-67.0.15.ELsmp #1 SMP Tue Apr 22 13:50:33 EDT 2008 i686 i686 i386 GNU/Linux

At our company, we have hundreds of employees that access this server for reporting purposes.

However, someone was familiar enough with sendmail and used it to send an email that was crafted to look like it came from a specific person and was sent to the entire company with private information. Huge security concern.

I have been tasked with helping figure out this spoof. Here is what I need to figure out.

The mail was sent at 11:12PM on May 17th.

I need to find the IP address of the system that made a shell/terminal connection to the server around this time and used the sendmail command to send an email to a specific mailing list.

Any ideas ? I'm not entirely familiar with logging yet. The mail log file doesn't seem to provide much useful information.
Last edited by Yogesh Sawant; 05-24-2010 at 03:20 AM.. Reason: added code tags
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Tracing a terminal

Hi you all, any of you know how to monitor what is going on in another terminal? I mean if somebody will install an application on my server remotely and I want to "watch" what he is doing. I remember that some one use the "audit" command but now I just can't remember. thanx.:mad: (2 Replies)
Discussion started by: alex blanco
2 Replies

2. HP-UX

tracing a user's session

hi, does anyone knows how to trace a user session on a unix system: i want to log these things 1- login 2- date of starting session 3- date of closing session i've tryed who and last but they don't give closing time of session regards hmaiida (2 Replies)
Discussion started by: hmaiida
2 Replies

3. Shell Programming and Scripting

tracing ethereal traces

Hi All........ i need a perl script that can trace the traces of the ethereal tool. PLZ help me out...............!!!!!!!!! (1 Reply)
Discussion started by: trupti_rinku
1 Replies

4. Linux

tracing

hello every one can any one help me out i just want to trace what ever i am doing in linux 8.0 in the text mode to be saved in a text file so that at the end i can see my work what i have do. its just like oracle spool so you can see your work at the end . for example what ever command u gave... (1 Reply)
Discussion started by: shary
1 Replies

5. Shell Programming and Scripting

tracing in linux

hello every one can any one help me out i just want to trace what ever i am doing in linux 8.0 in the text mode to be saved in a text file so that at the end i can see my work what i have do. its just like oracle spool so you can see your work at the end . for example what ever command u gave... (2 Replies)
Discussion started by: shary
2 Replies

6. Programming

Tracing self process using ptrace()

Kindly correct me if any of the foll is wrong: I want to trace the current process from the C program itself which I think can be done using ptrace(PTRACE_ATTACH,getpid(),0,0); I would like to get control back after a segmentation fault, or arithmetric exception (i.e. all signals that end... (1 Reply)
Discussion started by: vpraveen84
1 Replies

7. UNIX for Advanced & Expert Users

tracing a user input

Hi, i need to get a log of all the commands typed and output of those commands fired by a specific user on my sun machine. Also i need to trace all commands and inputs given from a specific IP on my machine. Regards Rochit (1 Reply)
Discussion started by: rochitsharma
1 Replies

8. Shell Programming and Scripting

tracing processes in shell

Is there a way to have the output from: strace -p 10101 placed in a text file so we can download it and look it over? Thanks Richard (1 Reply)
Discussion started by: ukndoit
1 Replies

9. UNIX for Dummies Questions & Answers

Tracing file installation

Hello, my first post here. I have a script to install a program which runs the user through installation interface offering several options. What I want to do is to trace the possible mistakes during the installation and send them to a logfile. I.e if a user interrupts the installation, I would... (2 Replies)
Discussion started by: tetreb
2 Replies

10. Solaris

Clarifying sendmail configuration - sendmail-client offline

Hi all, I have read about sendmail running as 2 separate process. 1 as a MSP, and the other as the real daemon or MTA. In my current configuration, the sendmail-client is disabled. Both submit.cf and sendmail.cf are left as default untouch I do not specified any mailhost... (3 Replies)
Discussion started by: javanoob
3 Replies

LEARN ABOUT SUSE

calibre-smtp

CALIBRE-SMTP(1) 						      calibre							   CALIBRE-SMTP(1)

NAME

       calibre-smtp - part of calibre

SYNOPSIS

       calibre-smtp  [options] [from to text]

DESCRIPTION

       Send  mail using the SMTP protocol. calibre-smtp has two modes of operation. In the compose mode you specify from to and text and these are
       used to build and send an email message. In the filter mode, calibre-smtp reads a complete email message from STDIN and sends it.

       text is the body of the email message.  If text is not specified, a complete email message is read from STDIN.  from is the  email  address
       of the sender and to is the email address of the recipient. When a complete email is read from STDIN, from and to are only used in the SMTP
       negotiation, the message headers are not modified.

       Whenever you pass arguments to calibre-smtp that have spaces in them, enclose the arguments in quotation marks.

OPTIONS

       --version
	      show program's version number and exit

       -h, --help
	      show this help message and exit

       -l, --localhost
	      Host name of localhost. Used when connecting to SMTP server.

       -o, --outbox
	      Path to maildir folder to store failed email messages in.

       -f, --fork
	      Fork and deliver message in background. If you use this option, you should also use --outbox to handle delivery failures.

       -t, --timeout
	      Timeout for connection

       -v, --verbose
	      Be more verbose

   COMPOSE MAIL
       Options to compose an email. Ignored if text is not specified

       -a, --attachment
	      File to attach to the email

       -s, --subject
	      Subject of the email

   SMTP RELAY
       Options to use an SMTP relay server to send mail. calibre will try to send the email directly unless --relay is specified.

       -r, --relay
	      An SMTP relay server to use to send mail.

       --port Port to connect to on relay server. Default is to use 465 if encryption method is SSL and 25 otherwise.

       -u, --username
	      Username for relay

       -p, --password
	      Password for relay

       -e, --encryption-method
	      Encryption method to use when connecting to relay. Choices are TLS and SSL. Default is TLS.

SEE ALSO

       The User Manual is available at http://calibre-ebook.com/user_manual

       Created by Kovid Goyal <kovid@kovidgoyal.net>

calibre-smtp (calibre 0.6.53)					     July 2010							   CALIBRE-SMTP(1)
All times are GMT -4. The time now is 08:44 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy