At our company, we have hundreds of employees that access this server for reporting purposes.
However, someone was familiar enough with sendmail and used it to send an email that was crafted to look like it came from a specific person and was sent to the entire company with private information. Huge security concern.
I have been tasked with helping figure out this spoof. Here is what I need to figure out.
The mail was sent at 11:12PM on May 17th.
I need to find the IP address of the system that made a shell/terminal connection to the server around this time and used the sendmail command to send an email to a specific mailing list.
Any ideas ? I'm not entirely familiar with logging yet. The mail log file doesn't seem to provide much useful information.
Last edited by Yogesh Sawant; 05-24-2010 at 03:20 AM..
Reason: added code tags
Hi you all, any of you know how to monitor what is going on in another terminal?
I mean if somebody will install an application on my server remotely and I want to "watch" what he is doing. I remember that some one use the "audit" command but now I just can't remember.
thanx.:mad: (2 Replies)
hi,
does anyone knows how to trace a user session on a unix system:
i want to log these things
1- login
2- date of starting session
3- date of closing session
i've tryed who and last but they don't give closing time of session
regards
hmaiida (2 Replies)
hello every one
can any one help me out i just want to trace what ever i am doing in linux 8.0 in the text mode to be saved in a text file so that at the end i can see my work what i have do. its just like oracle spool so you can see your work at the end .
for example what ever command u gave... (1 Reply)
hello every one
can any one help me out i just want to trace what ever i am doing in linux 8.0 in the text mode to be saved in a text file so that at the end i can see my work what i have do. its just like oracle spool so you can see your work at the end .
for example what ever command u gave... (2 Replies)
Kindly correct me if any of the foll is wrong:
I want to trace the current process from the C program itself which I think can be done using
ptrace(PTRACE_ATTACH,getpid(),0,0);
I would like to get control back after a segmentation fault, or arithmetric exception (i.e. all signals that end... (1 Reply)
Hi,
i need to get a log of all the commands typed and output of those commands fired by a specific user on my sun machine.
Also i need to trace all commands and inputs given from a specific IP on my machine.
Regards
Rochit (1 Reply)
Hello, my first post here.
I have a script to install a program which runs the user through installation interface offering several options. What I want to do is to trace the possible mistakes during the installation and send them to a logfile. I.e if a user interrupts the installation, I would... (2 Replies)
Hi all,
I have read about sendmail running as 2 separate process.
1 as a MSP, and the other as the real daemon or MTA.
In my current configuration,
the sendmail-client is disabled.
Both submit.cf and sendmail.cf are left as default untouch
I do not specified any mailhost... (3 Replies)
Discussion started by: javanoob
3 Replies
LEARN ABOUT SUSE
calibre-smtp
CALIBRE-SMTP(1) calibre CALIBRE-SMTP(1)NAME
calibre-smtp - part of calibre
SYNOPSIS
calibre-smtp [options] [from to text]
DESCRIPTION
Send mail using the SMTP protocol. calibre-smtp has two modes of operation. In the compose mode you specify from to and text and these are
used to build and send an email message. In the filter mode, calibre-smtp reads a complete email message from STDIN and sends it.
text is the body of the email message. If text is not specified, a complete email message is read from STDIN. from is the email address
of the sender and to is the email address of the recipient. When a complete email is read from STDIN, from and to are only used in the SMTP
negotiation, the message headers are not modified.
Whenever you pass arguments to calibre-smtp that have spaces in them, enclose the arguments in quotation marks.
OPTIONS --version
show program's version number and exit
-h, --help
show this help message and exit
-l, --localhost
Host name of localhost. Used when connecting to SMTP server.
-o, --outbox
Path to maildir folder to store failed email messages in.
-f, --fork
Fork and deliver message in background. If you use this option, you should also use --outbox to handle delivery failures.
-t, --timeout
Timeout for connection
-v, --verbose
Be more verbose
COMPOSE MAIL
Options to compose an email. Ignored if text is not specified
-a, --attachment
File to attach to the email
-s, --subject
Subject of the email
SMTP RELAY
Options to use an SMTP relay server to send mail. calibre will try to send the email directly unless --relay is specified.
-r, --relay
An SMTP relay server to use to send mail.
--port Port to connect to on relay server. Default is to use 465 if encryption method is SSL and 25 otherwise.
-u, --username
Username for relay
-p, --password
Password for relay
-e, --encryption-method
Encryption method to use when connecting to relay. Choices are TLS and SSL. Default is TLS.
SEE ALSO
The User Manual is available at http://calibre-ebook.com/user_manual
Created by Kovid Goyal <kovid@kovidgoyal.net>
calibre-smtp (calibre 0.6.53) July 2010 CALIBRE-SMTP(1)