Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Activity Tracing - Using sendmail.
Top Forums UNIX for Dummies Questions & Answers Activity Tracing - Using sendmail. Post 302422793 by abvh on Wednesday 19th of May 2010 11:55:55 AM
Old 05-19-2010
Error Activity Tracing - Using sendmail.
Code:
uname -a output
Linux server.domain.com 2.6.9-67.0.15.ELsmp #1 SMP Tue Apr 22 13:50:33 EDT 2008 i686 i686 i386 GNU/Linux

At our company, we have hundreds of employees that access this server for reporting purposes.

However, someone was familiar enough with sendmail and used it to send an email that was crafted to look like it came from a specific person and was sent to the entire company with private information. Huge security concern.

I have been tasked with helping figure out this spoof. Here is what I need to figure out.

The mail was sent at 11:12PM on May 17th.

I need to find the IP address of the system that made a shell/terminal connection to the server around this time and used the sendmail command to send an email to a specific mailing list.

Any ideas ? I'm not entirely familiar with logging yet. The mail log file doesn't seem to provide much useful information.
Last edited by Yogesh Sawant; 05-24-2010 at 03:20 AM.. Reason: added code tags
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Tracing a terminal

Hi you all, any of you know how to monitor what is going on in another terminal? I mean if somebody will install an application on my server remotely and I want to "watch" what he is doing. I remember that some one use the "audit" command but now I just can't remember. thanx.:mad: (2 Replies)
Discussion started by: alex blanco
2 Replies

2. HP-UX

tracing a user's session

hi, does anyone knows how to trace a user session on a unix system: i want to log these things 1- login 2- date of starting session 3- date of closing session i've tryed who and last but they don't give closing time of session regards hmaiida (2 Replies)
Discussion started by: hmaiida
2 Replies

3. Shell Programming and Scripting

tracing ethereal traces

Hi All........ i need a perl script that can trace the traces of the ethereal tool. PLZ help me out...............!!!!!!!!! (1 Reply)
Discussion started by: trupti_rinku
1 Replies

4. Linux

tracing

hello every one can any one help me out i just want to trace what ever i am doing in linux 8.0 in the text mode to be saved in a text file so that at the end i can see my work what i have do. its just like oracle spool so you can see your work at the end . for example what ever command u gave... (1 Reply)
Discussion started by: shary
1 Replies

5. Shell Programming and Scripting

tracing in linux

hello every one can any one help me out i just want to trace what ever i am doing in linux 8.0 in the text mode to be saved in a text file so that at the end i can see my work what i have do. its just like oracle spool so you can see your work at the end . for example what ever command u gave... (2 Replies)
Discussion started by: shary
2 Replies

6. Programming

Tracing self process using ptrace()

Kindly correct me if any of the foll is wrong: I want to trace the current process from the C program itself which I think can be done using ptrace(PTRACE_ATTACH,getpid(),0,0); I would like to get control back after a segmentation fault, or arithmetric exception (i.e. all signals that end... (1 Reply)
Discussion started by: vpraveen84
1 Replies

7. UNIX for Advanced & Expert Users

tracing a user input

Hi, i need to get a log of all the commands typed and output of those commands fired by a specific user on my sun machine. Also i need to trace all commands and inputs given from a specific IP on my machine. Regards Rochit (1 Reply)
Discussion started by: rochitsharma
1 Replies

8. Shell Programming and Scripting

tracing processes in shell

Is there a way to have the output from: strace -p 10101 placed in a text file so we can download it and look it over? Thanks Richard (1 Reply)
Discussion started by: ukndoit
1 Replies

9. UNIX for Dummies Questions & Answers

Tracing file installation

Hello, my first post here. I have a script to install a program which runs the user through installation interface offering several options. What I want to do is to trace the possible mistakes during the installation and send them to a logfile. I.e if a user interrupts the installation, I would... (2 Replies)
Discussion started by: tetreb
2 Replies

10. Solaris

Clarifying sendmail configuration - sendmail-client offline

Hi all, I have read about sendmail running as 2 separate process. 1 as a MSP, and the other as the real daemon or MTA. In my current configuration, the sendmail-client is disabled. Both submit.cf and sendmail.cf are left as default untouch I do not specified any mailhost... (3 Replies)
Discussion started by: javanoob
3 Replies

LEARN ABOUT OSF1

mailstats

mailstats(8)						      System Manager's Manual						      mailstats(8)

NAME

       mailstats - Displays statistics about mail traffic

SYNOPSIS

       mailstats [-o] [-C cffile [-f stfile]

FLAGS

       Do  not	display the name of the mailer in the output.  Use cffile as the name of the sendmail "cf" file instead of /var/adm/sendmail/send-
       mail.cf.  Use stfile as the input statistics file instead of /var/adm/sendmail/sendmail.st.

DESCRIPTION

       The mailstats command reads the information in the /var/adm/sendmail/sendmail.st file (or in the file specified with the -f flag),  formats
       it,  and  writes  it to standard output.  Note also that you can change the location of the sendmail.st file by editing its pathname in the
       sendmail.cf file.

EXAMPLES

       The format of the information is shown in the following example, in which the first field (M) contains a number that indicates the position
       of  that  mailer  in  the sendmail.cf file, starting at 0 (zero).  For example, the first mailer in the sendmail.cf file corresponds to the
       number 0 in the mailstats display, the second mailer corresponds to the number 1, and so on.  Statistics from Thu Feb 17  11:20:01  2000  M
       msgsfr	bytes_from    msgsto	 bytes_to   msgsrej msgsdis  Mailer 1	    50	       77K	  1	     3K        0       0   local 6
       43	  59K	    58		99K	    0	     0	   smtp  ============================================================  T	93
       136K	   59	      102K	   0	   0 The fields in the report have the following meanings: Indicates the position of the mailer in
       the sendmail.cf file.  Indicates the number of messages received by the local machine from the indicated mailer.  Indicates the	number	of
       bytes  in  the  messages  received  by  the  local machine from the indicated mailer.  Indicates the number of messages sent from the local
       machine using the indicated mailer.  Indicates the number of bytes in the messages sent from the local machine using the indicated  mailer.
       Indicates the number of rejected messages.  Indicates the number of discarded messages.	Indicates the name of the mailer.

       If sendmail transmits mail directly to a file, such as the dead.letter file or an alias target, the message and byte counts are credited to
       the prog mailer, as defined in the sendmail.cf file.  However, mailstats will still default to var/adm/sendmail/sendmail.st.

FILES

       Specifies the command path Contains system statistics Contains configuration information for sendmail

RELATED INFORMATION

       Commands: sendmail(8) delim off

																      mailstats(8)
All times are GMT -4. The time now is 12:14 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy