View Mail stats ( View Relayers) oh boy!!

**rpmws** · 09-16-2003 11:59 PM

Originally posted by munk
Open the /etc/passwd file to view the local users on the server. Obviously be careful not to make any changes - if you want to edit the password list by hand then use 'vipw' which allows you to make changes to the system password dbs.

Did you try grepping the /etc directory for the username's of those dodgy users? It could be that there's an alias or somesuch for Exim in there somewhere.

cPanel.net Support Ticket Number:

yes I did ..see a few steps above where I quoted when you first told me to search for that funny user. I only found "hidden-user" once. I also need to let you know that this username is actually "hidden-user" it's not what I am typing to hide a real user. It's actually showing up as "hidden-user"

cPanel.net Support Ticket Number:

**rpmws** · 09-17-2003 12:08 AM

I just checked all the users and none of them look liek they don't belong. None of them match the weird ones in the relayed list. I just want to be sure I haven't been hacked. I searched google.com the user {Ice^Stylez] and found a RedHat thread that talked about some hacking. Wanted to see if maybe some spambot was hitting me as well as others.

The other weird users I can't find anything on google about. I just emailed the guy at the southern.com and found out that he is a sys-admin for 20 years and wouldn't be any hacker. He uses pine for his email .. but it's on his boxes and he does email with a client I host. I am wondering if you send a email using pine from one box to another does that U for user get stamped in exim_mainlog?

cPanel.net Support Ticket Number:

**munk** · 09-17-2003 12:20 AM

I am wondering if you send a email using pine from one box to another does that U for user get stamped in exim_mainlog?

Yes if user 'john' sent a mail using a MUA like pine/mutt or w/e from the local server then U=john would be added in the logfile.

cPanel.net Support Ticket Number:

**rpmws** · 09-17-2003 12:25 AM

Originally posted by munk
Yes if user 'john' sent a mail using a MUA like pine/mutt or w/e from the local server then U=john would be added in the logfile.

cPanel.net Support Ticket Number:

It looks like "hidden-user" is using pine. Now this is a email coming in right?

2003-09-16 15:51:24 19zMnA-0002o3-Rk <= shannin@southern.com H=(wolfman.southern.net) [195.219.38.1] U=hidden-user P=esmtp S=3538 id=Pine.SGI.4.44.0309161550460.19062074-100000@itchy.southern.net

cPanel.net Support Ticket Number:

**cpanelnick** · 09-17-2003 05:52 AM

Originally posted by rpmws
It looks like "hidden-user" is using pine. Now this is a email coming in right?

2003-09-16 15:51:24 19zMnA-0002o3-Rk <= shannin@southern.com H=(wolfman.southern.net) [195.219.38.1] U=hidden-user P=esmtp S=3538 id=Pine.SGI.4.44.0309161550460.19062074-100000@itchy.southern.net

cPanel.net Support Ticket Number:

This is actually a bug. Its logging the ident instead of converting the ip to the username.

This is fixed in edge 66 and later

cPanel.net Support Ticket Number:

LinkBack

Thread Tools

View Relayers

View Relayers

View Relayers

View relayers and mail problem

view relayers ?