On Fri, 06 Feb 2009 10:56:13 +0000, Dake K. Odzangba wrote:
> On Friday 06 February 2009 10:23:42 Fajar Priyanto wrote:
>> On Fri, Feb 6, 2009 at 6:06 PM, Dake K. Odzangba <odzangba@xxxxxxxxx>
>> > Hello, my system logs contain some pretty suspicious entries: Feb 6
>> > 09:57:20 mal-zeth nullmailer: Starting delivery: protocol:
>> > smtp host: mail. file: 1232786107.30076 Feb 6 09:57:26 mal-zeth
>> > nullmailer: smtp: Failed: Connect failed Feb 6 09:57:26
>> > mal-zeth nullmailer: Sending failed: Host not found Feb 6
>> > 09:57:26 mal-zeth nullmailer: Delivery complete, 5 message(s)
>> > remain.
>> > I have no idea what it's trying to send out and the same sequence
>> > repeats itself every two minutes or so. I'm freaking out here... has
>> > my system been compromised?
>> First of all it fails to send whatever, so, at least less risk. Second,
>> do: last
>> It will list all login activities, see if you see suspicious. Third,
>> sudo updatedb
>> locate one of the file: locate 1232786107.30076 Try what file it is and
>> the content.
>> Last, if you don't need nullmailer, uninstall it.
> Thanks Fajar. Apparently the file is being mailed by the anacron daemon.
>> Received: (nullmailer pid 30076 invoked by uid 0);
>> Sat, 24 Jan 2009 08:35:07 -0000
>> From: Anacron <root@xxxxxxxxxxxxxxxxx> To: root@xxxxxxxxxxxxxxxxx
>> Subject: Anacron job 'cron.daily' on mal-zeth Date: Sat, 24 Jan 2009
>> 08:35:07 +0000 Message-Id:
>> run-parts: /etc/cron.daily/apt exited with return code 1
> I think the problem is it got the email address wrong... don't remember
> ever configuring any such thing. In fact, I don't even remember
> installing nullmailer. I think I'll just uninstall it.
I don't think you should uninstall nullmailer. If you try it will
probably take essential packages like anacron with it. Some packages need
a mail-transfer-agent to be able to inform you when something does not
work like it should, nullmailer is the simplest mta there is and I
suppose a minimal requirement when no other mta is installed.
You should find out why anacron is using a wrong email address. As far as
I can remember it will usually use something like root@localhost. The
address where it will send its mail can be found in /etc/crontab. On my
box that is a simple "root". If anything more is in there you should take
it out. Then in /etc/aliases you can set to whom mail for root should be
delivered. It should have "root: [your user name]" in there.
If after checking this, things still don't work, we can look further.
ubuntu-users mailing list
Modify settings or unsubscribe at: