Spam / Unauthorized Emails Sent from My MAC

S

SForsgren

Guest
I have a MAC Tiger OS box running with only port 80 and 25 open. I had a problem earlier where the PostFix enabler for sending and receiving mail had an open relay and someone used it to send a number of phishing emails. That was subsequently resolved with an upgrade to Postfix Enabler and some configuration changes to remove any relays. The mass send problem has not been observed since that time.

The problem now is that 2 times per day, I see an email outgoing from my server under the 'www' user which is not the user that shows if I send it from my mail client (Mail.app or SquirrelMail). It is going to an address on yahoo that I do not recognize.

I have no idea where this email is originating and no understanding of how to further diagnose it. I have run Norton, ClamXAv and other spyware products and everything is now scanning clean.

If someone could provide me with some additional thoughts on how to debug this, I would be very greatful.

Be well,
Scott
 
Joined
Jun 6, 2006
Messages
1,153
Reaction score
94
Points
48
Your Mac's Specs
MacBook 2.0GHz White, 512MB RAM, 60GB HDD
It looks like your Apache server (on port 80) is accepting a command to send an email using a local sendmail binary. Most likely you have gained a formmail.pl variant via a security hole in your Apache config. Check your access logs for anything you don't specifically recognise.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top