[Mimedefang] Don't know what happened

Brad Tarver btarver at fpwk.com
Tue Jan 6 15:26:06 EST 2004 

It's working again.

I downloaded a new src rpm for the kernel (I was going to do this anyway
since a new advisory was released yesterday).

Rebuilt the kernel, rebooted, and magically MD is working again. Dunno
if the new kernel is what fixed it or if it was just the reboot that
fixed it.

I appreciated everyones input very, very much.


BT

-----Original Message-----
From: mimedefang-bounces at lists.roaringpenguin.com
[mailto:mimedefang-bounces at lists.roaringpenguin.com] On Behalf Of Brad
Tarver
Sent: Tuesday, January 06, 2004 11:29 AM
To: mimedefang at lists.roaringpenguin.com
Subject: RE: [Mimedefang] Don't know what happened


I hope not. It's got the newest kernel and sendmail RPMs from Redhat
(with all the backported patchces). The only port open on the firewall
to that server is 25. No remote access in from the outside.

Any suggestions?



-----Original Message-----
From: mimedefang-bounces at lists.roaringpenguin.com
[mailto:mimedefang-bounces at lists.roaringpenguin.com] On Behalf Of David
F. Skoll
Sent: Tuesday, January 06, 2004 11:07 AM
To: mimedefang at lists.roaringpenguin.com
Subject: RE: [Mimedefang] Don't know what happened


On Tue, 6 Jan 2004, Brad Tarver wrote:

> I set confMILTER_LOG_LEVEL to 21. The other things you suggested were
> already set. I even recompiled MD with the debugging flag. I still 
> don't get any indications as to why MD won't start.

This is a long shot, but I had a CanIt customer whose setup died in
exactly the way you describe.  His kernel was taking forever to execute
the "setgid" system call.  I believe it was the result of a system
compromise.

Could your kernel have been hacked?

Regards,

David.
_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang
mailing list MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang


Important Confidentiality And Limited Liability Notice

This email and any attachments may be confidential and protected by law. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the email or any attachment is prohibited. If you have received this email in error, please notify us immediately by replying to the sender and deleting this copy and the reply from your system. Please note that any views or opinions expressed in this email are solely those of the author and do not necessarily represent those of Forman Perry Watkins Krutz & Tardy LLP. (FPWK&T). The recipient should check this email and any attachments for the presence of viruses. FPWK&T accepts no liability for any damage caused by any virus transmitted by this email. Thank you for your cooperation.

More information about the MIMEDefang mailing list