Article 15779 at 09/07/03 07:57:50 From: jdory (at mark) nomealaska.org Subject: [coba-e:15779] Re: spam problem w/ email

Index: [Article Count Order] [Thread]
Date:  Thu, 02 Jul 2009 14:59:04 -0800
From:  Jim Dory <jdory (at mark) nomealaska.org>
Subject:  [coba-e:15779] Re: spam problem w/ email - hope not serious
To:  coba-e (at mark) bluequartz.org
Message-Id:  <4A4D3BB8.1090504 (at mark) nomealaska.org>
In-Reply-To:  <904EFB3C55F44A8C8339993213121DAD@HP9925NR>
References:  <876189.91068.qm (at mark) web65607.mail.ac4.yahoo.com> <4A4BADBB.2060300 (at mark) nomealaska.org> <4A4CF38A.3080200 (at mark) nomealaska.org> <904EFB3C55F44A8C8339993213121DAD (at mark) HP9925NR>
X-Mail-Count: 15779

Darrell D. Mobley wrote:
>> -----Original Message-----
>> From: Jim Dory [mailto:jdory (at mark) nomealaska.org]
>> Sent: Thursday, July 02, 2009 1:51 PM
>> To: coba-e (at mark) bluequartz.org
>> Subject: [coba-e:15775] Re: spam problem w/ email - hope not serious
>>
>>     
>>> \
>>> Jul  1 10:27:12 srv1 sendmail[11406]: n61IQgih011392: to="|
>>> /home/nuonce/openwebmail/cgi-bin/openwebmail/owvacation.pl -t60s -a
>>> jessie.led (at mark) nomealaska.org -a jessie_led (at mark) nomealaska.org -a
>>> jessie (at mark) nomealaska.org  jessie", ctladdr=<jessie (at mark) nomealaska.org>
>>> (523/100), delay=00:00:19, xdelay=00:00:11, mailer=prog, pri=121642,
>>> dsn=2.0.0, stat=Sent
>>> \
>>>
>>> Jul  1 10:27:47 srv1 sendmail[11605]: n61IRkLQ011605:
>>> Authentication-Warning: srv1.nomecity.org: jessie set sender to
>>> jessie (at mark) nomealaska.org using -f
>>>
>>>
>>>       
>> Could it be the problem isn't so much dependent on the user as the email
>> address, since the problem persisted after deleting the user and adding
>> another? Maybe something to do with openwebmail? A completely new user
>> but with same email address has the same problem. Thanks - Jim
>>     
>
> Could it be the problem is a spammer, hedgerowsrvrk83 (at mark) lexoria.com, is
> sending Jessie and email, and that is OWM trying to send a vacation message
> back to the spammer?
>
> The /home/nuonce/openwebmail/cgi-bin/openwebmail/owvacation.pl seems to
> indicate the activity is coming from OWM's vacation script.
>
>
>
>   
I don't know if this helps but with the user jessie suspended, here's a 
snippet from the maillog. I don't know if any clues are contained 
therein, it may all be reasonable:


Jul  2 22:39:11 srv1 sendmail[15946]: n636cuT1015779: forward 
/home/.sites/106/site3/.users/15/jessie/.forward.srv1: Permission denied
Jul  2 22:39:11 srv1 sendmail[15946]: n636cuT1015779: forward 
/home/.sites/106/site3/.users/15/jessie/.forward: Permission denied
Jul  2 22:39:11 srv1 spamd[8510]: spamd: connection from localhost 
[127.0.0.1] at port 33983
Jul  2 22:39:11 srv1 spamd[8510]: spamd: setuid to jessie succeeded
Jul  2 22:39:11 srv1 spamd[8510]: spamd: creating default_prefs: 
/home/.sites/106/site3/.users/15/jessie/.spamassassin/user_prefs
Jul  2 22:39:11 srv1 spamd[8510]: config: cannot write to 
/home/.sites/106/site3/.users/15/jessie/.spamassassin/user_prefs: 
Permission denied
Jul  2 22:39:11 srv1 spamd[8510]: spamd: failed to create readable 
default_prefs: 
/home/.sites/106/site3/.users/15/jessie/.spamassassin/user_prefs
Jul  2 22:39:11 srv1 spamd[8510]: spamd: processing message 
<1246574016_ordnances (at mark) valcomstl.com> for jessie:523
Jul  2 22:39:12 srv1 spamd[8510]: auto-whitelist: open of auto-whitelist 
file failed: locker: safe_lock: cannot create tmp lockfile 
/home/.sites/106/site3/.users/15/jessie/.spamassassin/auto-whitelist.lock.srv1.nomecity.org.8510 
for 
/home/.sites/106/site3/.users/15/jessie/.spamassassin/auto-whitelist.lock: 
Permission denied


-- 
Jim Dory
Engineering
City of Nome
PO Box 281
102 Division St.
Nome, AK 99762
907.443.6604

http://www.nomealaska.org


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.