Can anyone tell me what service/application would start sendmail?
I discovered my Gentoo computer recently very active with I/O on the
harddrive and receive/transmit activity on an invocation of gkrellm. In
researching the activity, I found that I had an smtp connection to a
computer in Toronto, Canada. The connection was on port 43121 and looked
like so:
bash$ netstat -t -u
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 1 [myIP]:43121 [theirIP]:smtp ESTABLISHED
... Other usual stuff ....
Running a check to see what may be running in the process tables:
bash$ ps -efl
showed this process here:
/usr/sbin/sendmail -FCronDaemon -odi -oem -oi -t
I could not find the cause for this application invocation. Nothing
in the rc-update, crontab, nor services suggests that sendmail ought to
be running.
When I killed the PID for this sendmail process, all disk I/O
immediately stopped. The site for the IP address which had a connection
to my computer was never one to which I had ever visited. I know of no
reason I would ever go to it.
I found vulnerabilities associated with a lower version of sendmail
but none with the version I've installed right now.
Any suggestions, ideas, or explanations are welcomed.
Thanks in advance,
Kern.
I discovered my Gentoo computer recently very active with I/O on the
harddrive and receive/transmit activity on an invocation of gkrellm. In
researching the activity, I found that I had an smtp connection to a
computer in Toronto, Canada. The connection was on port 43121 and looked
like so:
bash$ netstat -t -u
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 1 [myIP]:43121 [theirIP]:smtp ESTABLISHED
... Other usual stuff ....
Running a check to see what may be running in the process tables:
bash$ ps -efl
showed this process here:
/usr/sbin/sendmail -FCronDaemon -odi -oem -oi -t
I could not find the cause for this application invocation. Nothing
in the rc-update, crontab, nor services suggests that sendmail ought to
be running.
When I killed the PID for this sendmail process, all disk I/O
immediately stopped. The site for the IP address which had a connection
to my computer was never one to which I had ever visited. I know of no
reason I would ever go to it.
I found vulnerabilities associated with a lower version of sendmail
but none with the version I've installed right now.
Any suggestions, ideas, or explanations are welcomed.
Thanks in advance,
Kern.