possible Ubuntu automated spamming problem, sendmail? cron? anacron?

[Sean Hammond]

Perhaps someone can help me out with this.

Apparently root at sdf.lonestar.org, the administrator of the domain
which provides my email account, has been receiving spam from me (in
the form of what look like automated error messages from cron and
anacron). This is news to me, and he unfortunately does not seem to
want to help me figure out what is happening, but just wants me to
'stop it'.

I haven't been able (yet) to get a full email source of one of the
spam messages, but I have been told that they come from my
cpe.net.cable.rogers.com address. This is strange because I have no
such address, though I am on a Rogers connection, it's not my
connection and all I do is plug into it via dhcp. It's also strange
because I don't know how he identified me as seanh at sdf.lonestar.org
using an email that came from some completely different address.
Probably I'm confused as to what he means here.

I also have the bodies of lots of the spam messages, most of which
look like this:

/usr/share/sendmail/sendmail: line 812: /usr/sbin/sendmail-msp: No
such file or directory

Though some are different and perhaps revealing:

This one seems to be talking about zope (I'm not using zope at all):

/etc/cron.daily/logrotate:
/tmp/logrotate.SYVyQH: line 4: zopectl: command not found
error: error running shared postrotate script for /var/log/zope/*/*.log 
run-parts: /etc/cron.daily/logrotate exited with return code 1

This one mentions a bunch of random people and a website (I have never
heard of any of the people mentioned):

/usr/pkg/sbin/update-vhoststats[26]: 200000000

haferman.com
haferman.com: unexpected `haferman'
/usr/pkg/sbin/update-vhoststats[26]: johnzimmerman.net
200000000: unexpected `.'
/usr/pkg/sbin/update-vhoststats[26]: unidentifiedbassplayer.org
unidentifiedbassplayer.org
200000000: unexpected `.'
/usr/pkg/sbin/update-vhoststats[26]: macmaz.com
200000000
macmaz.com
macmaz.com: unexpected `.'
/usr/pkg/sbin/update-vhoststats[26]: 200000000

daveandkaren.com: unexpected `daveandkaren'
/usr/pkg/sbin/update-vhoststats[26]: 50000000
infrarednex.com: unexpected `infrarednex'

And the subjects for all of the messages are things similar to this:

Cron <smmsp at sean> test -x /usr/share/sendmail/sendmail &&
/usr/share/sendmail/sendmail cron-msp

And this:

Anacron job 'cron.daily' on sean

'sean' is the name of my account on my laptop, and also the name of my
laptop (the name of my SDF account is seanh). So at this point I
become suspicious that my laptop is automatically sending the
messages. Why it would suddenly start doing this, and why it would
decide to send them to 'root at sdf.lonestar.org' is still a mystery to
me.

sdf.lonestar.org is known to Evolution, as I have my email account in
there, and it is also known to sendmail on my laptop, as I configured
it as the domain to send messages from and I use sendmail to send
messages from evolution.

The first thing I did (because I really don't want to be spamming my
administrator) was to remove the sendmail package from my machine
(which runs Ubuntu Linux, I simply removed the package in Synaptic).
Strangely though, even though I have restarted my machine since,
sendmail appears still to be running. Evolution can still be
configured to send through sendmail and will successfully send emails,
and the spam emails are still being sent. I also don't see any
sendmail process in my gnome system monitor.

So I guess the first thing to do would be to try and look up how I
could really check whether sendmail is running on my laptop and stop
it, and hope that stops the spam.
-- 
Sean
http://seanh.freeshell.org