Hey Falko,
I think your intuition is right. Here is what my 'netstat -tap' shows
Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:10024 *:* LISTEN 25614/amavisd (mast
tcp 0 0 *:mysql *:* LISTEN 26675/mysqld
tcp 0 0 localhost:submission *:* LISTEN 23295/sendmail: MTA
tcp 0 0 *:sunrpc *:* LISTEN 1630/portmap
tcp 0 0 *:81 *:* LISTEN 14119/ispconfig_htt
tcp 0 0 *:52372 *:* LISTEN 1641/rpc.statd
tcp 0 0 kyleserver1.kyle:domain *:* LISTEN 14707/named
tcp 0 0 localhost:domain *:* LISTEN 14707/named
tcp 0 0 *:ssh *:* LISTEN 2842/sshd
tcp 0 0 localhost:953 *:* LISTEN 14707/named
tcp 0 0 localhost:smtp *:* LISTEN 23295/sendmail: MTA
tcp 0 52 kyleserver1.kylekar:ssh 192.168.2.24:51877 ESTABLISHED 31122/sshd: kyle [p
tcp6 0 0 [::]:imaps [::]:* LISTEN 9371/couriertcpd
tcp6 0 0 [::]:pop3s [::]:* LISTEN 9388/couriertcpd
tcp6 0 0 [::]:pop3 [::]:* LISTEN 9201/couriertcpd
tcp6 0 0 [::]:imap2 [::]:* LISTEN 9282/couriertcpd
tcp6 0 0 [::]:www [::]:* LISTEN 10279/apache2
tcp6 0 0 [::]:ftp [::]:* LISTEN 27541/proftpd: (acc
tcp6 0 0 [::]:ssh [::]:* LISTEN 2842/sshd
tcp6 0 0 localhost:953 [::]:* LISTEN 14707/named
tcp6 0 0 [::]:https [::]:* LISTEN 10279/apache2
tcp6 0 58 kyleserver1.kylekar:ftp mail.dezandis.com:51594 ESTABLISHED 31522/proftpd: (acc
tcp6 0 0 kyleserver1.kylekar:www 18925023069.user.:60928 ESTABLISHED 32733/apache2
No where does it list Postfix running, and it does list sendmail. What is the difference between Postfix and sendmail? What does this table of information list? What is 'netstat -tap' showing us? What is the difference between LISTEN and ESTABLISHED? I've never heard of mail.dezandis.com, but I'm connected to it? I went there and it just says "Apache is working". Is this an attack on my server?
Thanks for your help Falko. Would you be able to tell me how I remove sendmail and replace it with Postfix?
-K