[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Weird EMail Bounce

Subject: Re: [cobalt-users] Weird EMail Bounce
From: flash22@xxxxxxx
Date: Wed Apr 11 15:23:01 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Wed, 11 Apr 2001, Jay Jennings wrote:

> I arrived home to find this in my mailbox:
> 
> The original message was received at Wed, 11 Apr 2001 19:06:03 -0700
> from IDENT:root@[61.5.56.99]
> 
>    ----- The following addresses had permanent fatal errors -----
> <yudhi@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
> 
>    ----- Transcript of session follows -----
> 553 kaliurang.bugsinternetcafe.com.mydomain.com. config error: mail loops
> back to me (MX problem?)
> 554 <yudhi@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>... Local
> configuration error
> 
> 
> The email was written in non-English, and had three attachments:
> PROTOCOL.INI, RTL8139.CNF, and RTSND.DOS

These files are part of network card driver kit for a realtek card
(for windows, the .DOS is the dos mode driver)
(assuming they contain what their names suggest)


It's possible someone just snarfed up the email address, eg they had yours
in and typed the other one in, (or their mail client has stupid
auto-complete on email addresses ;)
the domain name and the nameserver name are
the same IP for that site btw, which is a little weird, the delivery
address is the nameserver, not the machine


> Any idea what this was, and how this email was sent? Was this email sent
> from inside the server mydomain? I'm kind of wondering if someone is
> wandering around inside my RaQ3 doing stuff they shouldn't.

No, you can send your self a mail to the same address and probably get the
same bounce....

The fact you got it makes me think you are using wildcard dns...

ps: did you put the 'mydomain.com' in ? strangly, mydomain.com happens to
exist and has wildcard dns....lol


this.is.some.complete.junk.mydomain.com internet address = 208.184.130.171

this is the problem with wildcard dns ;0
--
The origin ip is a .id address, and so is the destination, which i'm
inclined to think user error....you might look inside those files just to
be sure it's not a list of all your passwords or something ;)

(Only the RTSND.DOS file shouls have much of anything in it, 50k or so,
the others are usually a few lines of text)

(The origin looks like a dialup, huge lag on the last hop,same for
adjacent addresses ;)

gsh

References:
- [cobalt-users] Weird EMail Bounce
  - From: Jay Jennings

Prev by Date: Re: [cobalt-users] SafeTP RAQ installation
Next by Date: [cobalt-users] crontab /bin/bash: root: command not found
Previous by thread: [cobalt-users] Weird EMail Bounce
Next by thread: [cobalt-users] crontab /bin/bash: root: command not found

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index