[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Strange sendmail reports -- email attack?

Subject: Re: [cobalt-users] Strange sendmail reports -- email attack?
From: flash22@xxxxxxx
Date: Fri Apr 20 16:36:41 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Fri, 20 Apr 2001, Brian M. Rahill wrote:

> Hi All,
> 
> Any idea what this log (see below) means.  I've got tons of them...this 
> message is create something like every 30 seconds for days...
> Apr 20 18:59:31 admin sendmail[14980]: f3KMwAa14980: ruleset=check_mail, 
> arg1=<asvdsign@xxxxxxxxxxx>, relay=IDENT:root@[202.161.150.2], reject=451 
> 4.1.8 <asvdsign@xxxxxxxxxxx>... Domain of sender address 
> asvdsign@xxxxxxxxxxx does not resolve

Given the version of the mail server at that address, and the fact that
none of the nameservers respond, i'd guess you caught the tail end of a
mass SPAM and their isp pulled the plug to limit the damage (by making the
domain name not resolve, many mail servers will do what yours did and
refuse to accept the email)
> _________
> Apr 19 16:51:19 admin named[20848]: ns_forw: 
> query(120.172.235.216.in-addr.arpa) All possible A RR's lame

Seems unrelated, belongs to some customer of btigate.com, they just don't
have reverse defined...
(they are an isp, so you probably got it running stats after one of their
dialup customers looked at a web page and left their IP in the stat/logs;)

gsh

Follow-Ups:
- Re: [cobalt-users] Strange sendmail reports -- email attack?
  - From: Brian M. Rahill

References:
- [cobalt-users] Strange sendmail reports -- email attack?
  - From: Brian M. Rahill

Prev by Date: Re: [cobalt-users] IPchains
Next by Date: Re: [cobalt-users] Change Telnet welcome msg
Previous by thread: Re: [cobalt-users] Strange sendmail reports -- email attack?
Next by thread: Re: [cobalt-users] Strange sendmail reports -- email attack?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index