[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Strange sendmail reports -- email attack?
- Subject: RE: [cobalt-users] Strange sendmail reports -- email attack?
- From: "Colin J. Raven" <cjraven@xxxxxxxxxxx>
- Date: Sat Apr 21 22:50:45 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> > > Any idea what this log (see below) means. I've got tons
> of them...this
> > > message is create something like every 30 seconds for days...
> > > Apr 20 18:59:31 admin sendmail[14980]: f3KMwAa14980:
> ruleset=check_mail,
> > > arg1=<asvdsign@xxxxxxxxxxx>,
> relay=IDENT:root@[202.161.150.2], reject=451
> > > 4.1.8 <asvdsign@xxxxxxxxxxx>... Domain of sender address
> > > asvdsign@xxxxxxxxxxx does not resolve
> >
> >Given the version of the mail server at that address, and
> the fact that
> >none of the nameservers respond, i'd guess you caught the
> tail end of a
> >mass SPAM and their isp pulled the plug to limit the damage
> (by making the
> >domain name not resolve, many mail servers will do what yours did and
> >refuse to accept the email)
>
> Well it must be a long tail. I'm still getting these
> messages in my logs
> every 30-45 seconds. I turned off the email server from the
> GUI and then
> turned it back on -- but that still didn't fix it. Then I
> rebooted the
> entire server -- still no luck. The messages keep coming...
>
How about blocking mail from gia.net completely and see what happens????
It's at least a starting point if nothing else and cannot possibly break
anything.
Regards,
-Colin
--
Colin J. Raven