Re: [cobalt-users] Strange sendmail reports -- email attack?

["Rodolfo J. Paiz" <rpaiz@xxxxxxxxxxxxxx>]

At 4/22/01 09:19 AM -0400, you wrote:
> > > Any idea what this log (see below) means.  I've got tons of them...this
> > > message is create something like every 30 seconds for days...
> > > Apr 20 18:59:31 admin sendmail[14980]: f3KMwAa14980: ruleset=check_mail,
> > > arg1=<asvdsign@xxxxxxxxxxx>, relay=IDENT:root@[202.161.150.2], reject=451
> > > 4.1.8 <asvdsign@xxxxxxxxxxx>... Domain of sender address
> > > asvdsign@xxxxxxxxxxx does not resolve
> >
> > Given the version of the mail server at that address, and the fact that
> > none of the nameservers respond, i'd guess you caught the tail end of a
> > mass SPAM and their isp pulled the plug to limit the damage (by making the
> > domain name not resolve, many mail servers will do what yours did and
> > refuse to accept the email)
>
> Well it must be a long tail.  I'm still getting these messages in my logs 
> every 30-45 seconds.  I turned off the email server from the GUI and then 
> turned it back on -- but that still didn't fix it.  Then I rebooted the 
> entire server -- still no luck.  The messages keep coming...
>
> Any other ideas?

Don't reboot your services or server... it's not their fault (and they're 
not Windows-based). The messages keep coming because the server keeps 
sending them... the only thing I can think of is to block those IP 
addresses, and/or contact the sysadmin over there.


--
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx