[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Strange sendmail reports -- email attack?

Subject: [cobalt-users] Strange sendmail reports -- email attack?
From: "Johnson Lim" <johnson@xxxxxxxxxxx>
Date: Sun Apr 22 15:18:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

At 4/22/01 09:19 AM -0400, you wrote:
>> > Any idea what this log (see below) means.  I've got tons of them...this
>> > message is create something like every 30 seconds for days...
>> > Apr 20 18:59:31 admin sendmail[14980]: f3KMwAa14980:
ruleset=check_mail,
>> > arg1=<asvdsign@xxxxxxxxxxx>, relay=IDENT:root@[202.161.150.2],
reject=451
>> > 4.1.8 <asvdsign@xxxxxxxxxxx>... Domain of sender address
>> > asvdsign@xxxxxxxxxxx does not resolve
>>
>>Given the version of the mail server at that address, and the fact that
>>none of the nameservers respond, i'd guess you caught the tail end of a
>>mass SPAM and their isp pulled the plug to limit the damage (by making the
>>domain name not resolve, many mail servers will do what yours did and
>>refuse to accept the email)

I got the same thing as well. Same domain name, IP and message. If you look
at the processes running, you'll probably see these 3 processes running

 "sendmail:  IDENT:root@[202.161.150.2] cmd read.."
 "sendmail:  IDENT:root@[202.161.150.2] MAIL FROM.."
 "sendmail:  IDENT:root@[202.161.150.2] DATA.."

My suspicion was cracker activity or spammers. Did as mentioned, block the
IP. Looks OK so far.

Regards
Johnson

Prev by Date: [cobalt-users] [Qube 2] - 2nd try: Problems running external cgi
Next by Date: [cobalt-users] Uninstalling packages?
Previous by thread: [cobalt-users] [Qube 2] - 2nd try: Problems running external cgi
Next by thread: [cobalt-users] Uninstalling packages?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index