I might have looked at the wrong places, so far, and it might belong into
the FAQ, but I am looking for resources helping me interpret the sendmail
maillog on the RAQ-3.
We have a rather strange incident recently, where the client received an
address not found response from aol.com. By checking the header of the
message we found:
Note that the user and the domain have been changed to user@xxxxxxxxxxxxx
_______________
Received: from falcon.prod.itd.earthlink.net
(falcon.mail.pas.earthlink.net [207.217.120.74]) by rly-xh04.mx.aol.com
(v84.10) with ESMTP id MAILRELAYINXH49-0406122947; Sat, 06 Apr 2002
12:29:47 1900
Received: from sdn-ar-001nybuffp260.dialsprint.net ([168.191.115.22]
helo=helo)
by falcon.prod.itd.earthlink.net with smtp (Exim 3.33 #1)
id 16ttW2-00000Z-00; Sat, 06 Apr 2002 08:58:14 -0800
From: user@xxxxxxxxxxxxx
To:
Subject: blabla!
Date: Sat, 06 Apr 2002 09:51:29 -0500
X-Priority: 3
_______________
However, our user did not send any message around that time...
Now, by looking at the mail log we found (note that the times are GMT +2)
__________________
Apr 6 18:59:17 raq sendmail[3719]: SAA03719:
<payperview-user@xxxxxxxxxxxxx>... User unknown
Apr 6 18:59:17 raq sendmail[3719]: SAA03719: from=<>, size=6399, class=0,
pri=0, nrcpts=0, proto=ESMTP, relay=omr-r07.mx.aol.com [152.163.225.147]
_________________________
This is a bit confusing...
Any advice is highly appreciated.