[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Interpreting sendmail maillogs

Subject: RE: [cobalt-users] Interpreting sendmail maillogs
From: Bob G7 <Bob_G7@xxxxxxxxxx>
Date: Sat Apr 6 18:21:00 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of David Lucas
Sent: Saturday, April 06, 2002 11:29 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] Interpreting sendmail maillogs


At 03:15 PM 4/6/2002, you wrote:
>I might have looked at the wrong places, so far, and it might belong into
>the FAQ, but I am looking for resources helping me interpret the sendmail
>maillog on the RAQ-3.
>
>We have a rather strange incident recently, where the client received an
>address not found response from aol.com. By checking the header of the
>message we found:
>
>Note that the user and the domain have been changed to user@xxxxxxxxxxxxx
>
>
>_______________
>
>
>
>Received: from  falcon.prod.itd.earthlink.net
>(falcon.mail.pas.earthlink.net [207.217.120.74]) by rly-xh04.mx.aol.com
>(v84.10) with ESMTP id MAILRELAYINXH49-0406122947; Sat, 06 Apr 2002
>12:29:47 1900
>Received: from sdn-ar-001nybuffp260.dialsprint.net ([168.191.115.22]
>helo=helo)
>         by falcon.prod.itd.earthlink.net with smtp (Exim 3.33 #1)
>         id 16ttW2-00000Z-00; Sat, 06 Apr 2002 08:58:14 -0800
>From: user@xxxxxxxxxxxxx
>To:
>Subject: blabla!
>Date: Sat, 06 Apr 2002 09:51:29 -0500
>X-Priority: 3
>
>
>_______________
>
>However, our user did not send any message around that time...
>
>
>Now, by looking at the mail log we found (note that the times are GMT +2)
>
>__________________
>
>Apr  6 18:59:17 raq sendmail[3719]: SAA03719:
><payperview-user@xxxxxxxxxxxxx>... User unknown
>Apr  6 18:59:17 raq sendmail[3719]: SAA03719: from=<>, size=6399, class=0,
>pri=0, nrcpts=0, proto=ESMTP, relay=omr-r07.mx.aol.com [152.163.225.147]
>
>
>_________________________
>
>
>This is a bit confusing...
>
>Any advice is highly appreciated.
>
>Sounds like someone is trying to send email through your sever using a
>real
>users name or client name.  I have seen the same thing.  I also get
>mail sent to all sorts of names with my domain at the end or from
>them.  Just make sure you have relaying turned off and all these
> entries will be people trying to use your server where they
>shouldn't.

I had something like that happen to me, I got a whole rash of bounced emails
deom AOL and Yahoo. Turned out someone scaned my form's pages, and was
somehow using my formail.pl to send spam mail. My fix was to rename
formail.pl to something_else.pl and modify my form's pages to match. That
way the next time they tried it, it all got bounced somewhere else, never
hit my server other that to look for formail.pl.

So if your client is using formail.pl, try renaming it and modifying the
pages to point to the renamed file.

Bob G.

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- Re: [cobalt-users] Interpreting sendmail maillogs
  - From: David Lucas

Prev by Date: [cobalt-users] For SMTP do we need to do email forwarding
Next by Date: [cobalt-users] Admin FTP
Previous by thread: Re: [cobalt-users] Interpreting sendmail maillogs
Next by thread: [cobalt-users] Apache 2.0 Stable

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index