[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] maillog shows email being sent from admin@localhost

Subject: RE: [cobalt-users] maillog shows email being sent from admin@localhost
From: "Phil Beynon" <Infolink@xxxxxxxxxxxxxxx>
Date: Tue Apr 9 19:45:12 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> > > I am receiving many log entries in /var/log/maillog that
> indicate it has
> > > been sent from admin@localhost to addresses at AOL. (I am
> admin and am not
> > > sending email from the localhost!) Just to be returned to
> admin mail box
> >as
> > > no user found. The admin email on the RaQ3 is filling at a phenominal
> >rate.
> > > Any clues who/how to stop this? I did reject all aol for the
> time being
> >but
> > > sendmail is continuously being started from an aol email server...
> > > Here is an entry from the log....
> > >
> ><SNIP>
> >
> >I had a situation on a site this past winter where, for reasons
> unknown to
> >me, one or more spammers used non-existent addresses at a domain
> I managed
> >as the <FROM> on their mass mailings.  While not
> exploiting/compromising my
> >system, it created a HUGE amount of mail.  At first there was a defined
> >catch-all so that account was getting 20k messages/day.  Once that was
> >deleted, there was still a traffic penalty with all the garbage trying to
> >come back.  Since the messages were bounce messages, they came from mail
> >servers all over, not the spammers!  I inspected messages and notified
> >admins where I could trace the original message back via the headers, as
> >well as contacting the companies in the content of the messages (who
> >generally hire someone to do their dirty work) and provided the
> >response-code embedded in the links to give credit to the spammer for a
> >successful hit.  After about a week, they moved on...maybe snuffed, maybe
> >satisfied with the havoc they had caused, maybe just moved on
> before I began
> >a crusade...AFAIK there is no way to stop this type of mischief.
>  Piping to
> >/dev/null still takes a bandwidth penalty on your site...
> >
> >________________________________
>
> Sounds like your machine is an open relay.  If you have pop before smtp
> turned on, they should not be able to send email through your machine
> without logging on to the machine.  I see people trying, but they
> get rejected.
>

A good reason why you have to check your logs!
If its a relay issue it will show in mail.log, if it's a script issue it
will show in web.log

After just having the same experiance myself over the weekend, you soon get
to understand what the logs are telling you! :-)
The huge amount of mail that comes back is from the AOL mail servers, saying
that sites are either full or unknown - this was in fact the first thing
that alerted me to what was happening.

Phil

http://www.diygear.com THE Online DIY Toolstore For DIY & Business
Infolink Electronic Systems Ltd. Suppliers of:- PC based Computer Systems,
Peripheral & Hardware, Plus Web Design & Cobalt Raq4 Hosting Solutions
Contact the Sales desk at  infolink@xxxxxxxxxxxxxxx or Tel 0121 458 4894
(office) 0121 441 3558 (home)

References:
- Re: [cobalt-users] maillog shows email being sent from admin@localhost
  - From: David Lucas

Prev by Date: Re: [cobalt-users] include.conf questions (httpd.conf) (solved)
Next by Date: Re: [cobalt-users] He's a good techie
Previous by thread: Re: [cobalt-users] maillog shows email being sent from admin@localhost
Next by thread: Re: [cobalt-users] maillog shows email being sent fromadmin@localhost

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index