Re: [cobalt-users] Re: Re: Re: [RaQ2] SMTP server failure after RaQ2-All-Security Release update

[Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>]

On Thursday 16 May 2002 10:27 pm, Mike Scioli wrote:

All the kernel and named messages are normal,
except you might want to look at the error to getting serial #, as those 
domains zone files may not be getting transfered to the slave nameserver


> /var/log/maillog is loaded with this (none of these IP addresses or e-mail
> adresses are known to me)
>
> May 16 08:17:28 paine sendmail[31427]: IAA31419: to=angus@xxxxxxxxxxxx,
> ctladdr=
> nobody (99/99), delay=00:00:38, xdelay=00:00:04, mailer=esmtp,
> relay=overland.ne
> t.overl...t.mail2.psmtp.com. [64.75.1.251], stat=Deferred: 451 Error while
> writi
> ng spool file
> May 16 08:17:29 paine sendmail[31427]: IAA31419: to=angus@xxxxxxx,
> ctladdr=nobod
> y (99/99), delay=00:00:39, xdelay=00:00:01, mailer=esmtp,
> relay=mail.tr.osg.net.
>  [204.244.179.200], stat=Sent (OK id=178KEm-0000zq-00)
> May 16 08:17:32 paine sendmail[31427]: IAA31419: to=angus@xxxxxxxxxxxxx,
> ctladdr
> =nobody (99/99), delay=00:00:42, xdelay=00:00:03, mailer=esmtp,
> relay=mx2.optonl
> ine.net. [167.206.5.3], stat=Sent (2.0.0 g4GCH2l24398 Message accepted for
> deliv
> ery)
> May 16 08:17:32 paine sendmail[31427]: IAA31419: IAA31427: DSN: User
> unknown May 16 08:17:32 paine sendmail[31427]: IAA31427: to=/dev/null,
> delay=00:00:00, x
> delay=00:00:00, mailer=*file*, stat=Sent
>
>
> The maillog and messages log files are somewhat over 6 MB.  Question: How
> can I download the tar.gz'd versions that preceded the current ones?

Yep, as Dan said someone is banging the h out of sendmail, probably one of 
your users is running an exploitable script or is sending all this stuff 
himself

-- 
Gerald Waugh 
http://www.frontstreetnetworks.com :: Phone. [011] 203.785.0699
Front Street Networks LLC | SOHO Networks & Web Site Hosting
229 Front Street, Ste. #C, New Haven, CT, 06513-3203 United States