Re: [cobalt-users] relay testing???

[Larry Smith <lesmith@xxxxxxxxx>]

On Tuesday 21 May 2002 02:25 pm, Gerald Waugh wrote:
> =-=-=-=-=-=-=-=-=-=
> May 21 14:10:43 fsn3 sendmail[2148]: g4LIAhF02148: ruleset=check_rcpt,
> Periodically I get the following error messages, from a domain on my
> servers, the domain is always a different one. Is this some kind of a spam
> test. (example.com)
>
>
> May 21 14:10:43 fsn3 sendmail[2148]: g4LIAhF02148: ruleset=check_rcpt,
> arg1=<postmaster@xxxxxxxxxxx>, relay=123-58-189-66.wo.cpe.charter-ne.com
> [66.189.58.123], reject=550 5.7.1 <postmaster@xxxxxxxxxxx>... Relaying
> denied.  Please check your mail first.
>
> May 21 14:10:43 fsn3 sendmail[2148]: g4LIAhF02148: ruleset=check_rcpt,
> arg1=<abuse@xxxxxxxxxxx>, relay=123-58-189-66.wo.cpe.charter-ne.com
> [66.189.58.123], reject=550 5.7.1 <abuse@xxxxxxxxxxx>... Relaying denied.
> Please check your mail first.
>
> May 21 14:10:43 fsn3 sendmail[2148]: g4LIAhF02148: ruleset=check_rcpt,
> arg1=<tested.from.38.211.127.210@xxxxxxxxxxx>,
> relay=123-58-189-66.wo.cpe.charter-ne.com [66.189.58.123], reject=550 5.7.1
> <tested.from.38.211.127.210@xxxxxxxxxxx>... Relaying denied.  Please check
> your mail first.

Hmmm,  if  123-58-189-66.wo.cpe.charter-ne.com (ip 66.189.58.123) is NOT one 
of your customers then I would say it is someone attempting to relay through 
your box.  

I  also know of _no_ customer even that would say "from" three different 
addresses in a row (postmaster@xxxxxxxxxxx; abuse@xxxxxxxxxxx; then 
tested.from.38.211.127.210@xxxxxxxxxxx )  - and if they are - then you have 
"other" issues (with that customer).

 SPAM sign...... or report the "attempted-relay" to charter.com and see if 
they will deal with them.

You might also check your logs (all of /var/log) and see if this ip/name 
shows up in any other logs.

Larry Smith
SysAd ECSIS.NET
sysad@xxxxxxxxx