[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] mail server not responding update:

Subject: RE: [cobalt-users] mail server not responding update:
From: jale@xxxxxxxxxx
Date: Wed Aug 28 17:12:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Just a thought.  I had the very same problem.  The SMTP server would not
respond temporarily due to heavy load.  The reason for the heavy load as it
turned out was that someone was using a FormMail.pl exploit to send spam
through our machine on a hosted customer's site.  Thousands of emails per
day! Totally anonymous spamming. It had me baffled for a while.  Look and
see if you have the FormMail.pl or FormMail.cgi script on your machine
anywhere and what version it is.

I did some scouting in the mailog - here are the entries that I thoughtwere of interest. Any able to tell me anything about what I am looking at(other than the obvious, it isn't working :)

The sitescope entry at the bottom is the program our host company uses tomonitor if our servers are alive ... it has been telling me that my SMTPserver is down periodically; although it is really obvious when I can'tsend any mail.


Anyone suspect a hard drive? I have no reason to necessarily think that.

THANKS!!!!!!
Jale, where I'll be if I don't solve this soon.
------------------

Aug 28 06:45:15 www imapd[31455]: Command stream end of file, while readingline

 user=Active_Monitor_69 host=localhost [127.0.0.1]

Aug 28 06:45:15 www in.qpopper[31457]: EOF from Active_Monitor_69 at127.0.0.1 (

localhost): [0] 2 (No such file or directory); 0 (Success)

Aug 28 06:45:15 www in.qpopper[31457]: Active_Monitor_69 at localhost(127.0.0.1

): -ERR POP EOF or I/O Error: 2 (No such file or directory); 0 (Success)

Aug 28 06:45:15 www sendmail[31458]: NOQUEUE: Null connection fromlocalhost [12

7.0.0.1]
------------------------
Aug 28 07:00:18 www imapd[32367]: imap service init from 127.0.0.1

Aug 28 07:00:18 www imapd[32367]: Login failure user=Active_Monitor_69host=loca

lhost [127.0.0.1]

Aug 28 07:00:21 www imapd[32367]: Command stream end of file, while readingline

 user=Active_Monitor_69 host=localhost [127.0.0.1]

Aug 28 07:00:23 www in.qpopper[32371]: EOF from Active_Monitor_69 at127.0.0.1 (

localhost): [0] 2 (No such file or directory); 0 (Success)

Aug 28 07:00:23 www in.qpopper[32371]: Active_Monitor_69 at localhost(127.0.0.1

): -ERR POP EOF or I/O Error: 2 (No such file or directory); 0 (Success)

Aug 28 07:00:23 www sendmail[32372]: NOQUEUE: Null connection fromlocalhost [12

7.0.0.1]
------------------------

Aug 28 07:10:54 www sendmail[485]: NOQUEUE: Null connection fromstdout-01.first

ratedeals.com [64.239.67.131]
------------------------

Aug 28 07:11:45 www in.qpopper[578]: (null) at sitescope.tellurian.net(216.182.

1.102): -ERR POP EOF or I/O Error: 29 (Illegal seek); 0 (Success)

References:
- [cobalt-users] mail server not responding update:
  - From: jale
- RE: [cobalt-users] mail server not responding update:
  - From: Joseph Brennskag

Prev by Date: Re: [cobalt-users] mod_perl and perl upgrade
Next by Date: Re: [cobalt-users] SHP
Previous by thread: RE: [cobalt-users] mail server not responding update:
Next by thread: [cobalt-users] Weird Pop3 errors

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index