[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] help with logcheck entries

Subject: Re: [cobalt-users] help with logcheck entries
From: "Fragga" <fragga@xxxxxxxxxxxx>
Date: Fri Oct 11 04:41:31 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

maybe.

but if you cant catch it coming from the outside
then would it be save to assume its originating
from somewhere on the inside and therefor may
lead back to what Gerald said regarding SMTP
lookups, etc. etc. ?

this is a long shot but could one of your users be trying to
send a mail to someone@xxxxxxxxx and its bouncing so its
sitting in the mail queue and retrying every hour or something ?

have u checked queued mail in /home/spool/mqueue ?

sorry i`ve ran out of ideas !

fragga



----- Original Message -----
From: "Andy Clyde, oxfordmusic.net" <andy.clyde@xxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Friday, October 11, 2002 6:17 AM
Subject: Re: [cobalt-users] help with logcheck entries


> >   Do you have any cron jobs running, say once an hour that forward mail
to
> >   some other server.
> >   SMTP does lookups and may be causing the entries.
> >   Also, the lame server is giving bad information or it may not be
> >   authorative for the domain
> >
>
> no, i only have 2 cron jobs on the server i have been monitoring - one is
> asp_monitor.sh and the other is a script that runs an asp script that
tidies
> up one of my databases. nothing that should involve email.
>
> > well if its occuring at the same time each hour then sniff the traffic
> just
> > before by using snort like -
> >
> >
> > and although you might catch some duff traffic you should see an entry
in
> > there like this -
> >
> </snip>
> >
> > again with ** as the requester and *** as your box.
> >
> > at least you can then track whos querying your DNS and it may provide
you
> > with a lead.
>
> did this (piped the output to a temporary file). there's nothing in the
file
> that matched xtrac or the IP address listed in the log entry.
>
> there is a load of ns stuff so i guess it's probably just some DNS server
> doing its rounds and finding the lame server. not sure exactly how these
> things work but its probably nothing to worry about, right?
>
> andy
>
>
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

Follow-Ups:
- Re: [cobalt-users] help with logcheck entries
  - From: Andy Clyde, oxfordmusic.net

References:
- Re: [cobalt-users] help with logcheck entries
  - From: Gerald Waugh
- Re: [cobalt-users] help with logcheck entries
  - From: Andy Clyde, oxfordmusic.net

Prev by Date: Re: [cobalt-users] help with logcheck entries
Next by Date: Re: [cobalt-users] help with logcheck entries
Previous by thread: Re: [cobalt-users] help with logcheck entries
Next by thread: Re: [cobalt-users] help with logcheck entries

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index