[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Mail is not working have I been hacked
- Subject: [cobalt-users] Mail is not working have I been hacked
- From: "Mitchell Essex" <emu@xxxxxxxxxxxxxx>
- Date: Sat Feb 22 06:13:02 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Hi,
I have had this problem for the last couple of days and have not received
the support from the datacentre we my server is located. I have recently
moved the server to some new IP addresses and have gained several new
customers. I am not sure if this is a DNS issue, but all my sites have
mail.domainname.com as the mailserver I have set the new sites up the same
way as any previous sites so I didn't think that this was the problem.
My mail has not been responding when I try to send a message to any of the
accounts on my server. I cannot receive mail when I login via webmail I
cannot see any message nor can I send any so I feel that sendmail is not
working correctly. I have restarted the server I have restart sendmail I
have deleted the /var/spool/mqueue/q1,q2,q3,q4
I have change the domain names to protect the innocent, the server has been
fully patched. I have 1 customer running a simple formmail script (not
Matt's Script but similar but it does rely on the domain name being local)
but I am removing this script until this is resolved.
The following is from
tail /var/log/messages
Feb 23 00:15:01 www proftpd[8926]: AllowChmod is deprecated, and will not
work c
onsistantly, use <Limit SITE_CHMOD> instead.
Feb 23 00:15:01 www proftpd[8926]: www.mymaindomain.com
(localhost[127.0.0.1]) - FTP se
ssion opened.
Feb 23 00:15:01 www proftpd[8926]: www.mymaindomain.com
(localhost[127.0.0.1]) - FTP se
ssion closed.
Feb 23 00:30:01 www proftpd[9605]: AllowChmod is deprecated, and will not
work c
onsistantly, use <Limit SITE_CHMOD> instead.
Feb 23 00:30:01 www proftpd[9605]: www.mymaindomain.com
(localhost[127.0.0.1]) - FTP se
ssion opened.
Feb 23 00:30:01 www proftpd[9605]: www.mymaindomain.com
(localhost[127.0.0.1]) - FTP se
ssion closed.
Feb 23 00:30:46 www named[487]: Cleaned cache of 0 RRsets
Feb 23 00:30:46 www named[487]: USAGE 1045920646 1045725850 CPU=0.97u/0.7s
CHILD
CPU=0u/0s
Feb 23 00:30:46 www named[487]: NSTATS 1045920646 1045725850 A=953 NS=7
CNAME=32
MX=575 AAAA=473 38=415 ANY=87
Feb 23 00:30:46 www named[487]: XSTATS 1045920646 1045725850 RR=356 RNXD=0
RFwdR
=190 RDupR=7 RFail=0 RFErr=0 RErr=0 RAXFR=0 RLame=0 ROpts=0 SSysQ=72
SAns=3457 S
FwdQ=151 SDupQ=51 SErr=0 RQ=3497 RIQ=0 RFwdQ=151 RDupQ=29 RTCP=0 SFwdR=190
SFail
=0 SFErr=0 SNaAns=1132 SNXD=15 RUQ=0 RURQ=0 RUXFR=0 RUUpd=0
The following is from
tail /var/log/maillog
Feb 23 00:40:15 www sendmail[9967]: h1MDbX709967: ruleset=check_mail,
arg1=<beginners-cgi-return-8138-admin=mysite1domain.com.au@xxxxxxxx>,
relay=[64.70.54.95], reject=451 4.1.8
<beginners-cgi-return-8138-admin=mysite1domain.com.au@xxxxxxxx>... Domain of
sender address beginners-cgi-return-8138-admin=mysite1domain.com.au@xxxxxxxx
does not resolve
Feb 23 00:40:15 www sendmail[9967]: h1MDbX709967:
from=<beginners-cgi-return-8138-admin=mysite1domain.com.au@xxxxxxxx>,
size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=[64.70.54.95]
Feb 23 00:40:47 www sendmail[10023]: h1MDc6710023: ruleset=check_mail,
arg1=<joanstev@xxxxxxxxxxxxxxxxxxxxxxxx>, relay=[203.1.72.90], reject=451
4.1.8 <joanstev@xxxxxxxxxxxxxxxxxxxxxxxx>... Domain of sender address
joanstev@xxxxxxxxxxxxxxxxxxxxxxxx does not resolve
Feb 23 00:40:47 www sendmail[10023]: h1MDc6710023:
from=<joanstev@xxxxxxxxxxxxxxxxxxxxxxxx>, size=175030, class=0, nrcpts=0,
proto=ESMTP, daemon=MTA, relay=[203.1.72.90]
Feb 23 00:40:49 www sendmail[10024]: h1MDc9710024: ruleset=check_mail,
arg1=<lcoleman@xxxxxxxxxxxxxxxxxxxxxxxx>, relay=[203.1.72.90], reject=451
4.1.8 <lcoleman@xxxxxxxxxxxxxxxxxxxxxxxx>... Domain of sender address
lcoleman@xxxxxxxxxxxxxxxxxxxxxxxx does not resolve
Feb 23 00:40:49 www sendmail[10024]: h1MDc9710024:
from=<lcoleman@xxxxxxxxxxxxxxxxxxxxxxxx>, size=172207, class=0, nrcpts=0,
proto=ESMTP, daemon=MTA, relay=[203.1.72.90]
Feb 23 00:40:49 www sendmail[10025]: h1MDc9710025: ruleset=check_mail,
arg1=<lcoleman@xxxxxxxxxxxxxxxxxxxxxxxx>, relay=[203.1.72.90], reject=451
4.1.8 <lcoleman@xxxxxxxxxxxxxxxxxxxxxxxx>... Domain of sender address
lcoleman@xxxxxxxxxxxxxxxxxxxxxxxx does not resolve
Feb 23 00:40:49 www sendmail[10025]: h1MDc9710025:
from=<lcoleman@xxxxxxxxxxxxxxxxxxxxxxxx>, size=172073, class=0, nrcpts=0,
proto=ESMTP, daemon=MTA, relay=[203.1.72.90]
Feb 23 00:40:51 www sendmail[10026]: h1MDcA710026: ruleset=check_mail,
arg1=<lcoleman@xxxxxxxxxxxxxxxxxxxxxxxx>, relay=[203.1.72.90], reject=451
4.1.8 <lcoleman@xxxxxxxxxxxxxxxxxxxxxxxx>... Domain of sender address
lcoleman@xxxxxxxxxxxxxxxxxxxxxxxx does not resolve
Feb 23 00:40:51 www sendmail[10026]: h1MDcA710026:
from=<lcoleman@xxxxxxxxxxxxxxxxxxxxxxxx>, size=172202, class=0, nrcpts=0,
proto=ESMTP, daemon=MTA, relay=[203.1.72.90]
I have several very annoyed customers and I am losing sleep (and hair) over
this.
Thank you,
Mitch