[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] What does sendmail exploit look like in logs?

Subject: Re: [cobalt-users] What does sendmail exploit look like in logs?
From: "Ian" <cobalt@xxxxxxxxxxxxx>
Date: Fri Mar 7 01:31:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On 6 Mar 2003 at 16:20, Paul Warner wrote:

> Just started getting flooded with these...is this the result of the latest
> sendmail exploit?
> 
> Mar  6 11:25:04 gizmo sendmail[9626]: NOQUEUE: nobody@[64.224.219.95] did
> not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

<snip>

> Paul

Hi Paul,

Those are just people connecting to the mail server then 
disconnecting.  Probably someone searching for an open relay.

The sendmail exploit looks like this in the logs ( picked one up 
yesterday ):

Mar  6 10:38:24 xxxx sendmail[836]: h26Ac6kQ000829: Dropped invalid 
comments from header address

The important bit is the 'Dropped invalid...'

Regards

Ian

References:
- [cobalt-users] What does sendmail exploit look like in logs?
  - From: Paul Warner

Prev by Date: Re: [cobalt-users] pafalertd and logsentry
Next by Date: Re: [cobalt-users] Raq550 DBI.pm install problems.
Previous by thread: RE: [cobalt-users] What does sendmail exploit look like in logs?
Next by thread: [cobalt-users] mysqladmin not working with PkgMaster RaQ3-RaQ4-MySQL-3.23.54-1.pkg

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index