RE: [cobalt-users] odd spamming problem

["Dan Kriwitsky" <list1@xxxxxxxxxxxxxxxxxxxx>]

> 
> Jun 25 09:13:29 crux sendmail[28247]: h5ONDTN28247: 
> from=<tease4KMo@xxxxxxxxxxxxxx>, size=5398, class=0, 
> nrcpts=1, msgid=<200306242313.h5ONDTN28247@xxxxxxxxxxx>,
> proto=SMTP, daemon=MTA, relay=localhost [127.0.0.1]
> Jun 25 09:13:30 crux sendmail[28251]: h5ONDUN28251: 
> from=<tease4r2c@xxxxxxxxxxxxxx>, size=5398, class=0, 
> nrcpts=1, msgid=<200306242313.h5ONDUN28251@xxxxxxxxxxx>,
> proto=SMTP, daemon=MTA, relay=localhost [127.0.0.1]
> Jun 25 09:13:31 crux sendmail[28249]: h5ONDTN28247: 
> to=<dennis381@xxxxxxx>, delay=00:00:02, xdelay=00:00:02, 
> mailer=esmtp, pri=35398, relay=smtpin.mx.xxx.net. 
> [209.240.213.109], dsn=2.0.0, stat=Sent (Ok: queued as 
> 41D5BFE23) Jun 25 09:13:35 crux sendmail[28253]: 
> h5ONDUN28251: to=<berati@xxxxxxx>, delay=00:00:05, 
> xdelay=00:00:05, mailer=esmtp, pri=35398, 
> relay=booster.xxx.hu. [212.75.128.38], dsn=5.1.1, stat=User 
> unknown Jun 25 09:13:36 crux sendmail[28260]: h5ONDaN28260: 
> from=<teasePcLN@xxxxxxxxxxxxxx>, size=5400, class=0, 
> nrcpts=1, msgid=<200306242313.h5ONDaN28260@xxxxxxxxxxx>,
> proto=SMTP, daemon=MTA, relay=localhost [127.0.0.1]
> Jun 25 09:13:36 crux sendmail[28262]: h5ONDaN28260: 
> to=<george.jones@xxxxxxx>, delay=00:00:00, xdelay=00:00:00, 
> mailer=esmtp, pri=35400, relay=mail.xxx.net. [205.173.230.2], 
> dsn=4.0.0,
> stat=Deferred: Connection refused by mail.tins.net.
> 
> Anyone have any ideas on how to investigate further
> and hopefully close up the hole?

grep 09:13:29 /var/log/httpd/access
See if there's a CGI script being hit at that time. Or just 09:13 incase
it takes a couple seconds to process.

-- 
C2003 Dan Kriwitsky

Please reply to the list only. Off list replies are not read.