[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] raq4 sendmail lost input channel messages
- Subject: Re: [cobalt-users] raq4 sendmail lost input channel messages
- From: Josh Endries <jendries@xxxxxxxxxxxx>
- Date: Fri Nov 7 08:49:01 2003
- Organization: Pragmeta Networks
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Dan Kriwitsky wrote:
>>Nov 6 04:27:35 foo sendmail[1180]: hA69RUW01180: lost input channel
>>from 189.Red-80-32-82.pooles.rima-tde.net [80.32.82.189] to
>>MTA after rcpt
>>Nov 6 05:23:37 foo sendmail[3847]: hA6ANbW03847: lost input channel
>>from c-67-162-197-129.client.comcast.net [67.162.197.129] to
>>MTA after rcpt
>
>
> What is the line before those? Are you rejecting using a DNSBL or by
> domain in access? All of the sub-domains you show I have blocked and
> see the same line when I reject those in access.
First, thanks for the response.
Those two lines are actually separated by a lot of log messages. I
probably shouldn't have selected those two and lumped them together like
that, but here are the lines around the first one (client users/machines
are foo'd):
Nov 6 04:24:14 foo spamd[885]: clean message (0.0/8.0) for user:335 in
2.6 seconds, 3565 bytes.
Nov 6 04:24:14 foo sendmail[881]: hA69OBW00880: to=<user@xxxxxxx>,
delay=00:00:03, xdelay=00:00:03, mailer=local, pri=139120, dsn=2.0.0,
stat=Sent
Nov 6 04:24:46 foo in.qpopper[913]: (v?) POP login by user "user" at
(123.123.123.123) 123.123.123.123
Nov 6 04:27:32 foo sendmail[1180]: hA69RUW01180: <webmaster@xxxxxxx>...
No such user here
Nov 6 04:27:35 foo sendmail[1180]: hA69RUW01180: lost input channel
from 189.Red-80-32-82.pooles.rima-tde.net [80.32.82.189] to MTA after rcpt
Nov 6 04:27:35 foo sendmail[1180]: hA69RUW01180:
from=<eqfhtcx@xxxxxxxxx>, size=0, class=0, nrcpts=0, proto=SMTP,
daemon=MTA, relay=189.Red-80-32-82.pooles.rima-tde.net [80.32.82.189]
Nov 6 04:27:36 foo sendmail[1184]: hA69RaW01184:
from=<hostmOO@xxxxxxx>, size=1366, class=0, nrcpts=1,
msgid=<CODA1J6gCySkcpruTUB00052b65@xxxxxxxxxxxxxxxxxxxxxx>, proto=ESMTP,
daemon=MTA, relay=reverse.9.233.114.209.idealapps.com [209.114.233.9]
(may be forged)
Here are the lines regarding the second message:
Nov 6 05:23:37 foo sendmail[3847]: hA6ANbW03847: <info@xxxxxxx>... No
such user here
Nov 6 05:23:37 foo sendmail[3847]: hA6ANbW03847: lost input channel
from c-67-162-197-129.client.comcast.net [67.162.197.129] to MTA after rcpt
Nov 6 05:23:37 foo sendmail[3847]: hA6ANbW03847: from=<586m@xxxxxxxx>,
size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA,
relay=c-67-162-197-129.client.comcast.net [67.162.197.129]
It looks like spam to me, but I'm wondering if I shouldn't filter these
out in case something "legitimate" doesn't get caught. Currently the
machine isn't blocking anything, it's mainly a default setup with
"necessary" packages (like SSH).
I don't really know what you mean by "domain in access", but our
sendmail access file is default (localhost only?) with a few computers
listed for other machines we run -- no "custom additions". I've been
hesitant to install BLs because we were recently put on a local ISP's
list without good reason or notification or anything. We were removed a
couple days later, but it caused some problems for our users.
I guess I just don't want any false positives incorrectly blocking
emails for our users, so if there is a conservative BL I would consider
it. Since these mainly seem to be dial-up machines, using a dial-up list
may fix a large part of the problem. I honestly haven't done much
research on the various BLs or the system performance hits they create.
If you have any suggestions feel free to email me.
Thanks again!
--
Josh