Weird messages in daily run report.
Bill Moran
wmoran at potentialtech.com
Thu Apr 29 12:29:26 PDT 2004
samy lancher wrote:
> Hey,
> thanks for the response. what does messages like below mean?Are
> they generated from my server?.
>
> 4 CORNERSTONE.COMSMTPNEMETHL
> 1 cornerstone.comSubject
> 1 cornerstone.comSMTPsacsup
> 1 cornerstone.comSMTPgilest
> 1 cornerstone.comSMTProbertst
> 1 cornerstone.comSMTProbertse__substg1.0_300B0102
> 1 cornerstone.comSMTProbertse
> ....
> cornerstone.com being our domain name and the names after SMTP are our
> usernames.
AFAIK, it's still machine names that were rejected.
While I haven't seen this myself, it's likely that spammers are hoping
to fool your server into relaying by using a domain name that matches
your own (in the hopes that this would convince the SMTP program that
it should relay email)
This is only a guess, though. I don't know of any SMTP servers that
are vunlerable to such a trick, and I don't know that it's ever been
used before. You might want to try subscribing to a more SMTP-related
list and asking there, as you may hit more people who are familiar
with this problem.
> */Bill Moran <wmoran at potentialtech.com>/* wrote:
>
> samy lancher wrote:
> > Hello,
> > I have a freeBSD 4.7, sendmail server. I use both IMAP,
> squrrielmail and POP3, outlook.
> > Today i got very strange messages under "Checking for rejected
> mail hosts:" section in
> > my daily run report . Everyday I used to get 3 to 4 messages in
> this section but today
> > i recevied alot. Lately the users are receiving lot of virus
> emails too. Is there some
> > thing i need to worry about?. Below are the messages i got in
> todays daily report.
>
> These messages mean your mail server is refusing to relay mail for
> the servers listed.
> It's most likely someone hoping to hijack your server to relay spam.
> The fact that
> they're failing is A Good Thing.
>
> >
> > mail in local queue:
> > /var/spool/mqueue is empty
> > Total requests: 0
> > Mail in submit queue:
> > /var/spool/clientmqueue is empty
> > Total requests: 0
> > Security check:
> > (output mailed separately)
> > Checking for rejected mail hosts:
> > 4 CORNERSTONE.COMSMTPNEMETHL
> > 2 cor__recip_version1.0_
> > 2 168.com
> > 1 tuftsr
> > 1 mocke
> > 1 relay.us.dnb.com
> > 1 oh-design.com__recip_version1.0_
> > 1 oh-design.com6
> > 1 oh-design.c__recip_version1.0_
> > 1 machiavelli.synacor.com
> > 1 hertzcom.hertz.com
> > 1 hertz__substg1.0_1035001E
> > 1 heci.c__substg1.0_3003001E
> > 1 gateway.2wire.net
> > 1 dfw.cnsx.com
> > 1 cornerstone__recip_version1.0_
> > 1 cornerstone.comSubject
> > 1 cornerstone.comSMTPsacsup
> > 1 cornerstone.comSMTPgilest
> > 1 cornerstone.comSMTProbertst
> > 1 cornerstone.comSMTProbertse__substg1.0_300B0102
> > 1 cornerstone.comSMTProbertse
> > 1 cornerstone.c__substg1.0_0FFF0102
> > 1 cornerstone.c__substg1.0_001A001E
> > 1 cornerstone.c__recip_version1.0_
> > 1 cornerstone.__recip_version1.0_
> > 1 cornerstone__substg1.0_00430102
> > 1 corners__substg1.0_300B0102
> > 1 cor__substg1.0_300B0102
> > 1 c__substg1.0_300B0102
> > 1 c__substg1.0_0E1D001E
> > 1 RxMore03.com
> > 1 OUTGOING64.myaccountemail.com
> > 1 OUTGOING136.myaccountemail.com
> > 1 CONERSTONE.COM
> > 1 6g4563q6f.com
> > 1 247MedsRx.com
> > 1 01C3504B.0E63
> > 1 01C34952.33BA5020
> > 1 01C33A5C.E217F910
> > 1 01C31338.33CDAF80
> > 1 01C30B51.824E1E40
> > 1 01C2F79E.CFBBCCC0
> > 1 01C2EEDD.5769A680
> > 1 01C2D379.BEBF5930
> > 1 01C2D288.B62CF4E0
> > 1 01C2CCF8.78098240
> > 1 01C2CCF4.5FBB1D60
> > 1 01C2CCF3.6A077CB0
>
>
> --
> Bill Moran
> Potential Technologies
> http://www.potentialtech.com
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
> ------------------------------------------------------------------------
> Do you Yahoo!?
> Win a $20,000 Career Makeover at Yahoo! HotJobs
> <http://pa.yahoo.com/*http://us.rd.yahoo.com/hotjobs/hotjobs_mail_signature_footer_textlink/evt=23983/*http://hotjobs.sweepstakes.yahoo.com/careermakeover>
>
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
More information about the freebsd-questions
mailing list