Weird messages in daily run report.

Bill Moran wmoran at potentialtech.com
Thu Apr 29 12:29:26 PDT 2004 

samy lancher wrote:
> Hey,
> thanks for the response. what does messages like below mean?Are 
> they generated from my server?.
>  
> 4 CORNERSTONE.COMSMTPNEMETHL
> 1 cornerstone.comSubject
> 1 cornerstone.comSMTPsacsup
> 1 cornerstone.comSMTPgilest
> 1 cornerstone.comSMTProbertst
> 1 cornerstone.comSMTProbertse__substg1.0_300B0102
> 1 cornerstone.comSMTProbertse
> ....
> cornerstone.com being our domain name and the names after SMTP are our 
> usernames.

AFAIK, it's still machine names that were rejected.

While I haven't seen this myself, it's likely that spammers are hoping
to fool your server into relaying by using a domain name that matches
your own (in the hopes that this would convince the SMTP program that
it should relay email)

This is only a guess, though.  I don't know of any SMTP servers that
are vunlerable to such a trick, and I don't know that it's ever been
used before.  You might want to try subscribing to a more SMTP-related
list and asking there, as you may hit more people who are familiar
with this problem.

> */Bill Moran <wmoran at potentialtech.com>/* wrote:
> 
>     samy lancher wrote:
>      > Hello,
>      > I have a freeBSD 4.7, sendmail server. I use both IMAP,
>     squrrielmail and POP3, outlook.
>      > Today i got very strange messages under "Checking for rejected
>     mail hosts:" section in
>      > my daily run report . Everyday I used to get 3 to 4 messages in
>     this section but today
>      > i recevied alot. Lately the users are receiving lot of virus
>     emails too. Is there some
>      > thing i need to worry about?. Below are the messages i got in
>     todays daily report.
> 
>     These messages mean your mail server is refusing to relay mail for
>     the servers listed.
>     It's most likely someone hoping to hijack your server to relay spam.
>     The fact that
>     they're failing is A Good Thing.
> 
>      >
>      > mail in local queue:
>      > /var/spool/mqueue is empty
>      > Total requests: 0
>      > Mail in submit queue:
>      > /var/spool/clientmqueue is empty
>      > Total requests: 0
>      > Security check:
>      > (output mailed separately)
>      > Checking for rejected mail hosts:
>      > 4 CORNERSTONE.COMSMTPNEMETHL
>      > 2 cor__recip_version1.0_
>      > 2 168.com
>      > 1 tuftsr
>      > 1 mocke
>      > 1 relay.us.dnb.com
>      > 1 oh-design.com__recip_version1.0_
>      > 1 oh-design.com6
>      > 1 oh-design.c__recip_version1.0_
>      > 1 machiavelli.synacor.com
>      > 1 hertzcom.hertz.com
>      > 1 hertz__substg1.0_1035001E
>      > 1 heci.c__substg1.0_3003001E
>      > 1 gateway.2wire.net
>      > 1 dfw.cnsx.com
>      > 1 cornerstone__recip_version1.0_
>      > 1 cornerstone.comSubject
>      > 1 cornerstone.comSMTPsacsup
>      > 1 cornerstone.comSMTPgilest
>      > 1 cornerstone.comSMTProbertst
>      > 1 cornerstone.comSMTProbertse__substg1.0_300B0102
>      > 1 cornerstone.comSMTProbertse
>      > 1 cornerstone.c__substg1.0_0FFF0102
>      > 1 cornerstone.c__substg1.0_001A001E
>      > 1 cornerstone.c__recip_version1.0_
>      > 1 cornerstone.__recip_version1.0_
>      > 1 cornerstone__substg1.0_00430102
>      > 1 corners__substg1.0_300B0102
>      > 1 cor__substg1.0_300B0102
>      > 1 c__substg1.0_300B0102
>      > 1 c__substg1.0_0E1D001E
>      > 1 RxMore03.com
>      > 1 OUTGOING64.myaccountemail.com
>      > 1 OUTGOING136.myaccountemail.com
>      > 1 CONERSTONE.COM
>      > 1 6g4563q6f.com
>      > 1 247MedsRx.com
>      > 1 01C3504B.0E63
>      > 1 01C34952.33BA5020
>      > 1 01C33A5C.E217F910
>      > 1 01C31338.33CDAF80
>      > 1 01C30B51.824E1E40
>      > 1 01C2F79E.CFBBCCC0
>      > 1 01C2EEDD.5769A680
>      > 1 01C2D379.BEBF5930
>      > 1 01C2D288.B62CF4E0
>      > 1 01C2CCF8.78098240
>      > 1 01C2CCF4.5FBB1D60
>      > 1 01C2CCF3.6A077CB0
> 
> 
>     -- 
>     Bill Moran
>     Potential Technologies
>     http://www.potentialtech.com
>     _______________________________________________
>     freebsd-questions at freebsd.org mailing list
>     http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>     To unsubscribe, send any mail to
>     "freebsd-questions-unsubscribe at freebsd.org"
> 
> ------------------------------------------------------------------------
> Do you Yahoo!?
> Win a $20,000 Career Makeover at Yahoo! HotJobs 
> <http://pa.yahoo.com/*http://us.rd.yahoo.com/hotjobs/hotjobs_mail_signature_footer_textlink/evt=23983/*http://hotjobs.sweepstakes.yahoo.com/careermakeover> 
> 


-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com

More information about the freebsd-questions mailing list