Weird messages in daily run report.
m.seaman at infracaninophile.co.uk
Thu Apr 29 12:40:10 PDT 2004
On Thu, Apr 29, 2004 at 11:24:38AM -0700, samy lancher wrote:
> thanks for the response. what does messages like below mean?Are they generated from my server?.
> 4 CORNERSTONE.COMSMTPNEMETHL
> 1 cornerstone.comSubject
> 1 cornerstone.comSMTPsacsup
> 1 cornerstone.comSMTPgilest
> 1 cornerstone.comSMTProbertst
> 1 cornerstone.comSMTProbertse__substg1.0_300B0102
> 1 cornerstone.comSMTProbertse
> cornerstone.com being our domain name and the names after SMTP are our usernames.
It's not uncommon for spammers to spoof themselves as coming from the
domain they're trying to send to -- on many sites that will get them
past quite a lot of the anti-spam functionality.
However in your case, I think something may have written a lot of
garbled stuff to your /var/log/maillog, and the daily scripts are
getting confused and thinking those are e-mail addresses.
Either that, or a machine, either in your domain or belonging to
someone who corresponds with you by e-mail, has caught a virus and is
scouring its hard drive for anything that looks even vaguely like an
e-mail address and bombarding you with infected messages.
Quite a few of those addresses look a lot like message IDs to me,
which fits with either of those scenarios.
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040429/1d5bd472/attachment.bin
More information about the freebsd-questions