Weird messages in daily run report.

Matthew Seaman m.seaman at
Thu Apr 29 12:40:10 PDT 2004

On Thu, Apr 29, 2004 at 11:24:38AM -0700, samy lancher wrote:
> Hey, 
> thanks for the response. what does messages like below mean?Are they generated from my server?.
> 1 cornerstone.comSubject
> 1 cornerstone.comSMTPsacsup
> 1 cornerstone.comSMTPgilest
> 1 cornerstone.comSMTProbertst
> 1 cornerstone.comSMTProbertse__substg1.0_300B0102
> 1 cornerstone.comSMTProbertse
> ....
> being our domain name and the names after SMTP are our usernames.

It's not uncommon for spammers to spoof themselves as coming from the
domain they're trying to send to -- on many sites that will get them
past quite a lot of the anti-spam functionality.

However in your case, I think something may have written a lot of
garbled stuff to your /var/log/maillog, and the daily scripts are
getting confused and thinking those are e-mail addresses.

Either that, or a machine, either in your domain or belonging to
someone who corresponds with you by e-mail, has caught a virus and is
scouring its hard drive for anything that looks even vaguely like an
e-mail address and bombarding you with infected messages.

Quite a few of those addresses look a lot like message IDs to me,
which fits with either of those scenarios.



Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP:         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-questions mailing list