Strange Mailer Activity
Charles Swiger
cswiger at mac.com
Wed Jun 25 20:40:52 UTC 2014
On Jun 25, 2014, at 1:29 PM, Chris Maness <chris at chrismaness.com> wrote:
> I am getting a lot of strange bounces in my inbox. I checked to make sure
> that my mailer wasn't running as an open relay.
>
> Running #ps aux | less
>
> I see some possibilities of processes running sendmail. Is
> ./s5N5AsEo003358 the file that is calling sendmail?
>
> root 6961 0.0 0.3 12864 5540 - I 12:24PM 0:00.18 sendmail:
> ./s5N5AsEo003358 zb169.net.: user open (sendmail)
Approximately. It's a sendmail queue ID; run mailq or look under /var/spool/mqueue/
if the mail is being queued locally.
> There are also a lot of "to" entries in my maillog that don't look like
> they are being sent from any of my users. Also, I no longer use my server
> as a relay of any sort. Everyone is now using gmail to send, and my
> friends have custom email domains that I host incoming mail for. This mail
> is no longer spooled on my server. It is just redirected to their (and
> my) google accounts.
If the mail is from a single source, it's probably a spam run against a
dictionary of common usernames @ your domain. If it consists of DSN failures
coming from popular mail domains, then it's probably a spammer forging your
domain and you're getting the bounces....
Regards,
--
-Chuck
More information about the freebsd-questions
mailing list