Date: Tue, 25 Apr 2000 21:56:29 -0700 (PDT) From: Michael <cadaver@tucu.net> To: Chris Fedde <chris@fedde.littleton.co.us> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Need help reading my maillog Message-ID: <Pine.BSF.4.10.10004252149380.31128-100000@tucu.net> In-Reply-To: <200004260316.e3Q3GOi01208@fedde.littleton.co.us>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Apr 2000, Chris Fedde wrote: > On Tue, 25 Apr 2000 17:18:37 -0700 (PDT) Michael wrote: > +------------------ > | Apr 25 10:09:52 tucu sendmail[29625]: KAA29625: ruleset=check_mail, > | arg1=<mike1123@2hb.ne>, relay=lucy.fukuda.is.uec.ac.jp [130.153.154.151], > reject=501 <mike1123@2hb.ne>... Sender domain must exist > | Apr 25 10:09:52 tucu sendmail[29625]: KAA29625: from=<mike1123@2hb.ne>, > | size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, > | relay=lucy.fukuda.is.uec.ac.jp [130.153.154.151] > | > | Apr 25 13:46:42 tucu sendmail[29869]: NAA29869: ruleset=check_mail, > | arg1=<mike1123@2hb.ne>, relay=IDENT:root@olderman.analytic.ru > | [212.5.87.200], reject=501 <mike1123@2hb.ne>... Sender domain must exist > | Apr 25 13:46:42 tucu sendmail[29869]: NAA29869: from=<mike1123@2hb.ne>, > | size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, > | relay=IDENT:root@olderman.analytic.ru [212.5.87.200] > +------------------ > > After looking at this closer I think that I have a better scenario > of what is going on here. In the first case someone apparently at > at lucy.fukuda.is.uec.ac.jp attempted to queue mail for mike1123@2hb.ne on > tucu. That mail was rejected and no mail was ever queued. > The second case is another occurance of the same thing from a different > address. Are there any other records for either envelope? > > That both have the same from= is puzzling. I'm wondering if this is part > of a probe from one of the mail spamming tools. > > good luck > chris > -- > Chris Fedde > 303 773 9134 I don't have records of any envelopes but I came to the same conclusion you did after messing around a bit. I used rlytest from the ports collection and test both lucy.fukuda.is.uec.ac.jp and olderman.analytic.ru. I couldn't connect to the ac.jp host but the russian host relays mail. I think someone was trying to realy mail through me using mike1123@2hb.ne as a forged From: address. I don't think anything bad happened to my system and I am going to take the advice of Bryan Bradsby and install RBL, DUL, RSS. thanks for everyones help, michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10004252149380.31128-100000>