Date: Thu, 29 Apr 2004 15:26:58 -0400 From: Bill Moran <wmoran@potentialtech.com> To: samy lancher <washville2003@yahoo.com> Cc: freebsd-questions@freebsd.org Subject: Re: Weird messages in daily run report. Message-ID: <40915702.6030201@potentialtech.com> In-Reply-To: <20040429182438.19624.qmail@web60304.mail.yahoo.com> References: <20040429182438.19624.qmail@web60304.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
samy lancher wrote: > Hey, > thanks for the response. what does messages like below mean?Are > they generated from my server?. > > 4 CORNERSTONE.COMSMTPNEMETHL > 1 cornerstone.comSubject > 1 cornerstone.comSMTPsacsup > 1 cornerstone.comSMTPgilest > 1 cornerstone.comSMTProbertst > 1 cornerstone.comSMTProbertse__substg1.0_300B0102 > 1 cornerstone.comSMTProbertse > .... > cornerstone.com being our domain name and the names after SMTP are our > usernames. AFAIK, it's still machine names that were rejected. While I haven't seen this myself, it's likely that spammers are hoping to fool your server into relaying by using a domain name that matches your own (in the hopes that this would convince the SMTP program that it should relay email) This is only a guess, though. I don't know of any SMTP servers that are vunlerable to such a trick, and I don't know that it's ever been used before. You might want to try subscribing to a more SMTP-related list and asking there, as you may hit more people who are familiar with this problem. > */Bill Moran <wmoran@potentialtech.com>/* wrote: > > samy lancher wrote: > > Hello, > > I have a freeBSD 4.7, sendmail server. I use both IMAP, > squrrielmail and POP3, outlook. > > Today i got very strange messages under "Checking for rejected > mail hosts:" section in > > my daily run report . Everyday I used to get 3 to 4 messages in > this section but today > > i recevied alot. Lately the users are receiving lot of virus > emails too. Is there some > > thing i need to worry about?. Below are the messages i got in > todays daily report. > > These messages mean your mail server is refusing to relay mail for > the servers listed. > It's most likely someone hoping to hijack your server to relay spam. > The fact that > they're failing is A Good Thing. > > > > > mail in local queue: > > /var/spool/mqueue is empty > > Total requests: 0 > > Mail in submit queue: > > /var/spool/clientmqueue is empty > > Total requests: 0 > > Security check: > > (output mailed separately) > > Checking for rejected mail hosts: > > 4 CORNERSTONE.COMSMTPNEMETHL > > 2 cor__recip_version1.0_ > > 2 168.com > > 1 tuftsr > > 1 mocke > > 1 relay.us.dnb.com > > 1 oh-design.com__recip_version1.0_ > > 1 oh-design.com6 > > 1 oh-design.c__recip_version1.0_ > > 1 machiavelli.synacor.com > > 1 hertzcom.hertz.com > > 1 hertz__substg1.0_1035001E > > 1 heci.c__substg1.0_3003001E > > 1 gateway.2wire.net > > 1 dfw.cnsx.com > > 1 cornerstone__recip_version1.0_ > > 1 cornerstone.comSubject > > 1 cornerstone.comSMTPsacsup > > 1 cornerstone.comSMTPgilest > > 1 cornerstone.comSMTProbertst > > 1 cornerstone.comSMTProbertse__substg1.0_300B0102 > > 1 cornerstone.comSMTProbertse > > 1 cornerstone.c__substg1.0_0FFF0102 > > 1 cornerstone.c__substg1.0_001A001E > > 1 cornerstone.c__recip_version1.0_ > > 1 cornerstone.__recip_version1.0_ > > 1 cornerstone__substg1.0_00430102 > > 1 corners__substg1.0_300B0102 > > 1 cor__substg1.0_300B0102 > > 1 c__substg1.0_300B0102 > > 1 c__substg1.0_0E1D001E > > 1 RxMore03.com > > 1 OUTGOING64.myaccountemail.com > > 1 OUTGOING136.myaccountemail.com > > 1 CONERSTONE.COM > > 1 6g4563q6f.com > > 1 247MedsRx.com > > 1 01C3504B.0E63 > > 1 01C34952.33BA5020 > > 1 01C33A5C.E217F910 > > 1 01C31338.33CDAF80 > > 1 01C30B51.824E1E40 > > 1 01C2F79E.CFBBCCC0 > > 1 01C2EEDD.5769A680 > > 1 01C2D379.BEBF5930 > > 1 01C2D288.B62CF4E0 > > 1 01C2CCF8.78098240 > > 1 01C2CCF4.5FBB1D60 > > 1 01C2CCF3.6A077CB0 > > > -- > Bill Moran > Potential Technologies > http://www.potentialtech.com > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > ------------------------------------------------------------------------ > Do you Yahoo!? > Win a $20,000 Career Makeover at Yahoo! HotJobs > <http://pa.yahoo.com/*http://us.rd.yahoo.com/hotjobs/hotjobs_mail_signature_footer_textlink/evt=23983/*http://hotjobs.sweepstakes.yahoo.com/careermakeover> > -- Bill Moran Potential Technologies http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40915702.6030201>