Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 29 Apr 2004 20:40:03 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        samy lancher <washville2003@yahoo.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Weird messages in daily run report.
Message-ID:  <20040429194003.GA8051@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <20040429182438.19624.qmail@web60304.mail.yahoo.com>
References:  <409133F3.4030009@potentialtech.com> <20040429182438.19624.qmail@web60304.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--17pEHd4RhPHOinZp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Apr 29, 2004 at 11:24:38AM -0700, samy lancher wrote:
> Hey,=20
> thanks for the response. what does messages like below mean?Are they gene=
rated from my server?.
> =20
> 4 CORNERSTONE.COMSMTPNEMETHL
> 1 cornerstone.comSubject
> 1 cornerstone.comSMTPsacsup
> 1 cornerstone.comSMTPgilest
> 1 cornerstone.comSMTProbertst
> 1 cornerstone.comSMTProbertse__substg1.0_300B0102
> 1 cornerstone.comSMTProbertse
> ....
> cornerstone.com being our domain name and the names after SMTP are our us=
ernames.
> =20

It's not uncommon for spammers to spoof themselves as coming from the
domain they're trying to send to -- on many sites that will get them
past quite a lot of the anti-spam functionality.

However in your case, I think something may have written a lot of
garbled stuff to your /var/log/maillog, and the daily scripts are
getting confused and thinking those are e-mail addresses.

Either that, or a machine, either in your domain or belonging to
someone who corresponds with you by e-mail, has caught a virus and is
scouring its hard drive for anything that looks even vaguely like an
e-mail address and bombarding you with infected messages.

Quite a few of those addresses look a lot like message IDs to me,
which fits with either of those scenarios.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--17pEHd4RhPHOinZp
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAkVoTdtESqEQa7a0RAhSGAJkBoevOsCn2WVbpSGECFQfcM84gdwCfcj6t
LVDuSAAzd+650yMrhmfZlUo=
=b3Dy
-----END PGP SIGNATURE-----

--17pEHd4RhPHOinZp--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040429194003.GA8051>