From owner-freebsd-questions@FreeBSD.ORG Thu Apr 29 12:40:10 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66C8316A4CE for ; Thu, 29 Apr 2004 12:40:10 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 73F3D43D46 for ; Thu, 29 Apr 2004 12:40:08 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) i3TJe3kN008215 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 Apr 2004 20:40:03 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i3TJe3j6008214; Thu, 29 Apr 2004 20:40:03 +0100 (BST) (envelope-from matthew) Date: Thu, 29 Apr 2004 20:40:03 +0100 From: Matthew Seaman To: samy lancher Message-ID: <20040429194003.GA8051@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , samy lancher , Bill Moran , freebsd-questions@freebsd.org References: <409133F3.4030009@potentialtech.com> <20040429182438.19624.qmail@web60304.mail.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="17pEHd4RhPHOinZp" Content-Disposition: inline In-Reply-To: <20040429182438.19624.qmail@web60304.mail.yahoo.com> User-Agent: Mutt/1.5.6i X-Virus-Scanned: clamd / ClamAV version devel-20040420, clamav-milter version 0.70k X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: Bill Moran cc: freebsd-questions@freebsd.org Subject: Re: Weird messages in daily run report. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Apr 2004 19:40:10 -0000 --17pEHd4RhPHOinZp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 29, 2004 at 11:24:38AM -0700, samy lancher wrote: > Hey,=20 > thanks for the response. what does messages like below mean?Are they gene= rated from my server?. > =20 > 4 CORNERSTONE.COMSMTPNEMETHL > 1 cornerstone.comSubject > 1 cornerstone.comSMTPsacsup > 1 cornerstone.comSMTPgilest > 1 cornerstone.comSMTProbertst > 1 cornerstone.comSMTProbertse__substg1.0_300B0102 > 1 cornerstone.comSMTProbertse > .... > cornerstone.com being our domain name and the names after SMTP are our us= ernames. > =20 It's not uncommon for spammers to spoof themselves as coming from the domain they're trying to send to -- on many sites that will get them past quite a lot of the anti-spam functionality. However in your case, I think something may have written a lot of garbled stuff to your /var/log/maillog, and the daily scripts are getting confused and thinking those are e-mail addresses. Either that, or a machine, either in your domain or belonging to someone who corresponds with you by e-mail, has caught a virus and is scouring its hard drive for anything that looks even vaguely like an e-mail address and bombarding you with infected messages. Quite a few of those addresses look a lot like message IDs to me, which fits with either of those scenarios. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --17pEHd4RhPHOinZp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAkVoTdtESqEQa7a0RAhSGAJkBoevOsCn2WVbpSGECFQfcM84gdwCfcj6t LVDuSAAzd+650yMrhmfZlUo= =b3Dy -----END PGP SIGNATURE----- --17pEHd4RhPHOinZp--