Date: Thu, 23 Apr 1998 17:50:02 +0100 From: Karl Pielorz <kpielorz@tdx.co.uk> To: Blaine Minazzi <bminazzi@w3page.com> Cc: isp@FreeBSD.ORG Subject: Re: Whats this?? Message-ID: <353F713A.3600E6DE@tdx.co.uk> References: <353F6DE5.30C680DC@w3page.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Blaine Minazzi wrote: > > Maybe I am paranoid, but, I have been getting a LOT of these types of > messages in my mail log of late. I have firewalled the biggest > offender, who has made over 700 of these connects in the last day. I > found my system loaded, and LOTS of sendmail prcessess running when I > came in this morning. A tail -f of the maillog revealed all these > NOQUEUE Null connections being made every few seconds. > > Could someone please shed some light on what is ( or might ) be going on > here? > > Thanks in advance. > > Blaine > > Apr 23 04:40:55 xenu sendmail[9960]: NOQUEUE: Null connection from > www.abramstech.com [206.113.130.33] This means they attached to your SMTP port, and quit before saying 'HELO' or telling it to do anything... > Apr 23 09:16:21 xenu sendmail[615]: NOQUEUE: SYSERR(root): Cannot open > hash database /etc/mail/popauth.db: Inappropriate file type or format This might be worrying... It depends on your sendmail config, although if it's 'suddenly' appeared, it's your system - and you don't know what it is - then it might mean problems... Someone else may be able to shed more light on this one... If you find yourself open to sendmail abuse - have a look around www.sendmail.org - they have patches etc. for Sendmail which can stop your system from being used as a RELAY for other peoples mail (which is what it sounds like is happening to you!) - and for creating lists of known 'offenders' to blcok from Sendmail access etc. You should also check your running a recent version of sendmail, 8.8.6 is probably as old as I'd like to be running at the moment... ;-) Regards, Karl Pielorz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?353F713A.3600E6DE>