From owner-freebsd-isp  Thu Apr 23 09:50:17 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA07015
          for freebsd-isp-outgoing; Thu, 23 Apr 1998 09:50:17 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from caladan.tdx.co.uk (caladan.tdx.co.uk [195.188.177.4])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA07010
          for <isp@FreeBSD.ORG>; Thu, 23 Apr 1998 09:50:12 -0700 (PDT)
          (envelope-from kpielorz@tdx.co.uk)
Received: from tdx.co.uk (lorca-tx.tdx.co.uk [195.188.177.242])
	by caladan.tdx.co.uk (8.8.8/8.8.8) with ESMTP id RAA18342;
	Thu, 23 Apr 1998 17:50:02 +0100 (BST)
	(envelope-from kpielorz@tdx.co.uk)
Message-ID: <353F713A.3600E6DE@tdx.co.uk>
Date: Thu, 23 Apr 1998 17:50:02 +0100
From: Karl Pielorz <kpielorz@tdx.co.uk>
Organization: TDX
X-Mailer: Mozilla 4.04 [en] (WinNT; I)
MIME-Version: 1.0
To: Blaine Minazzi <bminazzi@w3page.com>
CC: isp@FreeBSD.ORG
Subject: Re: Whats this??
References: <353F6DE5.30C680DC@w3page.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Blaine Minazzi wrote:
> 
> Maybe I am paranoid, but, I have been getting a LOT of these types of
> messages in my mail log of late.  I have firewalled the biggest
> offender, who has made over 700 of these connects in the last day.  I
> found my system loaded, and LOTS of sendmail prcessess running when I
> came in this morning.  A tail -f of the maillog revealed all these
> NOQUEUE Null connections being made every few seconds.
> 
> Could someone please shed some light on what is ( or might ) be going on
> here?
> 
> Thanks in advance.
> 
> Blaine
> 
> Apr 23 04:40:55 xenu sendmail[9960]: NOQUEUE: Null connection from
> www.abramstech.com [206.113.130.33]

This means they attached to your SMTP port, and quit before saying 'HELO' or
telling it to do anything...

> Apr 23 09:16:21 xenu sendmail[615]: NOQUEUE: SYSERR(root): Cannot open
> hash database /etc/mail/popauth.db: Inappropriate file type or format

This might be worrying... It depends on your sendmail config, although if
it's 'suddenly' appeared, it's your system - and you don't know what it is -
then it might mean problems... Someone else may be able to shed more light
on this one...

If you find yourself open to sendmail abuse - have a look around
www.sendmail.org - they have patches etc. for Sendmail which can stop your
system from being used as a RELAY for other peoples mail (which is what it
sounds like is happening to you!) - and for creating lists of known
'offenders' to blcok from Sendmail access etc.

You should also check your running a recent version of sendmail, 8.8.6 is
probably as old as I'd like to be running at the moment... ;-)

Regards,

Karl Pielorz

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message