From owner-freebsd-isp Thu Apr 23 10:04:02 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA10061 for freebsd-isp-outgoing; Thu, 23 Apr 1998 10:04:02 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mailgate22.a001.sprintmail.com (mailgate22-hme0.a001.sprintmail.com [205.137.196.54]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id KAA10000 for ; Thu, 23 Apr 1998 10:03:56 -0700 (PDT) (envelope-from bminazzi@w3page.com) Received: by mailgate22.a001.sprintmail.com (SMI-8.6/SMI-SVR4) id KAA15706; Thu, 23 Apr 1998 10:03:20 -0700 X-Complaints-To: abuse@sprintmail.com Received: from sdn-ts-001coaurop16.dialsprint.net(206.133.160.35) by mailfep2-hme1 via dsmap-1.22 id Q_10.1.1.6/Q_12567_1_353f7427; Thu, 23 Apr 1998 10:02:32 -0700 Message-ID: <353F747F.421098FA@w3page.com> Date: Thu, 23 Apr 1998 11:03:59 -0600 From: Blaine Minazzi Organization: What, me organized? X-Mailer: Mozilla 3.01 (X11; I; Linux 2.0.32 i486) MIME-Version: 1.0 To: ISP@FreeBSD.ORG Subject: Re: Whats this?? References: <353F6DE5.30C680DC@w3page.com> <353F713A.3600E6DE@tdx.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Karl Pielorz wrote: > This means they attached to your SMTP port, and quit before saying 'HELO' or > telling it to do anything... > > > Apr 23 09:16:21 xenu sendmail[615]: NOQUEUE: SYSERR(root): Cannot open > > hash database /etc/mail/popauth.db: Inappropriate file type or format > > This might be worrying... It depends on your sendmail config, although if > it's 'suddenly' appeared, it's your system - and you don't know what it is - > then it might mean problems... Someone else may be able to shed more light > on this one... > > If you find yourself open to sendmail abuse - have a look around > www.sendmail.org - they have patches etc. for Sendmail which can stop your > system from being used as a RELAY for other peoples mail (which is what it > sounds like is happening to you!) - and for creating lists of known > 'offenders' to blcok from Sendmail access etc. > > You should also check your running a recent version of sendmail, 8.8.6 is > probably as old as I'd like to be running at the moment... ;-) Thanks... I currently have 8.8.8, with the anti relaying patches also the RBL stuff, with POP Before Sendmail so my customers can relay, but no one else... I also maintain a list of annoying IP addresses that I deny mail access to. But, last night I have recieved over 700 of these connections, and was concerned that there might be some form of attack going on, Since I found the system loaded down with sendmail processes, with lots of open connections. I thought perhaps there might be some new hole that someone is using to do a D.O.S. attack, or, a new way to get around my anti-spam, anti-relay patches. Blaine. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message