Date: Wed, 25 Jun 2014 13:40:49 -0700 From: Charles Swiger <cswiger@mac.com> To: Chris Maness <chris@chrismaness.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Strange Mailer Activity Message-ID: <1856A7B3-9C66-4441-AC01-F0C4DCFC04B0@mac.com> In-Reply-To: <CANnsUMFJn6OSqf22eNRgH0xKpYEAQxBiUpsqnY%2B554Jiw9BZiA@mail.gmail.com> References: <CANnsUMFJn6OSqf22eNRgH0xKpYEAQxBiUpsqnY%2B554Jiw9BZiA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 25, 2014, at 1:29 PM, Chris Maness <chris@chrismaness.com> wrote: > I am getting a lot of strange bounces in my inbox. I checked to make sure > that my mailer wasn't running as an open relay. > > Running #ps aux | less > > I see some possibilities of processes running sendmail. Is > ./s5N5AsEo003358 the file that is calling sendmail? > > root 6961 0.0 0.3 12864 5540 - I 12:24PM 0:00.18 sendmail: > ./s5N5AsEo003358 zb169.net.: user open (sendmail) Approximately. It's a sendmail queue ID; run mailq or look under /var/spool/mqueue/ if the mail is being queued locally. > There are also a lot of "to" entries in my maillog that don't look like > they are being sent from any of my users. Also, I no longer use my server > as a relay of any sort. Everyone is now using gmail to send, and my > friends have custom email domains that I host incoming mail for. This mail > is no longer spooled on my server. It is just redirected to their (and > my) google accounts. If the mail is from a single source, it's probably a spam run against a dictionary of common usernames @ your domain. If it consists of DSN failures coming from popular mail domains, then it's probably a spammer forging your domain and you're getting the bounces.... Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1856A7B3-9C66-4441-AC01-F0C4DCFC04B0>