[Wlug] Possible sendmail attack?
Dick Goodman
wlug at goodman1.net
Fri Jan 12 00:15:16 EST 2007
I have four servers on 3 different DSL lines running RedHat 7.3 with
sendmail 8.11.6
I was on vacation at the time, but mid-day (13:00) on January 9th all of
them started behaving wierdly.
Instead of the occassional email, perhaps 95% of all incoming emails now
show in the log as follows:
Jan 9 09:41:17 bach sendmail[25179]: NOQUEUE: mail5.schaeffer.com
[24.106.95.27] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan 11 00:02:12 bach sendmail[14018]: NOQUEUE: h11009.upc-h.chello.nl
[62.194.11.9] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan 11 00:10:44 bach sendmail[14127]: NOQUEUE:
bay0-omc2-s35.bay0.hotmail.com [65.54.246.171] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan 11 00:13:23 bach sendmail[14148]: NOQUEUE: root at localhost did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan 11 00:13:50 bach sendmail[14151]: NOQUEUE:
84.95.106.53.cable.012.net.il [84.95.106.53] did notissue
MAIL/EXPN/VRFY/ETRN during connection to MTA
The first one is legitimate mail, the others appear to be spam
Much of the 50K pieces/month of spam I get are being trapped at the server
in this manner before even getting to my spam filters (a good thing), but
while some legitimate email is getting through, some is being rejected with
this kind of message.
Does anyone (a) have any idea what's happening here (b) have any idea how
to fix it.
Need more info? Just ask.
Dick
More information about the Wlug
mailing list