Weird messages in daily run report.
Matthew Seaman
m.seaman at infracaninophile.co.uk
Thu Apr 29 12:40:10 PDT 2004
On Thu, Apr 29, 2004 at 11:24:38AM -0700, samy lancher wrote:
> Hey,
> thanks for the response. what does messages like below mean?Are they generated from my server?.
>
> 4 CORNERSTONE.COMSMTPNEMETHL
> 1 cornerstone.comSubject
> 1 cornerstone.comSMTPsacsup
> 1 cornerstone.comSMTPgilest
> 1 cornerstone.comSMTProbertst
> 1 cornerstone.comSMTProbertse__substg1.0_300B0102
> 1 cornerstone.comSMTProbertse
> ....
> cornerstone.com being our domain name and the names after SMTP are our usernames.
>
It's not uncommon for spammers to spoof themselves as coming from the
domain they're trying to send to -- on many sites that will get them
past quite a lot of the anti-spam functionality.
However in your case, I think something may have written a lot of
garbled stuff to your /var/log/maillog, and the daily scripts are
getting confused and thinking those are e-mail addresses.
Either that, or a machine, either in your domain or belonging to
someone who corresponds with you by e-mail, has caught a virus and is
scouring its hard drive for anything that looks even vaguely like an
e-mail address and bombarding you with infected messages.
Quite a few of those addresses look a lot like message IDs to me,
which fits with either of those scenarios.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040429/1d5bd472/attachment.bin
More information about the freebsd-questions
mailing list