are my spam rules working?

Scott Kindley Mon, 6 Mar 2000 03:53:33 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I run logcheck and have noticed what appeared to be mail neing relayed
by my machine. So I blocked the offender via /etc/hosts.deny and listed
the IP and domain in linuxconf to disallow relaying from them also.

So...logcheck reports this:

Security Violations
=-=-=-=-=-=-=-=-=-=
Mar  5 19:16:02 www sendmail[24770]: NOQUEUE: ruleset=check_relay,
arg1=planw-24-126.pompano.net, arg2=24.26.24.126,
relay=planw-24-126.pompano.net [24.26.24.126], reject=553 Your kidding
right? No Spammers allowed!
Mar  5 19:23:23 www sendmail[24786]: NOQUEUE: ruleset=check_relay,
arg1=planw-24-126.pompano.net, arg2=24.26.24.126,
relay=planw-24-126.pompano.net [24.26.24.126], reject=553 Your kidding
right? No Spammers allowed!
Mar  5 19:42:09 www sendmail[24837]: NOQUEUE: ruleset=check_relay,
arg1=acacia.mediahub.com.sg, arg2=203.126.200.20,
relay=acacia.mediahub.com.sg [203.126.200.20], reject=553 Spammers will
be prosecuted!

furtherdown it also reports this:

Mar  5 19:16:02 www sendmail[24770]: NOQUEUE: ruleset=check_relay,
arg1=planw-24-126.pompano.net, arg2=24.26.24.126,
relay=planw-24-126.pompano.net [24.26.24.126], reject=553 Your kidding
right? No Spammers allowed!
Mar  5 19:16:02 www sendmail[24770]: NOQUEUE: Null connection from
planw-24-126.pompano.net [24.26.24.126]
Mar  5 19:23:23 www sendmail[24786]: NOQUEUE: ruleset=check_relay,
arg1=planw-24-126.pompano.net, arg2=24.26.24.126,
relay=planw-24-126.pompano.net [24.26.24.126], reject=553 Your kidding
right? No Spammers allowed!
Mar  5 19:23:23 www sendmail[24786]: NOQUEUE: Null connection from
planw-24-126.pompano.net [24.26.24.126]
Mar  5 19:42:09 www sendmail[24837]: NOQUEUE: ruleset=check_relay,
arg1=acacia.mediahub.com.sg, arg2=203.126.200.20,
relay=acacia.mediahub.com.sg [203.126.200.20], reject=553 Spammers will
be prosecuted!
Mar  5 19:42:16 www sendmail[24837]: NOQUEUE: Null connection from
acacia.mediahub.com.sg [203.126.200.20]

So my question is this. What does "NOQUEUE: Null connection from
acacia.mediahub.com.sg [203.126.200.20]" actually mean?

I am assuming he didn't get thru, but yet I read it that he connected??
I'm finding these connection attempts frequently from these IP's.

Im running Red Hat 6.1, all errata applied. With sendmail-8.9.3-15. I
couldnt locate any reference to "Null connection" at www.sendmail.org or
on the moongroup archives.

Any help appriciated.

Scott Kindley

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.0.2

iQA/AwUBOMObaXPDicvPquiCEQK6rgCgy9b88ZCC+XvNlhm2Sxv70FMK8hYAoKRf
9sI3ZprHSjfMNe3dRPogoWm4
=7o60
-----END PGP SIGNATURE-----


-- 
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
are my spam rules working?

Reply via email to
