Looks to me like someone's using you as a SPAM relay... You need to turn
relaying off.
> -----Original Message-----
> From: Tomás García Ferrari [SMTP:[EMAIL PROTECTED]]
> Sent: Sunday, February 11, 2001 7:00 AM
> To: RedHat List
> Subject: Sendmail attack?
>
> Hello,
>
> My sendmail daemon is frozen every now and then. The only extrange thing I
> found on the logs (/var/log/maillog and /var/log/messages) is this:
>
> > Feb 6 18:24:43 www sendmail[445]: SAA00445: from=<[EMAIL PROTECTED]>,
> > size=2660, class=0, pri=62660, nrcpts=2, msgid=
> > <00001b3a3abe$000006cc$[EMAIL PROTECTED]>, proto=ESMTP,
> > relay=ns.escada.co.jp [210.162.109.146]
> > Feb 6 18:25:11 www sendmail[447]: SAA00447: to=<[EMAIL PROTECTED]>,
> > delay=00:00:28, xdelay=00:00:28, mailer=esmtp, re
> > lay=mx2.777.net.cn. [202.98.123.85], stat=Deferred: Connection reset by
> > mx2.777.net.cn.
>
> and a lot of this "Deferred" messages... The message is still on the queue
> of sendmail. Is this a sympthom of an known attack? I could easily delete
> this message from the queue, but I want to be sure of not being attacked!
>
> Thanks,
>
> Tomas Garcia Ferrari
>
> Bigital
> http://bigital.com
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
