Re: "Strange" maillog entries - am I being used as a relay?

From: Paul Howarth (paul_at_city-fan.org)
Date: 04/02/05

Next message: Robert Slade: "Re: "Strange" maillog entries - am I being used as a relay?"

Previous message: Mike Pelley: ""Strange" maillog entries - am I being used as a relay?"
In reply to: Mike Pelley: ""Strange" maillog entries - am I being used as a relay?"
Next in thread: Robert Slade: "Re: "Strange" maillog entries - am I being used as a relay?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: For users of Fedora Core releases <fedora-list@redhat.com>
Date: Sat, 02 Apr 2005 12:34:27 +0100

On Sat, 2005-04-02 at 06:22 -0330, Mike Pelley wrote:
> Folks - I noticed some strange errors in my logwatch report and when I checked my maillog I found the entries below. I have SMTPS with TLS set up for authentication. Does this mean I'm being used as a relay?
>
> maillog:Mar 29 09:30:24 zeus postfix/smtpd[26863]: connect from unknown[216.113.195.131]
> maillog:Mar 29 09:30:24 zeus postfix/smtpd[26863]: setting up TLS connection from unknown[216.113.195.131]
> maillog:Mar 29 09:30:24 zeus postfix/smtpd[26863]: TLS connection established from unknown[216.113.195.131]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
> maillog:Mar 29 09:30:25 zeus postfix/smtpd[26863]: 0A1267031D: client=unknown[216.113.195.131]
> maillog:Mar 29 09:30:25 zeus postfix/smtpd[26863]: 0A1267031D: reject: RCPT from unknown[216.113.195.131]: 450 <wjwwwdk@pelleys.com>: User unknown in local recipient table; from=<> to=<wjwwwdk@pelleys.com> proto=ESMTP helo=<email.noproblemnetworks.com>
> maillog:Mar 29 09:30:27 zeus postfix/smtpd[26863]: disconnect from unknown[216.113.195.131]

Looks like a failed backscatter delivery attempt (a bounce for a mail
you didn't send, probably a virus/worm/spam forgery). The delivery
failed because the forged sender address "wjwwwdk@pelleys.com" doesn't
exist in your domain.

These happen all the time, and are nothing to worry about, though you
might want to reject future bounces from the backscatter-sending host at
216.113.195.131 if your server can be configured to do that.

Paul.

-- 
Paul Howarth <paul@city-fan.org>
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

Next message: Robert Slade: "Re: "Strange" maillog entries - am I being used as a relay?"

Previous message: Mike Pelley: ""Strange" maillog entries - am I being used as a relay?"
In reply to: Mike Pelley: ""Strange" maillog entries - am I being used as a relay?"
Next in thread: Robert Slade: "Re: "Strange" maillog entries - am I being used as a relay?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]