Weird SENDMAIL Logs -- Please Review

To: debian-user@lists.debian.org
Subject: Weird SENDMAIL Logs -- Please Review
From: "John W. M. Stevens" <john@betelgeuse.us>
Date: Thu, 8 Aug 2002 23:25:04 -0600
Message-id: <[🔎] 20020809052504.GA10868@morningstar.nowhere.lie>

On my bi-weekly scan of my mail logs, I noticed this:

mail.log:Aug  7 05:02:28 morningstar sm-mta[30218]: g77B1UVE030218: webmail.unorth.ac.za [196.21.218.24]: ETRN [10.1.254.3]
mail.log:Aug  7 05:02:28 morningstar sm-mta[30218]: g77B1UVE030218: webmail.unorth.ac.za [196.21.218.24]: ETRN nims.unorth.ac.za
mail.log:Aug  7 05:02:28 morningstar sm-mta[30218]: g77B1UVE030218: webmail.unorth.ac.za [196.21.218.24]: ETRN unin.unorth.ac.za
mail.log:Aug  7 05:02:28 morningstar sm-mta[30218]: g77B1UVE030218: webmail.unorth.ac.za [196.21.218.24]: ETRN unin002.unorth.ac.za
mail.log:Aug  7 05:02:28 morningstar sm-mta[30218]: g77B1UVE030218: webmail.unorth.ac.za [196.21.218.24]: ETRN UNIN002
mail.log:Aug  7 05:02:28 morningstar sm-mta[30218]: g77B1UVE030218: webmail.unorth.ac.za [196.21.218.24]: ETRN nims.unorth.ac.za
mail.log:Aug  7 05:02:28 morningstar sm-mta[30218]: g77B1UVE030218: webmail.unorth.ac.za [196.21.218.24]: ETRN nims.unorth.ac.za

Am I right in assuming this webmail.unorth.ac.za was trying to use my
machine as an open relay?

Or is this something else?  ETRN <domain> is the command to flush the
queue for that domain . . . but what other reason could this person
have for issuing that command on my mail server?

Weird.  Does this imply that somebody is using my MTA as a relay?
I thought I had it locked down.

Thanks in advance,
John S.

Reply to:

Follow-Ups:
- Re: Weird SENDMAIL Logs -- Please Review
  - From: Alwyn Schoeman <alwyn@smart.com.ph>

Prev by Date: Re: Any way to alter "From:" temporarily in exim?
Next by Date: Re: How to use "dpkg -i" properly? (How to find missing packages?)
Previous by thread: Odd error with ping (2.4.7)
Next by thread: Re: Weird SENDMAIL Logs -- Please Review
Index(es):
- Date
- Thread