Weird SENDMAIL Logs -- Please Review
On my bi-weekly scan of my mail logs, I noticed this:
mail.log:Aug 7 05:02:28 morningstar sm-mta[30218]: g77B1UVE030218: webmail.unorth.ac.za [196.21.218.24]: ETRN [10.1.254.3]
mail.log:Aug 7 05:02:28 morningstar sm-mta[30218]: g77B1UVE030218: webmail.unorth.ac.za [196.21.218.24]: ETRN nims.unorth.ac.za
mail.log:Aug 7 05:02:28 morningstar sm-mta[30218]: g77B1UVE030218: webmail.unorth.ac.za [196.21.218.24]: ETRN unin.unorth.ac.za
mail.log:Aug 7 05:02:28 morningstar sm-mta[30218]: g77B1UVE030218: webmail.unorth.ac.za [196.21.218.24]: ETRN unin002.unorth.ac.za
mail.log:Aug 7 05:02:28 morningstar sm-mta[30218]: g77B1UVE030218: webmail.unorth.ac.za [196.21.218.24]: ETRN UNIN002
mail.log:Aug 7 05:02:28 morningstar sm-mta[30218]: g77B1UVE030218: webmail.unorth.ac.za [196.21.218.24]: ETRN nims.unorth.ac.za
mail.log:Aug 7 05:02:28 morningstar sm-mta[30218]: g77B1UVE030218: webmail.unorth.ac.za [196.21.218.24]: ETRN nims.unorth.ac.za
Am I right in assuming this webmail.unorth.ac.za was trying to use my
machine as an open relay?
Or is this something else? ETRN <domain> is the command to flush the
queue for that domain . . . but what other reason could this person
have for issuing that command on my mail server?
Weird. Does this imply that somebody is using my MTA as a relay?
I thought I had it locked down.
Thanks in advance,
John S.
Reply to: