is this an attack on my sendmail?
hi guys in my maillog I am receiving many strange message on sendmail like
May 10 18:52:50 xserver sendmail: g4AIRfa02119:
to=<firstname.lastname@example.org.>, ctladdr=<one of my user mail> (638/45),
delay=03:25:09, xdelay=00:00:00, mailer=esmtp, pri=607606,
relay=company.com., dsn=4.0.0, stat=Deferred: Connection timed out with
look that <one of my user mail> is one registred email with my domain. The
messages points aways to the same user email.
and the other strange thing is that when i try to check the
conections(netstat -at) there are one strange like that:
tcp 0 1 myserver:35169 mywebos.com:smtp SYN_SENT
when I use netstat -atn looks like that:
tcp 0 1 myserver:35169 220.127.116.11:25 SYN_SENT
and look that this ip(18.104.22.168.25) is not owned by mywebos.com
I think it is spoofed
In my network, I have one DMZ which this server was placed.
I am using one linux firewall(iptables) to redirect the packages to my DMZ
But I think if this is an attack it is comming from my LAN which have
directed access to my DMZ.
Maybe this is an attack?
What i can do?
Any specials rules to protect me with iptables?
How I can find the source of the attack?
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org