Re: is this an attack on my sendmail?
* Quoting César Augusto Seronni Filho (email@example.com):
> hi guys in my maillog I am receiving many strange message on sendmail like
> May 10 18:52:50 xserver sendmail: g4AIRfa02119:
> to=<firstname.lastname@example.org.>, ctladdr=<one of my user mail> (638/45),
> delay=03:25:09, xdelay=00:00:00, mailer=esmtp, pri=607606,
> relay=company.com., dsn=4.0.0, stat=Deferred: Connection timed out with
company.com might be down. Sendmail will retry
> look that <one of my user mail> is one registred email with my domain. The
> messages points aways to the same user email.
> and the other strange thing is that when i try to check the
> conections(netstat -at) there are one strange like that:
> tcp 0 1 myserver:35169 mywebos.com:smtp SYN_SENT
> when I use netstat -atn looks like that:
> tcp 0 1 myserver:35169 184.108.40.206:25 SYN_SENT
> and look that this ip(220.127.116.11.25) is not owned by mywebos.com
> I think it is spoofed
Probably a typo:
18:07 rk@afrika:~$ host 18.104.22.168
> Maybe this is an attack?
Unlikely. The connections origin is your server.
> What i can do?
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org