[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: is this an attack on my sendmail?

* Quoting César Augusto Seronni Filho (listas@kernelinformatica.com.br):

> hi guys in my maillog I am receiving many strange message on sendmail like 
> that:
> May 10 18:52:50 xserver sendmail[4444]: g4AIRfa02119: 
> to=<yourname@company.com.>, ctladdr=<one of my user mail> (638/45), 
> delay=03:25:09, xdelay=00:00:00, mailer=esmtp, pri=607606, 
> relay=company.com., dsn=4.0.0, stat=Deferred: Connection timed out with 
> company.com.

company.com might be down. Sendmail will retry
> look that <one of my user mail> is one registred email with my domain. The 
> messages points aways to the same user email.
> and the other strange thing is that when i try to check the 
> conections(netstat -at) there are one strange like that:
> tcp        0      1 myserver:35169           mywebos.com:smtp        SYN_SENT
> when I use netstat -atn looks like that:
> tcp        0      1 myserver:35169       SYN_SENT
> and look that this ip( is not owned by mywebos.com
> I think it is spoofed 

Probably a typo:

18:07 rk@afrika:~$ host
Name: mywebos.com

> Maybe this is an attack?

Unlikely. The connections origin is your server.

> What i can do?

Lean back.

- Rolf 

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: