Hi T. K., > Looking a my logs this morning and looks like someone was trying to send a > message or some thing. What do you think?
Nope. It's fine. 1st line: Aug 13 10:25:30 www sendmail[32614]: n7DEPT5r032614: ruleset=check_rcpt, arg1=, relay=118-169-207-30.dynamic.hinet.net [118.169.207.30], reject=550 5.7.1 ... Relaying denied. Proper authentication required. Someone from 118.169.207.30 tried to use your Sendmail (from the outside) to relay a message to an email account not on your box. As it should be they got told: "Relaying denied. Proper authentication required." and the message was not accepted. 2nd line: Aug 13 10:25:31 www sendmail[32614]: n7DEPT5r032614: lost input channel from 118-169-207-30.dynamic.hinet.net [118.169.207.30] to MTA after rcpt Connection to/from them was closed. 3rd line: Aug 13 10:25:31 www sendmail[32614]: n7DEPT5r032614: from=, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=118-169-207-30.dynamic.hinet.net [118.169.207.30] They then probed your Sendmail to check if certain accounts exist on your box. The part "size=0, class=0, nrcpts=0" tells us this. That's a *very* common thing and you see that a lot. It's a mechanism that even some legit people use to verify if an email address exists before they actually try to deliver it to the address in question. It creates less traffic than sending and actual email and getting it bounced because the recipient doesn't exist. But it's a fishy practice which spammer use a lot. They probe Sendmail for existing system accounts and then send one SPAM which has all guessed accountnames as BCC receivers. It's of no concern security wise as they don't actually try to guess passwords. No, they "just" check if this or that email address is valid. I find it anoying, but blocking such probes would also stop quite a chunk of legit emails. -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list [email protected] http://www.blueonyx.it/mailman/listinfo/blueonyx
