[cobalt-security] Sendmail error messages?

Sat, 12 May 2001 06:13:46 -0700 


I'm trying to figure out what all of these messages mean that are being
generated on a Raq3 box? Is someone trying to use our box to relay spam
mail? And if so, how can I stop them?

My fear is that stuff is getting through because these error messages are
only stating that "Sender domain must exist". So, I assume that if the
sender domain was a valid one, then sendmail will relay their e-mail?
Correct me if I'm wrong.

By the way, this raq box has been updated w/ all the latest updates. What
I'm wondering is we used to have an old version of pop-before-smtp on this
box and then we installed Cobalts version. Could this be part of the
problem?

May 11 08:58:50 dns1 sendmail[23891]: IAA23891: ruleset=check_mail,
arg1=<[EMAIL PROTECTED]>, relay=cdshop.photodisc.de
[193.97.202.146],
reject=501 <[EMAIL PROTECTED]>... Sender domain must exist
May 12 06:43:24 dns1 sendmail[15137]: GAA15137: ruleset=check_mail,
arg1=<[EMAIL PROTECTED]>,
relay=hp.egroups.com [208.50.99.201], reject=451
<[EMAIL PROTECTED]>...
Sender
domain must resolve
May 12 07:42:30 dns1 sendmail[17431]: HAA17431: ruleset=check_mail,
arg1=<[EMAIL PROTECTED]>,
relay=n1.groups.yahoo.com [216.115.96.51], reject=451
<[EMAIL PROTECTED]>...
Sender
domain must resolve
May 12 07:55:11 dns1 sendmail[17935]: HAA17935: ruleset=check_mail,
arg1=<[EMAIL PROTECTED]>,
relay=ch.egroups.com [208.50.99.226], reject=451
<[EMAIL PROTECTED]>...
Sender
domain must resolve
May 12 07:57:30 dns1 sendmail[18013]: HAA18013: ruleset=check_mail,
arg1=<[EMAIL PROTECTED]>,
relay=mu.egroups.com [64.211.240.238], reject=451
<[EMAIL PROTECTED]>...
Sender
domain must resolve
May 12 08:23:07 dns1 sendmail[19012]: IAA19012: ruleset=check_mail,
arg1=<[EMAIL PROTECTED]>,
relay=fl.egroups.com [64.211.240.233], reject=451
<[EMAIL PROTECTED]>...
Sender
domain must resolve
May 12 08:33:11 dns1 sendmail[19420]: IAA19420: ruleset=check_mail,
arg1=<[EMAIL PROTECTED]>,
relay=hl.egroups.com [208.50.99.197], reject=451
<[EMAIL PROTECTED]>...
Sender
domain must resolve

Thanks!

SW

_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security

Reply via email to