On Tue, 16 Oct 2001 00:49:51 -0400, "Gerald Waugh" <[EMAIL PROTECTED]> wrote:
:>> Hi, fellow RaQ users, :>> :>> I'm getting seriously cheesed off by the fact that most of my security :>> violations are caused by an unending stream of attempts to use my mail :>> server as a relay for spam, almost all of it originating from AOL or YAHOO. :>> :>> I'm considering blocking both sites - do you experience the same thing? :>> :>sample: :>Oct 17 22:01:02 fsn1 sendmail[28991]: WAA28991: ruleset=check_rcpt, :>arg1=<[EMAIL PROTECTED]>, relay=AC81C4DC.ipt.aol.com [172.129.196.220], :>reject=550 <[EMAIL PROTECTED]>... Relaying denied. Please POP before :>sending. :> :>Yes, and the thing that really hacks me off, is that there are hundreds at :>a time. "relaying denied" You would think they would run a test case of :>one, before sending hundreds at a smtp server that was going to reject :>everything. I get the same thing. Looks like someone at aol was really banging my system. One thing that puzzles me however, is a couple of the below items do not say relaying denied. I have surrounded them in ???????? marks. My assumption is that since size=0, class=0, pri=0, nrcpts=0, proto=SMTP are all zero, that no relay occurred and the entry simply means the previous error session was closed. Am I reading the log correctly or do I have a hole open of which I was not aware? Oct 18 00:43:29 vanecek sendmail[14744]: AAA14744: ruleset=check_rcpt, arg1=<[EMAIL PROTECTED]>, relay=x98A3A02C.pix.aol.com [152.163.160.44], reject=550 <[EMAIL PROTECTED]>... Relaying denied. Please check your mail first. Oct 18 00:43:30 vanecek sendmail[14744]: AAA14744: ruleset=check_rcpt, arg1=<[EMAIL PROTECTED]>, relay=x98A3A02C.pix.aol.com [152.163.160.44], reject=550 <[EMAIL PROTECTED]>... Relaying denied. Please check your mail first. Oct 18 00:43:30 vanecek sendmail[14744]: AAA14744: ruleset=check_rcpt, arg1=<[EMAIL PROTECTED]>, relay=x98A3A02C.pix.aol.com [152.163.160.44], reject=550 <[EMAIL PROTECTED]>... Relaying denied. Please check your mail first. ??????????????????????????????????????????????????????????????? Oct 18 00:43:30 vanecek sendmail[14744]: AAA14744: from=<[EMAIL PROTECTED]>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=x98A3A02C.pix.aol.com [152.163.160.44] ??????????????????????????????????????????????????????????????? Oct 18 00:43:30 vanecek sendmail[14745]: AAA14745: ruleset=check_mail, arg1=<[EMAIL PROTECTED]>, relay=x98A3A02C.pix.aol.com [152.163.160.44], reject=501 <[EMAIL PROTECTED]>... Sender domain must exist ??????????????????????????????????????????????????????????????? Oct 18 00:43:30 vanecek sendmail[14745]: AAA14745: from=<[EMAIL PROTECTED]>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=x98A3A02C.pix.aol.com [152.163.160.44] ??????????????????????????????????????????????????????????????? Oct 18 00:43:30 vanecek sendmail[14746]: AAA14746: ruleset=check_rcpt, arg1=<[EMAIL PROTECTED]>, relay=x98A3A02C.pix.aol.com [152.163.160.44], reject=550 <[EMAIL PROTECTED]>... Relaying denied. Please check your mail first. Oct 18 00:43:30 vanecek sendmail[14746]: AAA14746: ruleset=check_rcpt, arg1=<[EMAIL PROTECTED]>, relay=x98A3A02C.pix.aol.com [152.163.160.44], reject=550 <[EMAIL PROTECTED]>... Relaying denied. Please check your mail first. Oct 18 00:43:30 vanecek sendmail[14746]: AAA14746: ruleset=check_rcpt, arg1=<[EMAIL PROTECTED]>, relay=x98A3A02C.pix.aol.com [152.163.160.44], reject=550 <[EMAIL PROTECTED]>... Relaying denied. Please check your mail first. ??????????????????????????????????????????????????????????????? Oct 18 00:43:30 vanecek sendmail[14746]: AAA14746: from=<[EMAIL PROTECTED]>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=x98A3A02C.pix.aol.com [152.163.160.44] ??????????????????????????????????????????????????????????????? _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
