hi guys in my maillog I am receiving many strange message on sendmail like that: May 10 18:52:50 xserver sendmail[4444]: g4AIRfa02119: to=<[EMAIL PROTECTED]>, ctladdr=<one of my user mail> (638/45), delay=03:25:09, xdelay=00:00:00, mailer=esmtp, pri=607606, relay=company.com., dsn=4.0.0, stat=Deferred: Connection timed out with company.com.
look that <one of my user mail> is one registred email with my domain. The messages points aways to the same user email. and the other strange thing is that when i try to check the conections(netstat -at) there are one strange like that: tcp 0 1 myserver:35169 mywebos.com:smtp SYN_SENT when I use netstat -atn looks like that: tcp 0 1 myserver:35169 208.49.229.140:25 SYN_SENT and look that this ip(208.49.229.140.25) is not owned by mywebos.com I think it is spoofed In my network, I have one DMZ which this server was placed. I am using one linux firewall(iptables) to redirect the packages to my DMZ But I think if this is an attack it is comming from my LAN which have directed access to my DMZ. Maybe this is an attack? What i can do? Any specials rules to protect me with iptables? How I can find the source of the attack? tks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
