On Tue, 2006-01-17 at 11:20 -0600, John Jolet wrote: > On Jan 17, 2006, at 11:14 AM, Michael Sullivan wrote: > > > I'm concerned. When I got out of the shower just now and came to > > check > > my email, I didn't have any. Concerned that sendmail might not be > > running, I ps'd for it: > > > > bullet mail # ps ax | grep 'sendmail' > > 9939 ? Ss 0:00 sendmail: Queue [EMAIL PROTECTED]:30:00 > > for /var/spool/clientmqueue > > 10305 ? Ss 0:00 sendmail: accepting connections > > 10801 ? S 0:00 sendmail: ./k0FKmpDE010833 > > gpeplpqel.shankscape.com.: user open > > 10810 pts/0 R+ 0:00 grep sendmail > > > > > > I see that sendmail is connected with gpeplpqel.shankscape.com. I > > assume that someone at that host is trying to send mail to my domain, > > but I checked /var/spool/mail and I didn't see anything from them. I > > ps'd sendmail again and saw that they were no longer connected. I > > checked /var/log/maillog and see a bunch of these: > > > > Jan 17 11:04:10 bullet sm-mta[10801]: k0FKmpDE010833: > > to=<[EMAIL PROTECTED]>, delay=1+20:15:18, > > xdelay=00:03:10, mailer=esmtp, pri=8599167, > > relay=gpeplpqel.shankscape.com. [69.25.212.153], dsn=4.0.0, > > stat=Deferred: Connection timed out with gpeplpqel.shankscape.com. > > > > Is there a way to make sure that unauthorized people are not sending > > mail through my domain? > > > telnet yourdomain.com 25 > helo somedomain.com > msg from someforeigndomain.com > rcpt to someotherforeigndomain.com > > see if it slaps you down (note, i may have the msg from and rcpt to > backwards, always forget) > > > > -- > > [email protected] mailing list > > >
I think I messed up the syntax somewhere: camille ~ # telnet espersunited.com 25 Trying 64.149.52.102... Connected to espersunited.com. Escape character is '^]'. 220 bullet.espersunited.com ESMTP Sendmail 8.13.4/8.13.4; Tue, 17 Jan 2006 11:33:21 -0600 helo somedomain.com 250 bullet.espersunited.com Hello [192.168.1.1], pleased to meet you msg from someforeigndomain.com 500 5.5.1 Command unrecognized: "msg from someforeigndomain.com" rcpt to someotherforeigndomain.com 503 5.0.0 Need MAIL before RCPT -- [email protected] mailing list
