This doesn't look like a relay attempt but normal spam using an e-mail address generator destained for your domain and the user(s) didn't exist.
----- Original Message ----- From: "Erich S." <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 25, 2002 7:22 PM Subject: Re: [luau] Blocking mail relayers > On Wed, 25 Sep 2002, Mike Ballon wrote: > > > Sendmail does NOT need to be restarted when updating the access file, it > > does need to be built of course 'make access.db' but that's it. > > > > I'd like to see a snip of the maillog to see if he was actually being > > allowed to relay though. > > > > Hmmm I didn't do a 'make access.db', I did a '/sbin/service sendmail > restart'. Does that force a 'make access.db'? > > Anyway, here's a partial snippet of maillog. There were quite a few > attempts, each appearing to use different namesets within my domain. > > ============================================================== > Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown > Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown > Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown > Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown > Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown > Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown > Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown > Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown > Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown > Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown > Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: from=<[EMAIL PROTECTED]>, size=0, class=0, nrcpts=0, proto=SMTP, > daemon=MTA, relay=rlkal1a046.comtech-data.se [194.198.208.46] (may be forged) > ============================================================== > > After putting in the hosts.deny entry, restarting XINETD and putting in > the entry in /etc/mail/access, and restarting sendmail. This is what turns > up in the log about every 20 minutes or so: > > ============================================================== > Sep 25 13:07:10 tiger sendmail[31999]: g8PN79P31999: ruleset=check_relay, arg1=rlkal1a009.comtech-data.se, arg2=194.198.208.9, > relay=rlkal1a009.comtech-data.se [194.198.208.9] (may be forged), reject=550 5.7.1 Access denied > Sep 25 13:07:11 tiger sendmail[31999]: NOQUEUE: rlkal1a009.comtech-data.se [194.198.208.9] (may be forged) > did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA > Sep 25 13:51:22 tiger sendmail[32024]: g8PNpLP32024: ruleset=check_relay, arg1=rlkal1a009.comtech-data.se, arg2=194.198.208.9, > relay=rlkal1a009.comtech-data.se [194.198.208.9] (may be forged), reject=550 5.7.1 Access denied > Sep 25 13:51:25 tiger sendmail[32024]: NOQUEUE: rlkal1a009.comtech-data.se [194.198.208.9] (may be forged) > did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA > Sep 25 14:36:46 tiger sendmail[32062]: g8Q0agP32062: ruleset=check_relay, arg1=rlkal1a009.comtech-data.se, arg2=194.198.208.9, > relay=rlkal1a009.comtech-data.se [194.198.208.9] (may be forged), reject=550 5.7.1 Access denied > Sep 25 14:36:47 tiger sendmail[32062]: NOQUEUE: rlkal1a009.comtech-data.se [194.198.208.9] (may be forged) > did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA > ============================================================== > > Not sure what else I can do. Most Euro's I've dealt with are scum so being > able to block this dood is at least gratifying in a small way. Euro's like > to talk big about the evil USA but to date most problems I've had with > outside intruders have been from Euro's who seem to have nothing better to > do with their time. > > Thanks all for the comments and advice. And sorry if this type of dialogue > isn't very interesting...I'll try and think of a obligatory MS Bash or > Linux Boast later when I'm finished having fun learning this stuff. > (tongue placed firmly in cheek) > > Sharky > > _______________________________________________ > LUAU mailing list > [EMAIL PROTECTED] > http://videl.ics.hawaii.edu/mailman/listinfo/luau >
