Roger Walker <[EMAIL PROTECTED]> wrote:
[...]
> 'locals' contains "localhost", the FQDN for the host, and the
> domain portion of the FQDN for the host.
[...]
> Question(s): Am I being used as a relay?
Difficult to tell, since you've removed your hostname. However, I checked
"nylon.rope.net" and it refused a very basic relay attempt. If that's the
host you're talking about, I don't believe you're being relay-raped.
> If not, why would they stop trying to connect as soon as they were refused?
> The sheer quantity of connect attempts says that they are up to something no
> good, but I have no evidence of anything except their connections - nothing
> more. Are they attempting to relay, but too stupid to check that my system
> won't relay for them? Are they relaying, but I'm too stupid to configure
> qmail properly? Enquiring minds want to know :-)
Perhaps they're just trying to guess your root password, since you said
they're showing up in /var/log/secure. Are they SSH-ing in? What does
your security log actually say about that host?
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
