I read that as your server received an email addressed to FaygjkFarris@<domain> and responded from MAILER-DAEMON (aka <>) that the user is not known. This is a normal spammer address verification tactic.

Frank

On 7/19/06 8:29 AM, Stephen Barner wrote:
I've got a server that hosts a few websites and a PHP BBS. It uses
sendmail to handle a few light mail duties (though the spammers have found
it, so I have to delete a few dozen spam messages that come in every day).
I recently noticed some unusual activity on the server and checking
var/log/maillog, I find a bunch of messages of this type being produced (I
substituted mydomain for the real domain name of the local server):

Jul 19 07:16:43 www sendmail[3541]: k6JBGh3U003541:
<[EMAIL PROTECTED]>... User unknown
Jul 19 07:16:43 www sendmail[3541]: k6JBGh3U003541: from=<>, size=21287,
class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=imail.mlode.com
[208.12.100.136]

If I am reading this correctly, the server sent a message with no sender
listed to the nonexistant local user FaygjkFarris through imail.mlode.com.
I can't figure out the logic behind this, especially since all the
usernames are really odd and not likely to produce successful hits. I also
have no idea what is initiating the exchanges. It would seem that there
might be some kind of malware running on the local machine trying to send
these messages out, but I can't find anything unusual. Perhaps I am
reading the maillog incorrectly but for now I shut down sendmail until I
can resolve the problem. The sendmail version is 8.12.4.

Steve Barner

--
Frank Swasey                    | http://www.uvm.edu/~fcs
Sr Systems Administrator        | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
  "I am not young enough to know everything." - Oscar Wilde (1854-1900)

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to