This is what I get 5 days earlier. (There are many more attempts.)
Since the message was sent to a non-existent user at one of our domains, I
think what I'm seeing here is Sendmail sending a message back to original
sender that the email address is invalid. Would anyone agree with this
assessment?
Has anyone tried any of the open-relay assessment tools listed on Jeremy's
link? Any recommendations of which one to try first?
Thanks,
--Bill
Aug 4 17:25:03 payson sendmail[3689]: i750P31j003689:
from=<
Bain@123-stock.info>, size=1225, class=0, nrcpts=1,
msgid=<
LGGDNTNZOGUMMSUILVIH@123-stock.info>, proto=SMTP, daemon=MTA,
relay=[65.182.130.29]
Aug 4 17:25:47 payson sendmail[3699]: i750P6Aa003699: ruleset=check_mail,
arg1=<
Bain@123-stock.info>, relay=root@localhost, reject=451 4.1.8 Domain of
sender address
Bain@123-stock.info does not resolve
Aug 4 17:25:47 payson sendmail[3698]: i750P31j003689:
to=<
carol@westerneng.com>, delay=00:00:44, xdelay=00:00:41,
mailer=virthostmail, pri=121225, relay=westerneng.com, dsn=4.0.0,
stat=Deferred: 451 4.1.8 Domain of sender address
Bain@123-stock.info does
not resolve
Aug 4 17:25:47 payson sendmail[3699]: i750P6Aa003699:
from=<
Bain@123-stock.info>, size=1551, class=0, nrcpts=0, proto=ESMTP,
relay=root@localhost
Aug 4 18:04:47 payson sendmail[4132]: i750P31j003689:
to=<
carol@westerneng.com>, delay=00:39:44, xdelay=00:00:40,
mailer=virthostmail, pri=211225, relay=westerneng.com, dsn=4.0.0,
stat=Deferred: 451 4.1.8 Domain of sender address
Bain@123-stock.info does
not resolve
-----Original Message-----
From:
plug-discuss-admin@lists.plug.phoenix.az.us
[
mailto:plug-discuss-admin@lists.plug.phoenix.az.us] On Behalf Of Bryce C
Sent: Wednesday, August 11, 2004 4:28 PM
To: PLUG
Subject: RE: Open Relay issue
Just to point out something not yet considered, it is very possible that
a spammer is just using an address at your domain. Admittedly, I only
skimmed the message/error, but this sort of thing happens to me all the
time, daily at least. No security issue, there isn't even a mail server
for "them" to use as a relay that is mine, just an address.
On Wed, 2004-08-11 at 16:10, Bill Wesson wrote:
> Note: Westerneng.com is a domain on our server.
> carol@westerneng.com is a non-existent user.
> Part of the message is as follows:
>
> **********************************************
> ** THIS IS A WARNING MESSAGE ONLY **
> ** YOU DO NOT NEED TO RESEND YOUR MESSAGE **
> **********************************************
>
> The original message was received at Wed, 4 Aug 2004 17:25:03 -0700 from
> [65.182.130.29]
>
> ----- Transcript of session follows ----- ... while talking to
> payson.visionengravers.com:
> >>> MAIL From:<Bain@123-stock.info> SIZE=1577
> <<< 451 4.1.8 Domain of sender address Bain@123-stock.info does not
resolve
> <carol@westerneng.com>... Deferred: 451 4.1.8 Domain of sender address
> Bain@123-stock.info does not resolve
> Warning: message still undelivered after 4 hours Will keep trying until
> message is 5 days old
>
> +++++++++++++++++++++
>
> Here is the text from maillog. The one that has me concerned is to
> Bain@123-stock.info.
>
> Aug 9 22:53:30 payson sendmail[22510]: i75547IJ006693:
> to=<Bain@123-stock.info>, delay=5+00:48:43, xdelay=00:00:22, mailer=esmtp,
> pri=10652601, relay=mail.senderservices.info. [65.59.208.76], dsn=4.0.0,
> stat=Deferred: 421 SMTP service not available, closing transmission
channel
> Aug 9 22:53:31 payson sendmail[22510]: i75547IJ006693: i7A5qnhx022510:
> return to sender: Cannot send message for 5 days
> Aug 9 22:53:31 payson sendmail[22510]: i7A5qnhx022510: to=root,
> delay=00:00:00, xdelay=00:00:00, mailer=local, pri=34654, dsn=2.0.0,
> stat=Sent
>
> Thanks,
> --Bill
>
> On Wed, 11 Aug 2004, Bill Wesson wrote:
>
> > I have a message from Postmaster Notify on my Sendmail server that I'm
not
> > quite sure about. It appears someone has successfully relayed. We have
> SMTP
> > authorization set, so a password may have been guessed. Would anyone be
> able
> > to take a look at the message to see if my guess is correct? I can
forward
> > the message to you off list.
>
> Post to this list the few lines from your mail logs that correspond with
> this related message.
>
> > Also, are there any good automatic relay-block testers not affiliated
with
> a
> > RBL that can deliver accurate information?
>
> Have a look at the relay checker tools linked from
> http://spamlinks.openrbl.org/tools-relay.htm
>
>
> Jeremy C. Reed
>
> BSD News, BSD tutorials, BSD links
> http://www.bsdnewsletter.com/
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
--
Bryce C <
Plug@BryceCo.Net>
CoBryce Communications
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)