[Mimedefang] Sendmail delivery problem
Chad Stalvey
cstalvey at hcsmail.com
Thu Feb 27 16:39:01 EST 2003
I have those also in my mail log, quite a few actually...
Do a grep messageID /var/log/mailllog
then a grep emailaddress /var/log/maillog
EX from my log:
Log Data:
Feb 27 15:55:36 mail sendmail[11120]: h1RKr5N9011120:
to=<chaunceyloanz at ieg.com.br>, delay=00:00:01, xdelay=00:00:01,
mailer=esmtp, pri=31024, relay=carrol.protocoloweb.com.br. [200.226.139.57],
dsn=4.0.0, stat=Deferred: Connection refused by carrol.protocoloweb.com.br.
# grep h1RKr5N9011120 /var/log/maillog
Feb 27 15:55:35 mail sendmail[11120]: h1RKr5N8011120: h1RKr5N9011120: DSN:
<page at 320i.com>... User unknown
Feb 27 15:55:36 mail sendmail[11120]: h1RKr5N9011120:
to=<chaunceyloanz at ieg.com.br>, delay=00:00:01, xdelay=00:00:01,
mailer=esmtp, pri=31024, relay=carrol.protocoloweb.com.br. [200.226.139.57],
dsn=4.0.0, stat=Deferred: Connection refused by carrol.protocoloweb.com.br.
Here is my best educated guess:
Someone is using Spamware to spam your server, they come in and try
dad1 at yourdomain.com, dad2 at yourdomain.com and so on and so on. They are also
masking there from address, so that when your server tries to send them a
bounce message "Error: No such User Here", it's not going to a legit
address, so your server can't send it.
Make Sense?
Do a grep 'User unknown' /var/log/maillog
you will get a bunch of data back, but look for User unknowns all together
with each other where the message id's are the same, then grep for that
message id and I would suspect someone is hammering your server.
If you would like me to share with you on how to stop those drastically,
email me off this list as I have posted it here before and this is not a
sendmail list ~ --- ~ I've been griped at before...
cstalvey at hcsmail.com
-----Original Message-----
From: mimedefang-admin at lists.roaringpenguin.com
[mailto:mimedefang-admin at lists.roaringpenguin.com]On Behalf Of Will
McCorkle
Sent: Thursday, February 27, 2003 3:48 PM
To: 'mimedefang at lists.roaringpenguin.com'
Subject: [Mimedefang] Sendmail delivery problem
Ok, I know this not a sendmail group, but I was hoping someone else has run
into this problem. It all works (sendmail, mimdefang and spamassassin), but
I keep getting this error message from the maillog file.
Feb 27 12:37:28 mydomain sm-mta[23895]: h1O3X40N013408:
to=<deliv at mydomain.com>, delay=3+15:04:24, xdelay=00:00:00, mailer=esmtp,
pri=-1487386764, relay=mydomain.com., dsn=4.0.0, stat=Deferred: Connection
refused by mydomain.com.
Feb 27 12:37:28 mydomain sm-mta[23895]: h1O3X40O013408:
to=<delivery at mydomain.com>, delay=3+15:04:24, xdelay=00:00:00, mailer=esmtp,
pri=-1474786728, relay=mydomain.com., dsn=4.0.0, stat=Deferred: Connection
refused by mydomain.com.
Feb 27 12:37:29 mydomain sm-mta[23895]: h1O06J0N000520:
to=<delivery at mydomain.com>, delay=3+18:31:10, xdelay=00:00:00, mailer=esmtp,
pri=-1365436728, relay=mydomain.com., dsn=4.0.0, stat=Deferred: Connection
refused by mydomain.com.
Feb 27 12:37:29 mydomain sm-mta[23895]: h1NJUq0N004940:
to=<delivery at mydomain.com>, delay=3+23:06:37, xdelay=00:00:00, mailer=esmtp,
pri=-1218106728, relay=mydomain.com., dsn=4.0.0, stat=Deferred: Connection
refused by mydomain.com.
Feb 27 12:37:29 mydomain sm-mta[23895]: h1NIks0N027813:
to=<delivery at mydomain.com>, delay=3+23:50:34, xdelay=00:00:00, mailer=esmtp,
pri=-1192726728, relay=mydomain.com., dsn=4.0.0, stat=Deferred: Connection
refused by mydomain.com.
delivery at mydomain.com does not exist as a user and should not be getting
mail at all. So I am at a loss to why it is and how to correct it. It's not
really a problem but it looks bad and my boss "Would like for it to go
away". Any suggestions would be nice.
Thank You
Will McCorkle
DG Systems
972-581-2119
_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list