[Mimedefang] Re: DoS Question

Kevin A. McGrail kmcgrail at pccc.com
Sat Jan 1 10:43:56 EST 2005 

Anyone else seeing massive sendmail connections seemingly for the sole 
purpose of a denial of service?  This is less than one minute after a 
sendmail restart and we've been seeing this issue since app 6AM today.

Regards,
KAM

13850 ?        S      0:00 sendmail: rejecting connections on daemon MSA: 60 
chi
13851 ?        SN     0:00 sendmail: ./j01E3mxF008106 mail.ghul.com.: user 
open
13860 ?        S      0:00 sendmail: Queue runner at 00:05:00 for 
/var/spool/client
13861 ?        S      0:00 sendmail: ./j01FZ1EP013393 [127.0.0.1]: client 
greeti
13862 ?        S      0:00 sendmail: server localhost.localdomain 
[127.0.0.1] st
13870 ?        S      0:00 sendmail: Queue runner at 02:00:00 for 
/var/spool/slow-m
13871 ?        SN     0:00 sendmail: ./j01Dr0bu006342 from queue
13875 ?        S      0:00 sendmail: server 
chello080108079103.17.11.vie.surfer.
13876 ?        S      0:00 sendmail: server [222.233.27.7] startup
13877 ?        S      0:00 sendmail: server [211.200.210.237] startup
13878 ?        S      0:00 sendmail: server 
ll194-2-26-197-204-194.ll194-2.iam.n
13879 ?        S      0:00 sendmail: server smtp107.tamsmtp.com [69.8.181.7] 
sta
13880 ?        S      0:00 sendmail: server mail2.fundowntheroad.com 
[207.170.10
13881 ?        S      0:00 sendmail: server [61.166.68.141] startup
13882 ?        S      0:00 sendmail: server cmc235.neoplus.adsl.tpnet.pl 
[83.31.
13883 ?        S      0:00 sendmail: server [222.97.250.191] startup
13884 ?        S      0:00 sendmail: server [208.178.158.75] startup
13885 ?        S      0:00 sendmail: server out008pub.verizon.net 
[206.46.170.10
13886 ?        S      0:00 sendmail: server 
host-81-190-138-110.olsztyn.mm.pl [8
13887 ?        S      0:00 sendmail: server imr-m03.mx.aol.com 
[64.12.138.201] s
13889 ?        S      0:00 sendmail: server 
pool-70-23-79-164.ny325.east.verizon
13903 ?        S      0:00 sendmail: server mail7.fundowntheroad.com 
[207.170.10
13905 ?        S      0:00 sendmail: server 
dsl-201-129-187-64.prod-infinitum.co
13906 ?        S      0:00 sendmail: server outmail-10.whambambrands.com 
[209.21
13907 ?        S      0:00 sendmail: server 
82-44-226-177.cable.ubr11.haye.bluey
13909 ?        S      0:00 sendmail: server [61.252.246.125] startup
13910 ?        S      0:00 sendmail: server [211.211.74.140] startup
13912 ?        S      0:00 sendmail: server [218.91.35.34] startup
13913 ?        S      0:00 sendmail: server 
119.Red-81-33-68.pooles.rima-tde.net
13916 ?        S      0:00 sendmail: server [211.59.229.197] startup
13918 ?        S      0:00 sendmail: server [218.80.101.20] startup
13919 ?        S      0:00 sendmail: server [218.80.101.20] startup
13920 ?        S      0:00 sendmail: server [218.80.101.20] startup
13922 ?        S      0:00 sendmail: server [213.245.184.253] startup
13923 ?        S      0:00 sendmail: server [218.80.101.20] startup
13924 ?        S      0:00 sendmail: server [217.17.157.219] startup
13927 ?        S      0:00 sendmail: server mail16.villner.com 
[207.182.156.33]
13928 ?        S      0:00 sendmail: server mail7.villner.com 
[207.182.156.24] s
13932 ?        S      0:00 sendmail: server 
dsl-201-129-187-64.prod-infinitum.co
13933 ?        S      0:00 sendmail: server mail6.villner.com 
[207.182.156.23] s
13943 ?        S      0:00 sendmail: server 
host62-201.pool8255.interbusiness.it
13944 ?        S      0:00 sendmail: server 214.201.150.220.ap.yournet.ne.jp 
[22
13945 ?        S      0:00 sendmail: server 
pool-141-153-179-236.mad.east.verizo
13946 ?        S      0:00 sendmail: server [198.172.80.128] startup
13947 ?        S      0:00 sendmail: server 
adsl-70-241-100-2.dsl.hstntx.swbell.
13950 ?        S      0:00 sendmail: server 
host8-33.pool80117.interbusiness.it
13952 ?        S      0:00 sendmail: server 
ASt-Lambert-104-1-3-136.w80-14.abo.w
13954 ?        S      0:00 sendmail: server 
provence-2-82-67-202-44.fbx.proxad.n
13956 ?        S      0:00 sendmail: server 
pool-70-19-161-197.bos.east.verizon.
13959 ?        S      0:00 sendmail: server 
host36-34.pool8251.interbusiness.it
13960 ?        S      0:00 sendmail: server 
228.70-84-59.reverse.theplanet.com [
13961 ?        S      0:00 sendmail: server [211.199.113.153] startup
13963 ?        S      0:00 sendmail: server [62.217.32.94] startup
13965 ?        S      0:00 sendmail: server [69.90.231.6] startup
13967 ?        S      0:00 sendmail: server sccrmhc12.comcast.net 
[204.127.202.5
13968 ?        S      0:00 sendmail: server hcc3d73dd9f.bai.ne.jp 
[61.115.221.15
13969 ?        S      0:00 sendmail: server YahooBB220005152027.bbtec.net 
[220.5
13971 ?        S      0:00 sendmail: server 
adsl-68-78-96-184.dsl.emhril.amerite
13975 ?        S      0:00 sendmail: server anetrelay2f.authorize.net 
[64.94.119
13976 ?        S      0:00 sendmail: server 
adsl-68-22-242-184.dsl.bltnin.amerit
13977 ?        S      0:00 sendmail: server smtp108.tamsmtp.com [69.8.181.8] 
sta
13978 ?        S      0:00 sendmail: server 
AToulouse-152-1-28-176.w82-125.abo.w
13979 ?        S      0:00 sendmail: server ns.plus-ti.co.jp [60.32.0.82] 
startu
13980 ?        S      0:00 sendmail: server 
236.Red-81-32-72.pooles.rima-tde.net
13982 ?        S      0:00 sendmail: server [61.248.13.141] startup

More information about the MIMEDefang mailing list