[Mimedefang] mimedefang in endless loop (socketpair)

Kelson kelson at speed.net
Tue May 23 13:10:19 EDT 2006


Paul Murphy wrote:
> Tomasz,
> 
>> May 22 15:46:24 statek sendmail[14281]: k4MDkN1J014281:
>> 	from=<>, size=3019, class=0, nrcpts=0, proto=ESMTP, daemon=MTA,
>> 	relay=smtp11.wanadoo.fr [193.252.22.31]
>> May 22 15:46:24 statek sendmail[14281]: k4MDkN1J014281:
>> 	<l at batory.org.pl>... User unknown
> 
> Looks like normal activity - someone sending via the Wanadoo server in France
> is attempting to send you lots of mail for an unknown user, and your system
> is correctly processing them and returning the user unknown error.

On a side note, this could be backscatter from a forged spam run.  It's 
been a while since I looked into it, but as I recall, Wanadoo either 
generates bounce notices or does "sender verification" using the 
ill-conceived method of opening an SMTP transaction and dropping before 
data.

We see a lot of failed messages from <> to bunchofletters at speed.net 
coming from Wanadoo's servers.

-- 
Kelson Vibber
SpeedGate Communications <www.speed.net>



More information about the MIMEDefang mailing list